In "Grids" and "collaboratories," we find distributed communities of resource providers and resource consumers, within which often complex and dynamic policies govern who can use which resources for which purpose. We propose a new approach to the representation, maintenance, and enforcement of such policies that provides a scalable mechanism for specifying and enforcing these policies. Our approach allows resource providers to delegate some of the authority for maintaining fine-grained access control policies to communities, while still maintaining ultimate control over their resources. We also describe a prototype implementation of this approach and an application in a data management context.
References, listed in Section 8, are sorted into normative and information references. Normative references, listed in Section 8.1, are in the form [nXX]. Informative references, listed in Section 8.2, are in the form [iXX]. Section contains acknowledgements. Following Section 9, contains the Appendix, the contact information for the authors, the intellectual property information, and the copyright information for this document.
SUMMARYThe MyProxy online credential repository has been used by the grid computing community for over four years for managing security credentials in the grid public key infrastructure. MyProxy improves usability by giving users access to their credentials over the network using password authentication, allowing users to delegate their credentials via web browser interfaces to the grid, and supporting credential renewal for long-running jobs. MyProxy helps administrators secure users' private keys by providing an online service from which users retrieve short-lived credentials without distributing long-lived keys to potentially vulnerable end-systems. This paper describes the MyProxy system and its use.key words: grid computing, credential management, public key infrastructure, virtual smart card
In this document we describe our work-in-progress for enabling fine-grain authorization of resource management. In particular we address the needs of Virtual Organizations (VOs) to enforce their own polices in addition to those of the resource owners 1 .
Science gateways have emerged as a concept for allowing large numbers of users in communities to easily access high-performance computing resources which previously required a steep learning curve to utilize. In order to reduce the complexity of managing access for these communities, which can often be large and dynamic, the concept of community accounts is being considered. This paper proposes a security model for community accounts, organized by the four As of security: Authentication, Authorization, Auditing and Accounting.A AAAA MODEL ‡ We could envision larger communities taking a lead role, but we believe that resource owners will continue to take the lead most often and so concentrate on that scenario.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.