Loading…
PERMIS: a modular authorization infrastructure
Authorization infrastructures manage privileges and render access control decisions, allowing applications to adjust their behavior according to the privileges allocated to users. This paper describes the PERMIS role‐based authorization infrastructure along with its conceptual authorization, access...
Saved in:
| Published in: | Concurrency and computation 2008-08, Vol.20 (11), p.1341-1357 |
|---|---|
| Main Authors: | , , , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Authorization infrastructures manage privileges and render access control decisions, allowing applications to adjust their behavior according to the privileges allocated to users. This paper describes the PERMIS role‐based authorization infrastructure along with its conceptual authorization, access control, and trust models. PERMIS has the novel concept of a credential validation service, which verifies a user's credentials prior to access control decision‐making and enables the distributed management of credentials. PERMIS also supports delegation of authority; thus, credentials can be delegated between users, further decentralizing credential management. Finally, PERMIS supports history‐based decision‐making, which can be used to enforce such aspects as separation of duties and cumulative use of resources. Details of the design and the implementation of PERMIS are presented along with details of its integration with Globus Toolkit, Shibboleth, and GridShib. A comparison of PERMIS with other authorization and access control implementations is given, along with suggestions where future research and development are still needed. Copyright © 2008 John Wiley & Sons, Ltd. |
|---|---|
| ISSN: | 1532-0626 1532-0634 |
| DOI: | 10.1002/cpe.1313 |