Managing Access to Service Providers in Federated Identity Environments: A Case Study in a Cloud Storage Service

© 2015 IEEE. Currently the diversity of services, which are adhering to Identity Federation, has raised new challenges in the area. Increasingly, service providers need to control the access to their resources by users from the federation as, even though the user is authenticated by the federation, its access to resources cannot be taken for granted. Each Service Provider (SP) of a federation implements their own access control mechanism. Moreover, SPs might need to allow different access control granularity. For instance, all users from a particular Identity Provider (IdP) may access the resources due to some financial agreement. On the other hand, it might be the case that only specific users, or groups of users, have access to the resources. This paper proposes a solution to this problem through a hierarchical authorization system. Our approach, which can be customized to different SPs, allows the SP administrator to manage which IdPs, or users, have access to the provided resources. In order to demonstrate the feasibility of our approach, we present a case study in the context of a cloud storage solution

The creation of FRONTEX and the politics of institutionalisation in the EU external borders policy

In a context of high politicization, if not securitization, of asylum and migration in Europe, the European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the EU – also known under its acronym FRONTEX – was created in 2004. Its activities have drawn a significant amount of attention and have been heavily criticised by human rights and pro-migrant groups. In contrast with most of the literature on FRONTEX, which focuses on its activities, this article examines the institutional issues associated with the creation and the work of FRONTEX, that is, the reasons for which Member States chose to create an agency, rather than establish another form of cooperation, and the specific mechanisms that they have put in place to exercise control over the activities of the Agency. The article, which is theoretically informed by the literature on European agencies, unveils a complex institutionalisation process, characterised by the existence of various models for increased cooperation and political struggles amongst the actors involved in the policy-making process

Architecture for Provenance Systems

This document covers the logical and process architectures of provenance systems. The logical architecture identifies key roles and their interactions, whereas the process architecture discusses distribution and security. A fundamental aspect of our presentation is its technology-independent nature, which makes it reusable: the principles that are exposed in this document may be applied to different technologies

Advanced security infrastructures for grid education

This paper describes the research conducted into advanced authorization infrastructures at the National e-Science Centre (NeSC) at the University of Glasgow and their application to support a teaching environment as part of the Dynamic Virtual Organisations in e-Science Education (DyVOSE) project. We outline the lessons learnt in teaching Grid computing and rolling out the associated security authorisation infrastructures, and describe our plans for a future, extended security infrastructure for dynamic establishment of inter-institutional virtual organisations (VO) in the education domain