论文信息 - An authentication and authorization system for virtual organizations

An authentication and authorization system for virtual organizations

As more businesses engage in globalization, inter-organizational collaborative computing grows in importance. In order to effectively participate in modem collaborations, member organizations must be able to share specific data and functionality with collaboration partners, while ensuring that their resources are safe from inappropriate access. This requires access control models, policies, and enforcement mechanisms for collaboration resources. This paper describes a mechanism that can exchange user's authentication and authorization information between independent organizations in a secured way, and how this mechanism can be used to carry out the privilege management for virtual organization. The basic principle is that a user is authenticated locally at his origin site, and the origin site creates a handle to be used to retrieve attributes about the user for the resource provider. According to the user's handle, the resource provider sends an attribute request to the user's attribute authority. The attribute authority then issues a X.509 attribute certificate that holds the user's attributes and sends it back to the requester. The resource provider then provides required services to the user based on his privileges. A prototype called Cross Security Access Control Framework (CSACF) has been developed.

Christoph Meinel | Wei Zhou | Vinesh Raja

[1] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[2] Russ Housley,et al. An Internet Attribute Certificate Profile for Authorization , 2002, RFC.

[3] Ian T. Foster,et al. The Community Authorization Service: Status and Future , 2003, ArXiv.

[4] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[5] E. F. Michiels,et al. ISO/IEC 10181-4:1995 Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework , 1996 .

[6] Ákos Frohner,et al. VOMS, an Authorization System for Virtual Organizations , 2003, European Across Grids Conference.

[7] Christoph Meinel,et al. Implement role based access control with attribute certificates , 2004, The 6th International Conference on Advanced Communication Technology, 2004..

[8] Ramaswamy Chandramouli,et al. The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[9] Ian T. Foster,et al. A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.