In most existing systems, authorization is speciied using some low-level system-speciic mechanisms, e.g., protection bits, capabilities and access control lists. We argue that authorization is an independent semantic concept that must be separated from implementation mechanisms and given a precise semantics. We propose a logical approach to representing and evaluating authorization. Speciically...

Grid computing has received widespread attention in recent years as a significant new research field. Yet to date, there has been only a limited work on the grid system authorization problem. In this paper, we address the authorization problem and its requirements in a grid system environment. We propose a new integrated authorization service that tackles the authorization problem at two levels...

Real-world applications routinely make authorization decisions based on dynamic computation. Rea-soning about dynamically computed authority is challenging. Integrity of the system might be compro-mised if attackers can improperly influence the authorizing computation. Confidentiality can also becompromised by authorization, since authorization decisions are often based on sensitive...

Access control is a critical functionality in distributed systems. Services and resources must be protected from unauthorized access. The prevalent practice is that service specific policies reside at the services and govern the access control. It is hard to keep distributed authorization policies consistent with the global security policy of an organization. A recent trend is to unify the diff...

While much of the Grid security community has focused on developing new authorization systems, the real challenge is often integrating legacy authorization systems with Grid software. The existing authorization system might not understand Grid authentication, might not scale to Grid-level usage, might not be able to understand the operations that are requested to be authorized, and might requir...

This paper proposes an authorization architecture for Web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorization of Web services as well as the support for the management of authorization information. The paper also describes authorization algorithms required to authorize a Web service client. Th...