| Tuesday, September 12 |
| 4:00 pm - 5:30 pm | |
| |
Security Talks
(90 mins)
Dillaway (Microsoft), Tan (Monash) & Abramson (Monash)
View Participants
Blair Dillaway, Software Architect, Microsoft Corporation
"A Unified Approach to Trust, Delegation, and Authorization in Large-scale Grids" - Blaid Dillaway (Microsoft)
The development of large-scale, multi-domain, Grid computing environments has highlighted the need for fine-grained control over trust relationships and delegated access rights. Existing approaches do not fully satisfactory these needs. They typically lack precision and/or require an undesirable reliance on centralized administration to be effective. In addition, one finds multiple independent mechanisms, with disparate semantics, being used to manage trust, delegation and authorization. This makes it difficult to understand the effective security in large distributed systems and complicates their management.
In this talk, we will present results from recent work focused on providing a more flexible and effective means of securing complex distributed systems. This led to the development of a unified approach for specifying trust, delegation, and authorization policies as well as security assertions about principals in the system. We will show how this can be used to express federated trusts, delegated access rights, and authorization policies applicable to Grid requirements and discuss its ability to support various operational models. An implementation will be demonstrated that uses an XML-based encoding of security policies and security tokens and fits naturally into a web services-based environment. We will walk through several examples showing how one can use this technology, along with a logic-based authorization algorithm we've developed, to achieve a highly flexible and uniform approach to controlling resource access in large-scale Grids.
Location: 147B
|
| |
| |
|
| |
| | Slides: Unified Approach to Trust, Delegation, and Authorization in Grids |