L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke, "A community authorization service for group collaboration," in POLICY '02: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02). Washington, DC, USA: IEEE Computer Society, 2002, p. 50.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....role) information. Users and applications will belong to a Virtual Organisation (VO) or a subgroup, thus inheriting the privileges of this VO or VO subgroup and assuming a certain role. Authentication will also be handled by third party tools such as the Community Authorisation Service (CAS) [20]. Within the EU Data Grid project a Virtual Organisation Membership Service (VOMS) is currently under development, which will provide the above mentioned membership information embedded in the user s proxy certificate. 3.6.3 Delegated Rights Following the authorisation process, the RMS acts on ....

L. Pearlman, Von Welch, I. Foster, C. Kesselmand, and S. Tuecke. A Community Authorization Service for Group Collaboration. In Policy 2002.

....application and network level constraints each of which are expressed in terms meaningful only within their respective domains. It is this latter use that motivated the use of a general trust management system like dRBAC as opposed to existing grid security architectures such as GSI [10] or CAS [19]. Cross domain authentication and authorization The security requirements of PSF are described as follows. Clients requesting access to an interface must first be authenticated and then authorized to receive an appropriate level of service. In particular, the planing module takes into ....

....local to the service s domain. Instantiated components receive their own set of credentials permitting use of similar mechanisms for servicing their requests. The trust management solution to cross domain authentication and authorization generalizes the approach adopted in Globus like systems [10, 19], which rely on the translation between a system wide grid credential (virtual organization level credential in CAS) and local accounts to authorize and enforce security policy for client requests. Our approach offers advantages of scalability (multiple policy roots are permitted) easier ....

[Article contains additional citation context not shown here]

L. Pearlman at el. A Community Authorization Service for Group Collaboration. In IEEE Workshop on Policies for Distributed Systems and Networks, 2002.

....storage devices like smart cards is possible but not very common. The GSI has no direct support for group communication and collaboration. Group relationships need to be established at the lower layer resource security mechanisms. Current work on the Community Authorization Service (CAS) [WEL01] (see section 3.4.5) is aimed at improving group collaboration support. The ability to restrict proxy certificates is an integral part of this approach. 3.4.2 The CRISIS Wide Area Security Architecture CRISIS [BEL98] is the security subsystem of WebOS, a wide area operating system with the goal ....

Welch, V., Pearlman, L., Foster, I., Kesselman, C., Tuecke, S., "A Community Authorization Service for Group Collaboration", 2002 IEEE Workshop on Policies for Distributed Systems and Networks

....and provide the necessary means to only assign a set of minimal rights for many types of resource access. Another approach to circumvent the expressiveness limitation is to perform authorization in the application code that serves a user request as done in the Community Authorization Service CAS [32]. CAS implemented the Generic Authorization and Access Control API [31] which enables an application (e.g. a ftp server) to make fine grained authorization decisions for resource access based on the applicable policy. This approach has the disadvantage that legacy services can no longer be used ....

L. Pearlman et al., "A Community Authorization Service for Group Collaboration", submitted, 2002 IEEE Workshop on Policies for Distributed Systems and Networks, http://www.globus.org/Security/CAS, 2001-01-10

....can be mixed by switches and shifts, in arbitrary permutations, as depicted in Figure 6.4. Direct Response switch. Figure 6.4 a) Starting from the agent, Routed Response is used initially. The central node ( football ) receives a query Even though trust delegation technologies exist [92], they do not scale to a significant number of autonomous parties, let al..one parties that dynamically join and leave. The problem is how to enable practical establishment and administration of direct and indirect trust relationships. ########## ########## Figure 6.4: Response Mode Switches and ....

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A Community Authorization Service for Group Collaboration. In IEEE 3rd Int. Workshop on Policies for Distributed Systems and Networks (submitted), 2001.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, S. Tuecke. A Community Authorization Service for Group Collaboration. Submitted to IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2001. http://www.globus.org/research/papers/CAS_2002_Submitted.pdf

No context found.

Pearlman, L., Welch, V., Foster, I., Kesselman, C. and Tuecke, S., A Community Authorization Service for Group Collaboration. IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke, "A Community Authorization Service for Group Collaboration," IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

Pearlman, L., Welch, V., Foster, I., Kesselman, C. and Tuecke, S., A Community Authorization Service for Group Collaboration. IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community authorization service for group collaboration. In The IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, June 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke, "A Community Authorization Service for Group Collaboration.," presented at IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

....nor individuals. We report here on the configuration details for the CAS database and the Globus Gatekeeper and on how this general approch could be formalized and extended to meet the clear needs of LHC experiments using the Grid. 2. OVERVIEW OF CAS The Community Authorization Service (CAS) 8][9] is a system developed by the Globus Project to allow virtual organizations (VOs) to flexibly and expressibly authorize access to resources and data in large distributed Grids. Since the introduction of CAS in March of 2002, CAS has undergone significant changes based on requirements feedback from ....

....users (i.e. members of the group) and that the these multiple users can then use these rights to access resources equally. For simplicity, we chose to grant access to file resources via GSIFTP for our tests. 4.2. CAS Credential Changes 4.2.1. Credential Contents Detailed fully in [8] and [9], the purpose of a CAS server is to authenticate users as a member of a VO and issue to them a cryptographically signed assertion that allows the user to assert to third parties that the user is a VO member and what their rights should be in regards to VO policy. In the current CAS prototype [3] ....

