PERMIS: a modular authorization infrastructure

Chadwick, David; Zhao, Gansen; Otenko, Sassa; Laborde, Romain; Su, Li; Nguyễn, Tuấn Anh

doi:10.1002/cpe.1313

Cited by 67 publications

(55 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Privilege and Role Management Infrastructure Standards Validation (PERMIS) is a more ornate authorization model implementation that follows the principles of Role Based Access Control (RBAC) [9]. Attribute authorities in PERMIS are often independent and issue attributes that associate a role with a user.…”

Section: Permismentioning

confidence: 99%

Virtual Organization Platform Interoperability Provides the Long Tail an eScience Environment

Nishimura

Sakane

Yamaji

et al. 2016

Journal of Information Processing

View full text Add to dashboard Cite

Abstract:The core technology of eScience is the connection of distributed resources such that they appear as one virtual instance, enabling the collaborative research work on the Internet on that shared virtualized resource. eScience first embraced shared resources through support of "big science" in the Grid computing field. By contrast, emerging cloud services make high-end eScience infrastructure such as shared computing and disk resources affordable to common researchers. Though there are many such services to choose between, users always have to be authenticated as a researcher and authorized when they utilize services provided by a given collaboration. Effectively leveraging the world-wide deployment of academic identity federations may allow us to build a complete and coherent eScience environment more securely, easily, and scalably. One marked recent tendency in Identity Federation is to support virtual organization (VO), organizations composed of individuals principally domiciled at and authenticating against an organization but acting in a particular role within the virtual organization. A similar theme also emerged in Grid computing. However, all known current schemes have no common method for sharing VO information because every virtual organization is, today, largely bespoke, and these custom-built implementations take into account the principal needs of the federation and country and project where the VO emerged, leading each federation to employ different standards in integration with VO's and provision of information to VO's. This paper offers a historical perspective on VO technology, first by assessing its evolution in the Grid computing field followed by an analysis of progress in broader identity federation. Finally, potential evolutionary paths are divided into three natural categories, and we perform a technical and operational comparison of current VO technology and its capacity to meet these new use cases today and in envisioned futures. Reflecting how much development and operational costs are acceptable for each party concerned, two of these are considered preferred choices for the short-term and long-term transition to the unified, global VO platform.

show abstract

Section: Permismentioning

confidence: 99%

Virtual Organization Platform Interoperability Provides the Long Tail an eScience Environment

Nishimura

Sakane

Yamaji

et al. 2016

Journal of Information Processing

View full text Add to dashboard Cite

show abstract

“…PERMIS [12,13] is an application independent privilege management infrastructure that comprises credential issuing and credential validation functionality as well as policy creation and policy decision making functionality. The components that are important to the current discussion are the Attribute Certificate Manager (ACM) and the Delegation Issuing Service (DIS), which both issue X.509 role ACs to holders, and the Credential Validation Service (CVS) which validates the issued role ACs (see Figure 2).…”

Section: Using Webdav In Permismentioning

confidence: 99%

Instant certificate revocation and publication using WebDAV

Chadwick

Antony

Bjerk

2010

JCS

View full text Add to dashboard Cite

Abstract. There are several problems associated with the current ways that certificates are published and revoked. This paper discusses these problems, and then proposes a solution based on the use of WebDAV, an enhancement to the HTTP protocol. The proposed solution provides instant certificate revocation, minimizes the processing costs of the certificate issuer and relying party, and eases the administrative burden of publishing certificates and certificate revocation lists (CRLs). We describe how WebDAV can be used for X.509 certificate revocation, and describe how we have implemented it in the PERMIS authorization infrastructure.

show abstract

“…In the case of PERMIS (Figure 6), the situation is more complex. PERMIS [8] provides a standalone authorization service (PERMIS Policy Decision Point), however it depends on the LDAP service which contains proper information in terms of Attribute Certificates and Policies. FiVO works with PERMIS by feeding an LDAP service with proper policies, generated automatically from policies which are part of the VO contract.…”

Section: Semantically Supported Vo Securitymentioning

confidence: 99%

Dynamic VO Establishment in Distributed Heterogeneous Business Environments

Kryza

Dutka

Słota

et al. 2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. As modern SOA and Grid infrastructures are being moved from academic and research environments to more challenging business and commercial applications, such issue as control of resource sharing become of crucial importance. In order to manage and share resources within distributed environments the idea of Virtual Organizations (VO) emerged, which enables sharing only subsets of resources among partners of such a VO within potentially larger settings. This paper describes the Framework for Intelligent Virtual Organizations (FiVO), focusing on its functionality of enforcing security (Authentication and Authorization) in dynamically deployed Virtual Organizations. The paper presents the overall architecture of the framework along with different security settings which FiVO can support within one Virtual Organization.

show abstract

PERMIS: a modular authorization infrastructure

Cited by 67 publications

References 15 publications

Virtual Organization Platform Interoperability Provides the Long Tail an eScience Environment

Virtual Organization Platform Interoperability Provides the Long Tail an eScience Environment

Instant certificate revocation and publication using WebDAV

Dynamic VO Establishment in Distributed Heterogeneous Business Environments

Contact Info

Product

Resources

About