- Multi-domain authorization for e-Infrastructures
- Award date
- 2 December 2014
- Number of pages
- Document type
- PhD thesis
- Faculty of Science (FNWI)
- Informatics Institute (IVI)
The overall objective of this thesis is to study what is needed to create a multi-domain authorization system, allowing applications to access e-Infrastructure resources. A multi-domain authorization system allows different autonomous providers to chain their services automatically to create an end-to-end service, whilst retaining the ability to define their own access policies. The research was performed in the context of e-Science communities that use infrastructures at global scale, which capture, process, transport, store, visualise, etc. large amounts of scientific data. Such infrastructures became known as e-Infrastructures.
The study contributes to the understanding of what is needed by defining two frameworks and an authorization architecture. The first framework provides a way to articulate authorization scenarios; the second framework helps to understand the role of trust within authorization systems. A generic authorization architecture was defined as a way to help guide the solution design of an authorization system. The generic architecture was validated in collaboration with pioneering Internet research organisations to show its applicability.
To allow authorization transaction to happen, involved parties must trust each other. To be trusted in a chain, each service provider must know that any policy rule it executes is correct. Such trust emerges from a common set of rules that may need to be enforced depending on the risk involved.
The research on the second framework indicates that the complexity of an authorization system can decrease if organisational trust and power is considered along with its design, allowing the use of simple tokens.
- Research conducted at: Universiteit van Amsterdam
If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the material inaccessible and/or remove it from the website. Please Ask the Library, or send a letter to: Library of the University of Amsterdam, Secretariat, Singel 425, 1012 WP Amsterdam, The Netherlands. You will be contacted as soon as possible.