A Novel Authorization Mechanism for Service-Oriented Virtual Organization

  • Hai Jin
  • Weizhong Qiang
  • Xuanhua Shi
  • Deqing Zou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3733)


There are more challenges for authorization in service-oriented virtual organization. In this paper we propose a novel authorization mechanism for virtual organization, which uses the threshold signature scheme for authorization management and voting mechanism for decision-making. We design three protocols in the authorization mechanism: authorization acquisition protocol, authorization revocation protocol, and secure interaction protocol. Our solution can satisfy the dynamic coalition requirement of virtual organization, and also guarantee the autonomous characteristic of participant organizations and service entities. Privacy preservation is also provided for service entities to interact with authorized entities.


Secret Share Trust Relationship Virtual Organization Access Control Policy Approval Vote 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alfieri, R., et al.: VOMS: an authorization system for virtual organizations, DataService Project (2003),
  2. 2.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. Journal of Cryptology 17(4), 297–319 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Chadwick, D., Otenko, A.: The Permis X.509 role based privilege management infrastructure. In: Proc. the 7th ACM Symposium on Access Control Models and Technologies, Monterey, pp. 135–140 (2002)Google Scholar
  5. 5.
    Feldman, P.: A Practical Scheme for Non-interactive Verifiable Secret Sharing. In: Proc. 28th Symposium on Foundations of Computer Science (FOCS), pp. 427–437 (1987)Google Scholar
  6. 6.
    Qiang, W., Jin, W., Shi, X., Zou, D.: VO-Sec: An Access Control Framework for Dynamic Virtual Organization. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 370–381. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Qiang, W., Jin, W., Shi, X., Zou, D.: Joint Management of Authorization for Dynamic Virtual Organization. In: Proceedings of the 5th International Conference on Computer and Information Technology (CIT 2005) (2005)Google Scholar
  8. 8.
    Khurana, H., Gligor, V., Linn, J.: Reasoning about joint administration of access policies for coalition resources. In: Proc. the 22nd International Conference on Distributed Computing Systems, Vienna, pp. 429–443 (2002)Google Scholar
  9. 9.
    Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration. In: Proc. the 3rd International Workshop on Policies for Distributed Systems and Networks, Monterey (2002)Google Scholar
  10. 10.
    Thompson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate-based access control for widely distributed resources. In: Proc. the Eighth Usenix Security Symposium (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Hai Jin
    • 1
  • Weizhong Qiang
    • 1
  • Xuanhua Shi
    • 1
  • Deqing Zou
    • 1
  1. 1.Cluster and Grid Computing Lab.Huazhong University of Science and TechnologyWuhanChina

Personalised recommendations