Using SAML and XACML for Complex Resource Provisioning in Grid Based Applications

Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI:10.1109/POLICY.2007.48

Y. Demchenko, L. Gommans, C. D. Laat

{"title":"Using SAML and XACML for Complex Resource Provisioning in Grid Based Applications","authors":"Y. Demchenko, L. Gommans, C. D. Laat","doi":"10.1109/POLICY.2007.48","DOIUrl":null,"url":null,"abstract":"This paper presents ongoing research and current results on the development of flexible access control infrastructure for complex resource provisioning (CRP) in Grid-based applications. The paper proposes a general CRP model and specifies major requirements to the Authorisation (AuthZ) service infrastructure to support multidomain CRP, focusing on two main issues - policy expression for complex resource models and AuthZ session support. The paper provides suggestions about using XACML and its special profiles to describe access control policies to complex resources and briefly describes proposed XML based AuthZ ticket format to support extended AuthZ session context. Additionally, the paper discusses what specific functionality can be added to the gLite Java Authorisation Framework (gJAF), to handle dynamic security context including AuthZ session support. The paper is based on experiences gained from major Grid based and Grid oriented projects such as EGEE, Phosphorus and GigaPort Research on Network.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"252 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/POLICY.2007.48","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

Abstract

This paper presents ongoing research and current results on the development of flexible access control infrastructure for complex resource provisioning (CRP) in Grid-based applications. The paper proposes a general CRP model and specifies major requirements to the Authorisation (AuthZ) service infrastructure to support multidomain CRP, focusing on two main issues - policy expression for complex resource models and AuthZ session support. The paper provides suggestions about using XACML and its special profiles to describe access control policies to complex resources and briefly describes proposed XML based AuthZ ticket format to support extended AuthZ session context. Additionally, the paper discusses what specific functionality can be added to the gLite Java Authorisation Framework (gJAF), to handle dynamic security context including AuthZ session support. The paper is based on experiences gained from major Grid based and Grid oriented projects such as EGEE, Phosphorus and GigaPort Research on Network.

查看原文本刊更多论文

在基于网格的应用程序中使用SAML和XACML进行复杂的资源配置

本文介绍了基于网格的应用中用于复杂资源配置(CRP)的灵活访问控制基础设施的研究进展和最新成果。本文提出了一个通用的CRP模型，并指定了支持多域CRP的授权(AuthZ)服务基础设施的主要要求，重点关注两个主要问题-复杂资源模型的策略表达和AuthZ会话支持。本文提供了使用XACML及其特殊配置文件来描述复杂资源的访问控制策略的建议，并简要描述了基于XML的AuthZ票证格式，以支持扩展的AuthZ会话上下文。此外，本文还讨论了哪些特定的功能可以添加到gLite Java授权框架(gJAF)中，以处理动态安全上下文，包括AuthZ会话支持。本文基于基于网格和面向网格的主要项目(如EGEE、磷和GigaPort网络研究)的经验。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)

自引率

0.00%

发文量