Extending XACML authorisation model to support policy obligations handling in distributed application

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Extending XACML authorisation model to support policy obligations handling in distributed application

Full text

Pdf (233 KB)

Source

Middleware Conference archive
Proceedings of the 6th international workshop on Middleware for grid computing table of contents

Leuven, Belgium

Article No. 5

Year of Publication: 2008

ISBN:978-1-60558-365-5

Authors

Yuri Demchenko	University of Amsterdam, Amsterdam
Oscar Koeroo	NIKHEF, Kruislaan, Amsterdam
Cees de Laat	University of Amsterdam, Amsterdam
Hakon Sagehaug	BCCS, UNIFOB AS, Bergen, Norway

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 7, Downloads (12 Months): 99, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1462704.1462709 What is a DOI?

ABSTRACT

The paper summarises the recent developments and discussions in the Grid and networking security community to build interoperable and scalable authorisation infrastructure for distributed applications. The paper provides a short overview of the XACML policy format and policy obligations definition in the XACML specification. The paper analyses the basic use cases for obligations in computer Grids and on-demand network resource provisioning abstracted to the general complex resource provisioning (CRP) model to identify major requirements and functionalities in obligations handling that further is proposed as a Reference Model for Obligations Handling (OHRM). The paper refers to ongoing implementations of the policy obligations interoperability and handling framework in such project as EU funded projects EGEE and Phosphorus and the proposed XACML policy and attributes profiles for Grid and network resource provisioning.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	"eXtensible Access Control Markup Language (XACML) Version 2.0, OASIS Standard", 1 February 2005. {Online}. Available: http://docs.oasis-open.org/xacml/2.0/access_ control-xacml-2.0-core-spec-os.pdf
	2	Nicodemos Damianou , Naranker Dulay , Emil Lupu , Morris Sloman, The Ponder Policy Specification Language, Proceedings of the International Workshop on Policies for Distributed Systems and Networks, p.18-38, January 29-31, 2001
	3	ITU-T Rec. X.812 (1995) \| ISO/IEC 10181-3:1996, Information technology - Open systems interconnection - Security frameworks in open systems: Access control framework. {Online}. Available: http://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.812-199511-I!!PDF-E&type=items
	4	RFC 2904 - "AAA Authorization Framework" J. Vollbrecht, P. Calhoun, S. Farrell, L. Gommans, G. Gross, B. de Bruijn, C. de Laat, M. Holdrege, D. Spence, August 2000 - ftp://ftp.isi.edu/in-notes/rfc2904.txt
	5	Yuri Demchenko , Leon Gommans , Cees de Laat, Using SAML and XACML for Complex Authorisation Scenarios in Dynamic Resource Provisioning, Proceedings of the The Second International Conference on Availability, Reliability and Security, p.254-262, April 10-13, 2007 [doi>10.1109/ARES.2007.157]
	6	AAA Architectures for multi-domain optical networking scenario's, Phosphorus Project Deliverable D4.1, September 2007. {Online} Available: http://www.ist-phosphorus.eu/files/deliverables/Phosphorus-deliverable-D4.1.pdf
	7	Support for advance reservations in scheduling, Phosphorus Project Deliverable D5.4, September 2007. {Online} Available: http://www.ist-phosphorus.eu/files/deliverables/Phosphorus-deliverable-D5.4.pdf
	8	Yuri Demchenko , Leon Gommans , Cees de Laat, Using SAML and XACML for Complex Resource Provisioning in Grid Based Applications, Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, p.183-187, June 13-15, 2007 [doi>10.1109/POLICY.2007.48]
	9	OGSA Authorization WG (OGSA-AUTHZ-WG) {Online}. https://forge.gridforum.org/projects/ogsa-authz
	10	Joint EGEE, OSG, Globus Authorization Interoperability Working Group {Online}. http://home.fnal.gov/~garzogli/privilege/AuthZInterop/info.html
	11	An XACML Attribute and Obligation Profile for Authorization Interoperability in Grids. Joint EGEE, OSG, and Globus document. {Online}. https://edms.cern.ch/document/929867/1
	12	XACML Authorisation Interoperability profile for Network Resource Provisioning (XACML-NRP). {Online}. http://staff.science.uva.nl/~demch/projects/aaauthreach/draftinterop-xacml-nrp-profile-02.pdf
	13	SAML 2.0 Profile of XACML 2.0, Version 2. Working Draft 2, 26 June 2006. {Online}. Available: http://docs.oasisopen.org/xacml/2.0/xacml-2.0-profile-saml2.0-v2.zip
	14	"Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0", OASIS Standard, 15 March 2005. {Online}. Available: http://docs.oasisopen.org/security/saml/v2.0/saml-core-2.0-os.pdf
	15	AAAuthreach Project Information Page {Online}. http://staff.science.uva.nl/~demch/projects/aaauthreach/
	16	OpenSAML Project. {Online}. https://spaces.internet2.edu/display/OpenSAML/Home
	17	GT 4.0: Security: Authorization Framework. {Online}. Available: http://www.globus.org/toolkit/docs/4.2/4.2.1/security/wsaajava/pdp/wsaajava-pdp-XACMLAuthzCallout.html