Contractual Access Control
In this position paper we discuss the issue of enforcing access policies in distributed environments where there is no central system designer/administrator, and consequently no guarantee that policies will be properly implemented by all components of the system. We argue that existing access control models, which are based on the concepts of permission and prohibition, need to be extended with the concept of entitlement. Entitlement to access a resource means not only that the access is permitted but also that the controller of the resource is obliged to grant the access when it is requested. An obligation to grant the access however does not guarantee that it will be granted: agents are capable of violating their obligations. In the proposed approach we discuss a Community Regulation Server that not only reasons about access permissions and obligations, but also updates the normative state of a community according to the contractual performance of its interacting agents.
KeywordsAccess Control Local Policy Virtual Community Resource Provider Virtual Organisation
Unable to display preview. Download preview PDF.
- 1.Bandmann, O., Dam, M., Firozabadi, B.S.: Constrained Delegations. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 131–140 (2002)Google Scholar
- 2.Sadighi Firozabadi, B., Sergot, M., Bandmann, O.: Using Authority Certificates to Create Management Structures. In: Proceedings of the 9th International Workshop on Security Protocols, Cambridge, UK (April 2001) (to appear)Google Scholar
- 4.Foster, I., Kesselman, C., Nick, J., Tuecke, S.: The physiology of the grid: An open grid services architecture for distributed systems integration (January 2002), http://www.globus.org/research/papers/ogsa.pdf
- 5.Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid – Enabling Scalable Virtual Organisations. International Journal of Supercomputer Applications 15(3) (2001)Google Scholar
- 6.Pearlman, L., Welch, V., Foster, I., Kesselman, C.: A Community Authorisation Service for Group Collaboration. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks, Monterey, California, USA, June 2002, pp. 50–59. IEEE, Los Alamitos (2002)CrossRefGoogle Scholar