Administration of Grid resources is a time consuming and often tedious job. Most administrative requests are predictable, and in general, handling them requires knowledge of the local resources and ...the requester. In this paper we discuss a system to provide automated support for administrative requests, such as resource reservation and user account management. We propose using trust metrics to help judge the merits and suitability of each request. We outline how these metrics can be implemented using trust management techniques into a practical system we call GridAdmin.
With the growing interest in service-oriented architectures, achieving seamless interoperability between heterogeneous middleware technologies has become increasingly important. While much work ...investigating functional interoperability between different middleware architectures has been reported, little practical work has been done on providing a unified and or interoperable view of security between the different approaches. In this paper we describe how the Secure WebCom distributed architecture provides access control policy interoperability support between a number of middleware security architectures. Secure WebCom uses the KeyNote trust management system to help coordinate the trust relationships between the different middleware systems and their associated access control policies. Middleware authorisation policies can be encoded in terms of cryptographic certificates, and vice-versa. This provides a unified view of access control across heterogeneous middleware systems and also provides the basis for decentralised support of middleware access control policies.
Traditional trust management authorisation decisions for distributed technologies, are, in general, based on the history of the authorisations/computation to date. We consider this a pull ...authorisation strategy: the authorisation decision reflects the current and/or past authorisations. In this paper, we examine this pull strategy and propose an alternative form of authorisation in a distributed environment. Instead of 'pulling' the information required for the current authorisation decisions from the past, authorisation decisions are made to specify what will happen in the future. This strategy is called push authorisation. When a push decision is made, its result is pushed to just the relevant protection mechanisms. This approach allows the creation of distributed separation of duties policies, without requiring additional synchronisation between components in the execution. It allows present actions to inform future authorisation decisions, before those decisions must be made.
GridAdmin: decentralising grid administration using trust management Quillinan, T.B.; Clayton, B.C.; Foley, S.N.
Third International Symposium on Parallel and Distributed Computing/Third International Workshop on Algorithms, Models and Tools for Parallel Computing on Heterogeneous Networks,
2004
Conference Proceeding
Administration of grid resources is a time consuming and often tedious job. Most administrative requests are predictable, and in general, handling them requires knowledge of the local resources and ...the requester. In this paper we discuss a system to provide automated support for administrative requests, such as resource reservation and user account management. We propose using trust metrics to help judge the merits and suitability of each request. We outline how these metrics can be implemented using trust management techniques into a practical system we call GridAdmin.
Security in WebCom Quillinan, Thomas B.; Foley, Simon N.
Conference on Computer and Communications Security: Proceedings of the 2004 workshop on Secure web service; 29-29 Oct. 2004,
10/2004
Conference Proceeding
Supporting security in distributed systems is becoming more important with the ongoing work in grids, distributed middlewares and web services. Decentralised security architectures allow the ...stakeholders in these distributed computations, the providers of both compute resources and the applications executing on them, to have a say in how a computation progresses. One of the most important issues in creating authorisation policies is how the components of these distributed applications are named. Providing a consistent and flexible naming architecture allows more fine-grained and usable security policies to be created and enforced.This paper introduces the naming architecture for the WebCom system. This architecture supports the addressing of all required information, with as much precision as is needed to create sophisticated authorisation policies.
PDF
