论文信息 - A Dynamic Reconciliation Service of RBAC Policies for Virtual Organizations

A Dynamic Reconciliation Service of RBAC Policies for Virtual Organizations

Service-oriented applications are naturally linked to virtual organizations (VO) that are used as an effective means to support collaboration across multiple autonomous domains. Participating domains of a VO may change their authorization policies for many reasons, which can bring conflicts to the VO's authorization policies and lead to unavailability of shared resources. In this paper, an adaptive policy reconciliation framework for VOs is proposed, which can dynamically keep VO's authorization polices consistent with changed local policies in order to maintain the availability of shared resources. And we present algorithms on how to revise VO's policies to conform to domain policies, and discuss their effectiveness.

Yanbo Han | Baohua Shan | Weiqun Sun

[1] Ninghui Li,et al. On mutually-exclusive roles and separation of duty , 2004, CCS '04.

[2] David W. Chadwick. Delegation Issuing Service , 2005 .

[3] Gail-Joon Ahn,et al. Role-based authorization constraints specification , 2000, TSEC.

[4] Ian T. Foster,et al. A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[5] Sun Wei. A Role-Based Delegation Access Control Model for Virtual Organization in Service Grid , 2006 .

[6] Ákos Frohner,et al. From gridmap-file to VOMS: managing authorization in a Grid environment , 2005, Future Gener. Comput. Syst..

[7] Mike Jackson,et al. Introduction to OGSA-DAI Services , 2004, SAG.

[8] Soon Myoung Chung,et al. Role-based access control for grid database services using the community authorization service , 2006, IEEE Transactions on Dependable and Secure Computing.

[9] Yanbo Han,et al. VINCA - A Visual and Personalized Business-Level Composition Language for Chaining Web-Based Services , 2003, ICSOC.

[10] Norman W. Paton,et al. The design and implementation of Grid database services in OGSA‐DAI , 2005, Concurr. Pract. Exp..