Premium
Achieving fine‐grained access control in virtual organizations
Author(s) -
Zhang N.,
Yao L.,
Nenadic A.,
Chin J.,
Goble C.,
Rector A.,
Chadwick D.,
Otenko S.,
Shi Q.
Publication year - 2006
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.1099
Subject(s) - access control , authentication (law) , computer access control , computer science , authorization , computer security , control (management) , process (computing) , physical access , artificial intelligence , operating system
In a virtual organization environment, where services and data are provided and shared among organizations from different administrative domains and protected with dissimilar security policies and measures, there is a need for a flexible authentication framework that supports the use of various authentication methods and tokens. The authentication strengths derived from the authentication methods and tokens should be incorporated into an access‐control decision‐making process, so that more sensitive resources are available only to users authenticated with stronger methods. This paper reports our on‐going efforts in designing and implementing such a framework to facilitate multi‐level and multi‐factor adaptive authentication and authentication strength linked fine‐grained access control. The proof‐of‐concept prototype is designed and implemented in the Shibboleth and PERMIS infrastructures, which specifies protocols to federate authentication and authorization information and provides a policy‐driven, role‐based, access‐control decision‐making capability. Copyright © 2006 John Wiley & Sons, Ltd.