期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2009
卷号:9
期号:11
页码:49-55
出版社:International Journal of Computer Science and Network Security
摘要:Large scale distributed systems enable sharing of resources and services scattered over geographically dispersed, heterogeneous, autonomous administrative domains. Two main entities interacting with each other over a distributed system are service requesters and service providers. The service requesters belonging to a particular administrative domain may request access to resources/services available over same or other administrative domains. Similarly a service provider belonging to a particular administrative domain may expose its resources/services over same or other administrative domains. The service requesters belonging to one administrative domain generally have different access rights in different administrative domains. Determining what a service requester is authorized to do in the same or other administrative domains is a difficult task. The overall authorization and access control becomes more complex when service providers attach authorization and access control related policies with their resources/services and provide access to those resources/services based on conformance to established policies. These policies may include authentication, privacy, trust, network workload, business and management etc. related aspects of authorization and access control. Designing an authorization and access control system for such an environment is a complex task and introduces many challenging technology and management related issues. In this paper we have made an attempt to define and implement a policy based authorization and access control framework that can be used to determine the access rights of a subject in different administrative domains and supports policy-based access to resources/services scattered over a distributed system. The framework proposed is scalable, flexible and has been implemented through web services. The paper also discusses prototype implementation of the proposed framework.
Loading...
