ePubs
The open archive for STFC research publications
Home
About ePubs
Content Policies
News
Help
Privacy/Cookies
Contact ePubs
Full Record Details
Persistent URL
http://purl.org/net/epubs/work/33889
Record Status
Checked
Record Id
33889
Title
Multilayer Privilege Management for Dynamic Collaborative Scientific Communities
Contributors
D Chadwick
,
Theo Dimitrakos
,
Kerstin Kleese-Van Dam
,
D Mac Randal
,
Brian Matthews
,
A Otenko
Abstract
Rapid advancements in Grid Computing and the convergence of Grid and Web Services, and the development of infrastructures such as the Ecology GRID[ref] and NERC DataGrid[ref], bring about protocols and machine-processable message/document formats that will soon enable seamless and open application-application communication. This will bring about the prospect of ad hoc integration of systems across institutional boundaries to support collaborations that may last for a single transaction or evolve over many years. We will witness on-demand creation of dynamically-evolving, scalable Virtual Organisations (VO) spanning national and institutional borders, where the participating entities pool resources, capabilities and information to achieve common objectives. The data owners may want to apply varying conditions on access to their data, e.g. non-military personnel should only be given degraded versions of military sourced images, with different degradation filters applicable for different application domains. The data centres have to ensure the security and confidentiality of data and so has to control who can do what on their machines, e.g. who can carry out cross database correlations, or upload filters to be applied to images. The project, which is paying for the data access, wishes to control who is allowed to access the data and when. It needs to be able to define several authorization groups (e.g. corresponding to work packages) and specify what data is available to that group. The groups will have a specific lifetime, and individuals may join or leave the group during its lifetime, i.e. they are dynamic virtual organizations. The data centres need to take these different authorization policies and apply them for each of the actions and units of data being accessed. In this paper we outline a new project, DyCom, which seeks to combine the results of two European projects, Grasp and PERMIS, to provide an architecture to manage the complex privileges required in such scenarios. We will describe the mechanisms developed in these projects and show how they could be combined.
Organisation
CCLRC
,
BITD
,
ESC
,
ESC-DMG
Keywords
Enforcement
,
Grids
,
Trust
,
Privilege Management
,
Security
,
Datagrids
,
Policies
,
Authorisation
,
Biology
,
Role-based Access Control
Funding Information
Related Research Object(s):
Licence Information:
Language
English (EN)
Type
Details
URI(s)
Local file(s)
Year
Paper In Conference Proceedings
In UK Workshop on Grid Security Practice, Oxford, UK, 8-9 Jul 2004, (2004).
GridSecurityPract…ltilayerSecurity.pdf
2004
Showing record 1 of 1
Recent Additions
Browse Organisations
Browse Journals/Series
Login to add & manage publications and access information for OA publishing
Username:
Password:
Useful Links
Chadwick & RAL Libraries
SHERPA FACT
SHERPA RoMEO
SHERPA JULIET
Journal Checker Tool
Google Scholar