W. Johnston and C. Larsen. A use-condition centered approach to authenticated global capabilities: Security architectures for large-scale distributed collaboratory environments. Technical Report Technical Report 3885, Lawrence Berkeley National Laboratory, 1996.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....about new keys depends on the number of introduces and the degree to which they are trusted (quantized in PGP to three levels: fully trusted, partly trusted and untrusted) Some of the main problems with PGP are with key distribution 12 and management. The Use Condition Centered Approach [21] uses certificates for use conditions that are created by those responsible for the resources. This can only be used when the resource is simple enough to be described by useconditions, but in large systems there could be many types of access like read, write, execute etc. Delegation logics [29, ....

W. Johnston and C. Larsen. A use-condition centered approach to authenticated global capabilities: Security architectures for large-scale distributed collaboratory environments. Technical Report Technical Report 3885, Lawrence Berkeley National Laboratory, 1996.

....provided by the Globus Toolkit [5] Grid Security Infrastructure (GSI) 6] a widely used set of authentication and authorization mechanisms that address single sign on, delegation, and credential mapping issues that arise in VO settings. As compared to other authorization systems such as Akenti [7, 8] and Secure Virtual Enclaves [9] CAS provides mechanisms for distributing administration that are critical for solving the issues of scalability and flexibility. Neuman proposes but does not implement a similar idea [10] To date, we have applied CAS to one application, file access control. ....

....access, because the resource server never sees the private key. For highly sensitive applications where greater assurance of resource enforcement of community policy is required, a mechanism such as Law Governed Interaction [31] can be used to help assure this. 8 Related Work The Akenti system [7, 8] identifies a set of stakeholders with a resource, where each stakeholder is allowed to place restrictions on who and how the resource can be used. These restrictions are specified in terms of what attributes a user must possess in order to perform specific requests. If all stakeholders approve a ....

Johnston, W. and C. Larsen, A Use-Condition Centered Approach to Authenticated Global Capabilities: Security Architectures for Large-Scale Distributed Collaboratory Environments. 1996(3885).

....information about new keys depends on the number of introduces and the degree to which they are trusted (quantized in PGP to three levels: fully trusted, partly trusted and untrusted) Some of the main problems with PGP are with key distribution and management. The Use Condition Centered Approach [21] uses certi cates for use conditions that are created by those responsible for the resources. This can only be used when the resource is simple enough to be described by useconditions, but in large systems there could be many types of access like read, 12 write, execute etc. Delegation logics ....

W. Johnston and C. Larsen. A use-condition centered approach to authenticated global capabilities: Security architectures for large-scale distributed collaboratory environments. Technical Report Technical Report 3885, Lawrence Berkeley National Laboratory, 1996.

....within which rights are granted, such as current system load and maximum number of copies of a program to be run concurrently. This may not be sufficient for distributed applications. Our model allows fine grained control over the conditions. Both restricted proxies [6] and the use condition model [4] allow conditions and privilege attributes to be embedded in authorization credentials or certificates. These mechanisms can be readily integrated with the authorization model presented here: the restrictions or conditions caried in the proxy or certificate are evaluated by the GAA API in addition ....

W. Johnston and C. Larsen. A use-condition centered approach to authenticated global capabilities: Security architectures for large-scale distributed collaboratory environments. LBNL Report 38850.

....over networks defined to be insecure. In the longer term, we expect Globus (and hence RIO) to eliminate the requirement that a user have a local account at every site. Access control lists are one approach to authorization in this regime. Cryptographically signed use condition certificates [12] represent another promising approach. 4 Experimental Studies We report on experiments designed to determine the basic performance characteristics of RIO and to provide a preliminary evaluation of RIO s utility for applications. These experiments comprise a series of microbenchmarks similar to ....

W. Johnston and C. Larsen. A use-condition centered approach to authenticated global capabilities: Security architectures for large-scale distributed collaboratory environments. Technical Report 3885, LBNL, 1996.

....work. One major scalability issue that is not addressed is the number of users and resources. Clearly, other approaches to the establishment of global to local mappings will be required when the number of users and or resources are large: on example is the use condition approaches to authorization [13]. However, we believe the current approach can deal with this. We hope to develop the techniques described in this paper in four major directions: more flexible policy based access control mechanisms, based for example on use conditions [13] representation and implementation of interdomain access ....

....example is the use condition approaches to authorization [13] However, we believe the current approach can deal with this. We hope to develop the techniques described in this paper in four major directions: more flexible policy based access control mechanisms, based for example on use conditions [13]; representation and implementation of interdomain access control policies; secure group communication, building for example on work in the CLIQUES project [18] and delegation mechanisms to support scalability to large numbers of resources and users. Acknowledgments We gratefully acknowledge ....

W. Johnston and C. Larsen. A use-condition centered approach to authenticated global capabilities: Security architectures for large-scale distributed collaboratory environments. Technical Report 3885, LBNL, 1996.

No context found.

W. Johnston and C. Larsen. A use-condition centered approach to authenticated global capabilities: Security architectures for large-scale distributed collaboratory environments. Technical Report 3885, LBNL, 1996.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC