Extending XACML authorisation model to support policy obligations handling in distributed application

The paper summarises the recent developments and discussions in the Grid and networking security community to build interoperable and scalable authorisation infrastructure for distributed applications. The paper provides a short overview of the XACML policy format and policy obligations definition in the XACML specification. The paper analyses the basic use cases for obligations in computer Grids and on-demand network resource provisioning abstracted to the general complex resource provisioning (CRP) model to identify major requirements and functionalities in obligations handling that further is proposed as a Reference Model for Obligations Handling (OHRM). The paper refers to ongoing implementations of the policy obligations interoperability and handling framework in such project as EU funded projects EGEE and Phosphorus and the proposed XACML policy and attributes profiles for Grid and network resource provisioning.

[1]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[2]  Leon Gommans,et al.  AAA Authorization Framework , 2000, RFC.

[3]  Leon Gommans,et al.  Using SAML and XACML for Complex Resource Provisioning in Grid Based Applications , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[4]  Leon Gommans,et al.  Using SAML and XACML for Complex Authorisation Scenarios in Dynamic Resource Provisioning , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[5]  E. F. Michiels,et al.  ISO/IEC 10181-4:1995 Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework , 1996 .