Abstract
This paper presents the results related to the development of a flexible domain-based access control infrastructure for distributed Grid-based Collaborative Environments and Complex Resource Provisioning. The paper proposes extensions to the classical RBAC model to address typical problems and requirements in the distributed hierarchical resource management such as: hierarchical resources policy administration, user roles/attributes management, dynamic security context and authorisation session management, and others. It describes relations between the RBAC and the generic AAA access control models and defines combined RBAC-DM model for domain-based access control management and suggests mechanisms that can be used in the distributed service-oriented infrastructure for security context management. The paper provides implementation details on the use of XACML for finegrained access control policy definition for domain based resources organisation and roles assignments in RBAC-DM. The paper is based on experiences gained from the major Grid-based and Grid-oriented projects in collaborative applications and complex resource provisioning.
Please use the following formal when citing this chapter: Demchenko. Y, Gommans, L., and de I.aal, C, 2007, in IFIP International Federation for Information Processing. Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H.. Eloff, M., Labuschagne, I.., ElolT, J., von Solms, R., (Boston: Springer), pp. 301–312.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Foster, I. et al (2006). The Open Grid Services Architecture, Version 1.5. Global Grid Forum. Retrieved October 30, 2006, from http://www.ggf.org/documents/GFD.80.pdf
“Web Services Architecture”. W3C Working Draft 8, August 2003. — http://www.w3.org/TR/ws-arch
Vollbrecht, J., P. Calhoun, S. Farrell, L. Gommans, G. Gross, B. de Bruijn, C. de Laat, M. Holdrege, D. Spence, “AAA Authorization Framework,” Informational RFC 2904, Internet Engineering Task Force, August 2000. ftp://ftp.isi.edu/in-notes/rfc2904.txt
RFC2903 — “ Generic AAA Architecture”, C. de Laat, G. Gross, L. Gommans, J. Vollbrecht, D. Spence, IETF Aug 2000, ftp://ftp.isi.edu/in-notes/rfc2903.txt
GFD.38 Conceptual Grid Authorization Framework and Classification. M. Lorch, B. Cowles, R. Baker, L. Gommans, P. Madsen, A. McNab, L. Ramakrishnan, K. Sankar, D. Skow, M. Thompson — http://www.ggf.org/documents/GWD-I-E/GFD-I.038.pdf
Demchenko, Y., L. Gommans, C. de Laat, A., van Buuren, R. Domain Based Access Control Model for Distributed Collaborative Applications“. Accepted, The 2nd IEEE International Conference on e-Science and Grid Computing.
Using SAML and XACML for Complex Authorisation Scenarios in Dynamic Resource Provisioning, by Demchenko Y., L. Gommans, C. de Laat. The Second International Conference on Availability, Reliability and Security (ARES 2007), April 10-13, 2007, Vienna. Accepted paper.
Sandhu, R. & Samarati, P., 1994. “Access Control: Principles and Practice“, IEEE Communication Magazine, September 1994, pp. 40–48.
Sandhu, R., Coyne, E. J., Feinstein, H. L. & Youman, C.E. 1996, “Role-Based Access Control Models”, IEEE Computer, February 1996, pp. 38–47.
Information Technology — Role Based Access Control, Document Number: ANSI/INCITS 359-2004, InterNational Committee for Information Technology Standards, 3 February 2004, 56 p.
ITU-T Rec. X.812(1995) ISO/IEC 10181-3:1996, Information technology — Open systems interconnection — Security frameworks in open systems: Access control framework.
Caelli W., Rhodes A., “Implementation of active role based access control in a collaborative environment“, http://www.isi.qut.edu.au/research/publications/technical/qutisrc-tr-1999-005.pdf
Thomas, R. K. 1997, “Team-based Access Control (TMAC): A Primitive for Applying Role-based Access Controls in Collaborative Environments”, Proceeding of the Second ACM Workshop on Role-Based Access Control, ACM, November 1997, pp. 13–19.
Park J.S., R Sandhu, “The UCONabc usage control model”, ACM Transaction on Information and System Security, 7(1), February 2004.
Xinwen Zhang, Masayuki Nakae, Michael J. Covington, and Ravi Sandhu, A Usagebased Authorization Framework for Collaborative Computing Systems, in the proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT), 2006.
Godik, S. et al, “extensible Access Control Markup Language (XACML) Version 2.0”, OASIS Working Draft 04, 6 December 2004, available http://www.docs.oasis-open.org/xacml/access_control-xacml-2_0-core-spec-cd-04.pdf
Demchenko, Y., L. Gommans, C. de Laat, A. Taal, A. Wan, O. Mulmo, “Using Workflow for Dynamic Security Context Management in Complex Resource Provisioning”, 7th IEEE/ACM International Conference on Grid Computing (Grid2006), Barcelona, September 28-30, 2006, pp. 72–79.
“Core and hierarchical role based access control (RBAC) profile of XACML v2.0”, OASIS Standard, 1 February 2005, available from http://www.docs.oasisopen.org/xacml/2.0/access_control-xacml-2.0-rbac-profilel-spec-os.pdf
“Hierarchical resource profile of XACML 2.0”, OASIS Standard, 1 February 2005, available from http://www.docs.oasis-open.org/xacml/access_control-xacml-2.0-hier_profile-spec-cd-Ol.pdf
“XACML 3.0 administrative policy,” OASIS Draft, 10 December 2005. [Online]. Available from http://www.docs.oasis-open.org/access_control.
Generic Authorization Authentication and Accounting. [Online], Available: http://www.science.uva.nl/research/air/projects/aaa
OGSA Authorization WG (OGSA-AUTHZ-WG). [Online]. Available: http://www.ogf.org/gf/group_info/view.php?group=ogsa-authz-wg
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Demchenko, Y., Gommans, L., de Laat, C. (2007). Extending Role Based Access Control Model for Distributed Multidomain Applications. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds) New Approaches for Security, Privacy and Trust in Complex Environments. SEC 2007. IFIP International Federation for Information Processing, vol 232. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72367-9_26
Download citation
DOI: https://doi.org/10.1007/978-0-387-72367-9_26
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72366-2
Online ISBN: 978-0-387-72367-9
eBook Packages: Computer ScienceComputer Science (R0)