Pearlman, L., Welch, V., Foster, I., Kesselman, C. and Tuecke, S., A Community Authorization Service for Group Collaboration. IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

....the full rights of the bear of the EEC that issued it. This delegation can be restricted through the use of a policy embedded in the proxy certification, as we discuss in the CAS implementation in the following section. 4.2. Initial CAS Prototype Our initial CAS prototype [4] as described in [17], was released in March 2002. This implementation includes a CAS server, appropriate administration and user clients, and a GridFTP server [1] modified to understand and honor CAS credentials. The implementation uses the pyGlobus toolkit [16] to facilitate implementation using Python. This ....

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A Community Authorization Service for Group Collaboration. IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

....is then transferred to its final destination. The computation is performed on resources allocated to a community of users. However, for security reasons, the computation is not performed using a group account, but rather, a temporary account is dynamically created for the computation (In [30], we describe a community authorization service which can be used to authorize activities on behalf of a user community) In Figure 4, TSLA1 represents a temporary user account, such as might be established by a resource for a client who is authorized through a Community Authorization Service. ....

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community authorization service for group collaboration. In The IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, June 2002.

....now summarize requirements that must be met by a global replica index node (RLI) Secure remote access. AN RLI must support remote access and must implement the Grid Security Infrastructure (GSI) 14] for authentication, integrity and confidentiality; accept Community Authorization Server (CAS) [23] capabilities; and implement local access control over its contents. State propagation. It must accept periodic inputs from LRCs describing their state. If the RLI already contains an LFN entry associated with the LRC, then the existing information is updated or replaced. Otherwise, the index ....

Pearlman, L., Welch, V., Foster, I., Kesselman, C. and Tuecke, S. A Community Authorization Service for Group Collaboration. Globus Project, 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke, "A community authorization service for group collaboration," in POLICY '02: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02). Washington, DC, USA: IEEE Computer Society, 2002, p. 50.

No context found.

Laura Pearlman, Von Welch, Ian Foster, Carl Kesselman, and Steve Tuecke. A community authorization service for group collaboration. In IEEE Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke, "A Community Authorization Service for Group Collaboration," in IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, Monterey CA, USA, 5-7 June 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke, "A Community Authorization Service for Group Collaboration", In proceedings, 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY '02), Monteray, California, U.S.A. June 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community authorization service for group collaboration. In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community authorization service for group collaboration. In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S. (2002), `A Community Authorization Service for Group Collaboration', Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

Pearlman, L., Welch, V., Foster, I., Kesselman, C., and Tuecke, S., A community authorization service for group collaboration, Proc. of the IEEE third International Workshop on Policies for Distributed Systems and Networks, 50--59, 2002.

No context found.

Laura Pearlman, Von Welch, Ian Foster, Carl Kesselman, and Steven Tuecke. A Community Authorization Service for Group Collaboration. In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, June 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community authorization service for group collaboration. In IEEE Workshop on Policies for Distributed Systems and Networks, 2002. submitted.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke, "A community authorization service for group collaboration," in Procs. of Policies for Distributed Systems and Networks International Workshop, POLICY 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, S. Tuecke. "A Community Authorization Service for Group Collaboration," IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, S. Tuecke, A Community Authorization Service for Group Collaboration. In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, S. Tuecke, "A Community Authorization Service for Group Collaboration", Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, K. Kesselman and S. Tuecke, A Community Authorization Service for Group Collaboration, IEEE Workshop on Policies for Distributed Systems and Networks (2002).

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community authorization service for group collaboration. In Proc. of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, Monterey, California, pages 50--59, June 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community authorization service for group collaboration. In Procs. of POLICY workshop. 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community authorization service for group collaboration. In Procs. of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks. 2002.

No context found.

Laura Pearlman, Von Welch, Ian Foster, Carl Kesselman, and Steven Tuecke. A Community Authorization Service for Group Collaboration. In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2001.

No context found.

L. Pearlman et al, "A Community Authorization Service for Group Collaboration", 2002 IEEE Workshop on Policies for Distributed Systems and Networks

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community authorization service for group collaboration. In Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks, pages 50--59. IEEE, 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman and S. Tuecke, "A Community Authorization Service for Group Collaboration", Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, p.0050, Monterey, CA, 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A Community Authorization Service for Group Collaboration. Proceedings of IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community authorization service for group collaboration. In Procs. of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks. 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, and C. Kesselman, "A Community Authorization Service for Group Collaboration," Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, S. Tuecke. A Community Authorization Service for Group Collaboration. Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community authorization service for group collaboration. In Procs. of Policies for Distributed Systems and Networks International Workshop, POLICY 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A Community Authorization Service for Group Collaboration. In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2001.

No context found.

Laura Pearlman, Von Welch, Ian Foster, and Carl Kesselman. A Community Authorization Service for Group Collaboration, 2002. IEEE 3rd International Workshop on Policies for Distributed Systems and Networks.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, S. Tuecke. "A Community Authorization Service for Group Collaboration". Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.

No context found.

Laura Pearlman, Von Welch, Ian Foster, Carl Kesselman, and Steven Tuecke. A Community Authorization Service for Group Collaboration. In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, June 2002.

No context found.

Laura Pearlman, Von Welch, Ian Foster, Carl Kesselman, and Steven Tuecke. A Community Authorization Service for Group Collaboration. In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, June 2002.

No context found.

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community authorization service for group collaboration. In Procs. of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks. 2002.

No context found.

L. Pearlman et al., "A Community Authorization Service for Group Collaboration", submitted to the 2002 IEEE Workshop on Policies for Distributed Systems and Networks, http://www.globus.org/Security/CAS/CAS_2002_Submitted.pdf

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC