53,524 research outputs found
Distributed Access Control for Web and Business Processes
Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes
Security for Grid Services
Grid computing is concerned with the sharing and coordinated use of diverse
resources in distributed "virtual organizations." The dynamic and
multi-institutional nature of these environments introduces challenging
security issues that demand new technical approaches. In particular, one must
deal with diverse local mechanisms, support dynamic creation of services, and
enable dynamic creation of trust domains. We describe how these issues are
addressed in two generations of the Globus Toolkit. First, we review the Globus
Toolkit version 2 (GT2) approach; then, we describe new approaches developed to
support the Globus Toolkit version 3 (GT3) implementation of the Open Grid
Services Architecture, an initiative that is recasting Grid concepts within a
service oriented framework based on Web services. GT3's security implementation
uses Web services security mechanisms for credential exchange and other
purposes, and introduces a tight least-privilege model that avoids the need for
any privileged network service.Comment: 10 pages; 4 figure
Machine-Readable Privacy Certificates for Services
Privacy-aware processing of personal data on the web of services requires
managing a number of issues arising both from the technical and the legal
domain. Several approaches have been proposed to matching privacy requirements
(on the clients side) and privacy guarantees (on the service provider side).
Still, the assurance of effective data protection (when possible) relies on
substantial human effort and exposes organizations to significant
(non-)compliance risks. In this paper we put forward the idea that a privacy
certification scheme producing and managing machine-readable artifacts in the
form of privacy certificates can play an important role towards the solution of
this problem. Digital privacy certificates represent the reasons why a privacy
property holds for a service and describe the privacy measures supporting it.
Also, privacy certificates can be used to automatically select services whose
certificates match the client policies (privacy requirements).
Our proposal relies on an evolution of the conceptual model developed in the
Assert4Soa project and on a certificate format specifically tailored to
represent privacy properties. To validate our approach, we present a worked-out
instance showing how privacy property Retention-based unlinkability can be
certified for a banking financial service.Comment: 20 pages, 6 figure
Privacy-Preserving Trust Management Mechanisms from Private Matching Schemes
Cryptographic primitives are essential for constructing privacy-preserving
communication mechanisms. There are situations in which two parties that do not
know each other need to exchange sensitive information on the Internet. Trust
management mechanisms make use of digital credentials and certificates in order
to establish trust among these strangers. We address the problem of choosing
which credentials are exchanged. During this process, each party should learn
no information about the preferences of the other party other than strictly
required for trust establishment. We present a method to reach an agreement on
the credentials to be exchanged that preserves the privacy of the parties. Our
method is based on secure two-party computation protocols for set intersection.
Namely, it is constructed from private matching schemes.Comment: The material in this paper will be presented in part at the 8th DPM
International Workshop on Data Privacy Management (DPM 2013
Comparison of advanced authorisation infrastructures for grid computing
The widespread use of grid technology and distributed compute power, with all its inherent benefits, will only be established if the use of that technology can be guaranteed efficient and secure. The predominant method for currently enforcing security is through the use of public key infrastructures (PKI) to support authentication and the use of access control lists (ACL) to support authorisation. These systems alone do not provide enough fine-grained control over the restriction of user rights, necessary in a dynamic grid environment. This paper compares the implementation and experiences of using the current standard for grid authorisation with Globus - the grid security infrastructure (GSI) - with the role-based access control (RBAC) authorisation infrastructure PERMIS. The suitability of these security infrastructures for integration with regard to existing grid technology is presented based upon experiences within the JISC-funded DyVOSE project
Global Grids and Software Toolkits: A Study of Four Grid Middleware Technologies
Grid is an infrastructure that involves the integrated and collaborative use
of computers, networks, databases and scientific instruments owned and managed
by multiple organizations. Grid applications often involve large amounts of
data and/or computing resources that require secure resource sharing across
organizational boundaries. This makes Grid application management and
deployment a complex undertaking. Grid middlewares provide users with seamless
computing ability and uniform access to resources in the heterogeneous Grid
environment. Several software toolkits and systems have been developed, most of
which are results of academic research projects, all over the world. This
chapter will focus on four of these middlewares--UNICORE, Globus, Legion and
Gridbus. It also presents our implementation of a resource broker for UNICORE
as this functionality was not supported in it. A comparison of these systems on
the basis of the architecture, implementation model and several other features
is included.Comment: 19 pages, 10 figure
The PERMIS X.509 Based Privilege Management Infrastructure
This document describes the PERMIS X.509 Based Privilege Management Infrastructure, which is a trust management system as described in RFC 2704 [2]. The PERMIS Infrastructure is compared with the AAA Authorisation Framework described in RFC 2904 [4], and is shown to be compatible with it
WS-ARC service configuration manual
The central component of AR
- …