Abstract
With the rapid development of the global information infrastructure, the use of virtual organization (VO) is gaining increasing importance as a model for building large-scale business information systems. The notion of VO is significant in that it could serve as a basic framework for implementing geographically distributed, cross-organizational application systems in a highly flexible manner. VO is generally composed of participants from different organizations driven by specific tasks. In order to control both participation and access to shared resources, authorization is essential in VO. However, authorization in VO is challenging because of the dynamic and distributed nature of VO; thus requiring mechanisms that are efficient, scalable and being able to handle complex access control policies. This paper analyzes the requirement of authorization services for VO and proposes the use of threshold scheme as a basic mechanism for implementing authorization services in large scale distributed computing systems. While pointing out the desirable features of threshold schemes for complex authorization policies, the paper also discusses the practical limitations of threshold schemes in such an environment. The main contribution of this paper is that it suggests a practical approach for deploying threshold closure, an optimal form of threshold schemes, for implementing authorization of VO. In essence, we suggest segregating the policy and mechanism aspects of threshold closure so that complex policies may be specified using threshold closure which are implemented conveniently using existing authentication-based enforcement mechanisms available in traditional security infrastructure.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: enabling scalable virtual organizations. Int. J. Supercomputer Applications 15(3), 200–222 (2001)
Lam, K.Y., Zhao, X.B., Chung, S.L., Gu, M., Sun, J.G.: Enhancing Grid Security Infrastructure to Support Mobile Computing Nodes. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. K.Y. Lam, X.B. Zhao, S.L. Chung, M. Gu, J.G. Sun, vol. 2908, pp. 42–54. Springer, Heidelberg (2004)
Dengue fever prevention and control. Weekly Epidemiological Record 77(6), 41–48 (August 2002)
Overview of the Grid Security Infrastructure at http://www-fp.globus.org/security/overview.html
Zhou, J.Y., Lam, K.Y.: Securing digital signatures for non-repudiation. Journal of Computer Communications 22(8), 710–716 (1999)
Keahey, K., Welch, V.: Fine-Grain Authorization for Resource Management in the Grid Environment. In: Parashar, M. (ed.) GRID 2002. LNCS, vol. 2536, pp. 199–206. Springer, Heidelberg (2002)
Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A Community Authorization Service for Group Collaboration. In: Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks (2002)
Nagaraj, S.V.: Access control in distributed object systems: problems with access control lists. In: Enabling Technologies: Infrastructure for Collaborative Enterprises, 2001. WET ICE 2001. Proceedings. Tenth IEEE International Workshops (2001)
Zhang, C.R., Lam, K.Y., Jajodia, S.: Scalable threshold closure. Theoretical Computer Science 226, 185–206 (1999)
Shamir, A.: How to share a secret. Communications of the ACM, Vol 22(11), 612–613 (1979)
Benaloh, J.C., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, Heidelberg (1990)
Ito, M., Saito, A., Nishizeki, T.: Secret sharing scheme realizing general access structure. In: Globecom 1987, Tokyo, Japan, pp. 99–102 (1987)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhao, XB., Lam, KY., Chung, SL., Gu, M., Sun, JG. (2004). Authorization Mechanisms for Virtual Organizations in Distributed Computing Systems. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds) Information Security and Privacy. ACISP 2004. Lecture Notes in Computer Science, vol 3108. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-27800-9_36
Download citation
DOI: https://doi.org/10.1007/978-3-540-27800-9_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22379-5
Online ISBN: 978-3-540-27800-9
eBook Packages: Springer Book Archive