Distributed Environments are touching new heights,
becoming more useful, popular and more complex with the
emergence of service oriented architecture and computing
technologies like peer-to-peer, autonomic, pervasive and grid etc.
These technologies aim to enable large scale resource sharing.
Security is a big and challenging issue in these environments as it
involves the federation of multiple heterogeneous, geographically
distributed autonomous administrative domains. The dynamic and
multi- institutional nature of service oriented environments like grid
and web introduces several challenging security issues that require
new technical approaches. This paper proposes a privacy, trust and
policy based authorization framework for grid and web services, but,
in fact can be amended for any distributed, service oriented
computing environment as most of the elements defined in the
framework are general and adaptable in other computing
environments. The framework is intended to provide a simple,
powerful, flexible and scalable authorization infrastructure for
services exposed in a large scale distributed environment. The paper
also discusses a prototype implementation of the proposed
framework. For implementation, we are making use of web services
security specifications supported by WSE 3.0. Sample
implementation has shown that the architecture is capable of meeting
the identified security requirements and the approach is workable.