A Community Authorization Service for Group Collaboration

TitleA Community Authorization Service for Group Collaboration
Publication TypeReport
Year of Publication2002
AuthorsPearlman, L, Welch, V, Foster, IT, Kesselman, C, Tuecke, S
Date Published05/2002
Other NumbersANL/MCS-P1042-0502

In \"Grids\" and \"collaboratories,\" we find distributed communities of resource providers and resource consumers, within which often complex and dynamic policies govern who can use which resources for which purpose. We propose a new approach to the representation, maintenance, and enforcement of such policies that provides a scalable mechanism for specifying and enforcing these policies. Our approach allows resource provides to delegate some of the authority for maintaining fine-grained access control policies to communities, while still maintaining ultimate control over their resources. We also describe a prototype implementation of this approach and an application in a data management context.