- Policy Based Access Control in Dynamic Grid-based Collaborative Environment
- Book/source title
- The 2006 International Symposium on Collaborative Technologies and Systems, Las Vegas, May 14-18, 2006, Proceedings
- Pages (from-to)
- IEEE Computer Society
- Document type
- Conference contribution
- Faculty of Science (FNWI)
- Informatics Institute (IVI)
This paper describes the design and development of a flexible, customer-driven, security infrastructure for Gridbased Collaborative Environments. The paper proposes further development of the access control model built around a service or resource provisioning agreement (e.g., an experiment or project) that is used as a basis for an instant access control policy definition and virtual association of users and resources. Workflow management technology is considered as a solution for dynamic security context management during the lifetime of an experiment. The paper analyses the required functionality and suggests extensions to the generic AAA Authorisation framework in order to support complex collaboration scenarios in dynamic virtualised environments. The paper provides implementation details on the use of XACML for fine-grained access control policy definition for complex resources and team-based role management, and SAML for secure credentials exchange. In addition, the paper discusses how the Virtual Organisations (VO) concept can be used for experiment-based dynamic security association management. The proposed technical solutions are intended to be compatible and interoperable with the current implementation of the Grid security middleware in the Globus Toolkit and gLite. The paper is based on experiences gained from major Grid-based and Gridoriented projects in collaborative applications and complex resource provisioning.
If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the material inaccessible and/or remove it from the website. Please Ask the Library, or send a letter to: Library of the University of Amsterdam, Secretariat, Singel 425, 1012 WP Amsterdam, The Netherlands. You will be contacted as soon as possible.