Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

Toward an on-demand restricted delegation mechanism for Grids

Ahsant, M and Basney, J and Mulmo, O and Lee, AJ and Johnsson, L (2006) Toward an on-demand restricted delegation mechanism for Grids. In: UNSPECIFIED UNSPECIFIED, 152 - 159. ISBN 1424403448, 9781424403448

[img] Plain Text (licence)
Available under License : See the attached license file.

Download (1kB)


Grids are intended to enable cross-organizational interactions which makes Grid security a challenging and non-trivial issue. In Grids, delegation is a key facility that can be used to authenticate and authorize requests on behalf of disconnected users. In current Grid systems there is a trade-off between flexibility and security in the context of delegation. Applications must choose between limited or full delegation: on one hand, delegating a restricted set of rights reduces exposure to attack but also limits the flexibility/dynamism of the application; on the other hand, delegating all rights provides maximum flexibility but increases exposure. In this paper, we propose an on-demand restricted delegation mechanism, aimed at addressing the shortcomings of current delegation mechanisms by providing restricted delegation in a flexible fashion as needed for Grid applications. This mechanism provides an ontology-based solution for tackling one the most challenging issues in security systems, which is the principle of least privileges. It utilizes a callback mechanism, which allows on-demand provisioning of delegated credentials in addition to observing, screening, and auditing delegated rights at runtime. This mechanism provides support for generating delegation credentials with a very limited and well-defined range of capabilities or policies, where a delegator is able to grant a delegatee a set of restricted and limited rights, implicitly or explicitly. © 2006 IEEE.


Social Networking:
Share |


Item Type: Book Section
Status: Published
CreatorsEmailPitt UsernameORCID
Ahsant, M
Basney, J
Mulmo, O
Lee, AJadamlee@pitt.eduADAMLEE
Johnsson, L
Date: 1 December 2006
Date Type: Publication
Journal or Publication Title: Proceedings - IEEE/ACM International Workshop on Grid Computing
Page Range: 152 - 159
Event Type: Conference
DOI or Unique Handle: 10.1109/icgrid.2006.311010
Schools and Programs: Dietrich School of Arts and Sciences > Computer Science
Refereed: Yes
ISBN: 1424403448, 9781424403448
ISSN: 1550-5510
Date Deposited: 05 Dec 2012 20:25
Last Modified: 02 Feb 2019 16:56


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item