Most solutions use
proxy certificates as their basis. For instance, the Community Authorization Service (CAS)
Figure 1. A chain of certificates
Lee
Copyright ?© 2007, Idea Group Inc. Copying or distributing in print or electronic forms without written permission
of Idea Group Inc. is prohibited.
(Canon, Chan, Olson, Tull, & Welch, 2003) returns a restricted proxy certificate, which
contains a list of permitted actions using SAML-based authorization decision assertions.
The AKENTI authorization service (Thompson, Johnston, Mudumbai, Hoo, & Jackson,
August, 1999) has a similar design, but useful user??™s attributes and privileges are involved in
the attribute certificates (ACs) (Farrell & Housley, 2002 April). Thus, a user might need his
identity certificate to be authenticated and one or more ACs to pass through the authorization
process in an AKENTI system. Virtual Organization Membership Services (VOMS) is one
of the components in the European Data Grid (EDG). VOMS is a role-based authorization
system that combines user group membership, role(s), and capabilities into certificates as
an attribute authority, so the authorization decision functions (ADFs) can comprise grid
access control for resources.
Pages:
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432