Abstract
Delegation is an important tool for authorization in large distributed environments. However, current delegation mechanisms used in emerging Grids have problems to allow for flexible and secure delegation. This paper presents a framework to realize restricted delegation using a specific attribute certificate with trust value in grid environments. The framework employs attribute certificates to convey rights separately from identity certificates used for authentication, and enables chained delegations by using attribute certificate chains. In the framework the verifier can enforce securely authorization with delegation by checking the trust values of AC chains, and judge if a delegation is a trusted delegation by evaluating the reputation value of the delegation chain. The paper discusses the way of computing trust and reputation for delegation, and describes some details of delegation, including the creation of delegation credential and the chained delegation protocol.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid. Intl. J. Supercomputer Applications 15(3), 200–222 (2001)
Stoker, G., White, B., Stackpole, E., et al.: Toward Realizable Restricted Delegation in Computational Grids. In: Proceedings of the International Conference on High Performance Computing and Networking Europe (HPCN Europe 2001), Amsterdam, Netherlands (June 2001)
Foster, I., Kesselman, C., Tsudik, G., et al.: A security architecture for computational grids. In: ACM Conference on Computer and Communications Security Conference, San Francisco, pp. 82–89 (1998)
Pearlman, L., Welch, V., Foster, I., et al.: A Community Authorization Service for Group Collaboration. In: IEEE Workshop on Policies for Distributed Systems and Networks (2002)
Tuecke, S., Engert, D., Foster, I.: Internet X.509 Public Key Infrastructure Proxy Certificate Profile. Internet Draft (August 2001)
Salzer, J.R., Schroeder, M.D.: The Protection of Information in Computer Systems. In: Proceedings of the IEEE (September 1975)
ITU-T Recommendation X.509 | ISO/IEC 9594-8: Information Technology - Open Systems Interconnection - The Directory: Public-Key and Attribute Certificate Frameworks
RFC3281, An Internet Attribute Certificate Profile for Authorization
Gasser, M., McDermott, E.: An Architecture for practical Delegation in a Distributed System. In: 1990 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA (May 1990)
Azzedin, F., Maheswaran, M.: Evolving and Managing Trust in Grid Computing Systems. In: Canadian Conference on Electrical and Computer Engineering 2002, May, pp. 1424–1429 (2002)
Abdul-Rahman, A., Hailes, S.: Supporting trust in virtual communities. In: Hawaii Int’l. Conference on System Sciences (January 2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jiang, W., Li, C., Hao, S., Dai, Y. (2005). Using Trust for Restricted Delegation in Grid Environments. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2005. Lecture Notes in Computer Science, vol 3439. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31979-5_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-31979-5_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25584-0
Online ISBN: 978-3-540-31979-5
eBook Packages: Computer ScienceComputer Science (R0)