Policy Based Access Control in Dynamic Grid-based Collaborative Environment

Demchenko, Yuri; Gommans, Leon; Tokmakoff, Andrew; Buuren, R. van

doi:10.1109/cts.2006.59

Cited by 28 publications

(16 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Toninelli et al [15] present an approach towards combining rule-based and ontology-based policies in pervasive environments. Demchenko et al [16] propose an access control model and mechanism for grid-based collaborative applications. Massa et al [17] use the dataset from Epinions.com to do computational experiments on employing global versus local trust metrics.…”

Section: Background and Related Workmentioning

confidence: 99%

An Annotation-Based Access Control Model and Tools for Collaborative Information Spaces

Nasirifard

Peristeras

Decker

2008

Emerging Technologies and Information Systems for the Knowledge Society

View full text Add to dashboard Cite

Abstract. We present an Annotation-Based Access Control model supported by a Collaboration Vocabulary (CoVoc) as a more flexible and user-centric access control approach in social platforms and shared workspaces. We present also briefly two SOA-based tools for enabling our approach: Uncle-Share is a gadget that provides annotation-based access control for bookmarks and uses CoVoc for annotating collaborative relationships. Who-With-Whom uses also CoVoc and visualizes extended social networks in order to help users to select the appropriate contacts to grant access to resources.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

An Annotation-Based Access Control Model and Tools for Collaborative Information Spaces

Nasirifard

Peristeras

Decker

2008

Emerging Technologies and Information Systems for the Knowledge Society

View full text Add to dashboard Cite

show abstract

“…The University of Amsterdam's Advanced Internet Research group has published a number of papers describing both the networking and the AAA issues for such a system, including [13] [14] [9] . They are using the IETF AAA Framework [27], and use the OASIS eXtensible Access Control Markup Language (XACML) Version 2 to describe policy.…”

Section: A Related Workmentioning

confidence: 99%

Intra and Interdomain Circuit Provisioning Using the OSCARS Reservation System

Guok

Robertson

Thompson

et al. 2006

2006 3rd International Conference on Broadband Communications, Networks and Systems

101

View full text Add to dashboard Cite

Abstract-With the advent of service sensitive applications such as remote controlled experiments, time constrained massive data transfers, and video-conferencing, it has become apparent that there is a need for the setup of dynamically provisioned, quality of service enabled virtual circuits. The ESnet On-Demand Secure Circuits and Advance Reservation System (OSCARS) is a prototype service enabling advance reservation of guaranteed bandwidth secure virtual circuits.OSCARS operates within the Energy Sciences Network (ESnet), and has provisions for interoperation with other network domains. ESnet is a high-speed network serving thousands of Department of Energy scientists and collaborators worldwide. OSCARS utilizes the Web services model and standards to implement communication with the system and between domains, and for authentication, authorization, and auditing (AAA). The management and operation of end-to-end virtual circuits within the network is done at the layer 3 network level. Multi-Protocol Label Switching (MPLS) and the Resource Reservation Protocol (RSVP) are used to create the virtual circuits or Label Switched Paths (LSP's). Quality of Service (QoS) is used to provide bandwidth guarantees.This paper describes our experience in implementing OSCARS, collaborations with other bandwidth-reservation projects (including interdomain testing) and future work to be done.

show abstract

“…After the positive AuthZ/PDP decision, the AuthZ session can be created and AuthZ ticket generated containing reservation ID and full AuthZ session context. In consequent service/resource requests, if the AuthZ ticket is presented, the request can be evaluated by the PEP (locally, without consulting slower request evaluation with the PDP) and access granted based on matching between the AuthZ ticket and presented Requestor's credentials [2,7].…”

Section: Security Infrastructure Requirements In Vl/crp-ucmentioning

confidence: 99%

“…Currently typical Grid-based Collaborative Environment (GCE) is created as project or experiment oriented and relies on previously established and offline maintained trust relations between participating members [2]. To become truly open collaborative environment and ensure the same level of security and privacy (to user data protection) as personal or organisation owned systems, the virtual workspace provisioning should rely on the multiplayer security model of the generalised user controlled Complex Resource Provisioning (CRP-UC) [3].…”

Section: Introductionmentioning

confidence: 99%