Certificate-based access control for widely distributed resources

Mary R. Thompson; William Johnston; Srilekha Mudumbai; Gary Hoo; Keith Jackson; Abdelilah Essiari

Abstract

We have implemented and deployed an access control mechanism that uses digitally-signed certificates to define and enforce an access policy for a set of distributed resources that have multiple, independent and geographically dispersed stakeholders. The stakeholders assert their access requirements in use-condition certificates and designate those trusted to attest to the corresponding user attributes. Users are identified by X.509 identity certificates. During a request to use a resource, a policy engine collects all the relevant certificates and decides if the user satisfies all the requirements. This paper describes the model, architecture and implementation of this system. It also includes some preliminary performance measurements and our plans for future development of the system. 1. Motivation: Distributed Computing Environments In distributed computing environments such as research collaborations spanning several institutions, there may be independent and geographically dispe...

Keywords

Access controlComputer scienceCertificateRole-based access controlCertificate authorityPublic key certificatePublic key infrastructureAuthorization certificateArchitectureSet (abstract data type)Identity (music)Computer securityDatabasePublic-key cryptography

Affiliated Institutions

Lawrence Berkeley National Laboratory US

Related Publications

A national-scale authentication infrastructure

Carl Kesselman , J. Volmer , Steven Tuecke +4 more

Participants in virtual organizations commonly need to share resources such as data archives, computer cycles, and networks, resources usually available only with restrictions b...

2000 Computer 297 citations

The Anatomy of the Grid: Enabling Scalable Virtual Organizations

Ian Foster , Carl Kesselman , Steven Tuecke

“Grid” computing has emerged as an important new field, distinguished from conventional distributed computing by its focus on large-scale resource sharing, innovative applicatio...

2001 The International Journal of High Per... 6560 citations

Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT

Oscar Novo

The Internet of Things (IoT) is stepping out of its infancy into full maturity and establishing itself as a part of the future Internet. One of the technical challenges of havin...

2018 IEEE Internet of Things Journal 1273 citations

Use of Electronic Death Certificates for Influenza Death Surveillance1

Elizabeth A. Bancroft , Sun Lee

Surveillance for influenza deaths has been used to gauge the severity of influenza seasons. Traditional surveillance, which relies on medical records review and laboratory testi...

2014 Emerging infectious diseases 9 citations

The Physiology of the Grid An Open Grid Services Architecture for Distributed Systems Integration

Ian Foster , Carl Kesselman , Jeffrey M. Nick +1 more

In both e-business and e-science, we often need to integrate services across distributed, heterogeneous, dynamic “virtual organizations ” formed from the disparate resources wit...

2002 3117 citations

Publication Info

Year: 1999
Type: article
Pages: 17-17
Citations: 223
Access: Closed

External Links

Citation Metrics

223

OpenAlex

Cite This

APA Style

                            
                                    Mary R. Thompson, 
                                
                                    William Johnston, 
                                
                                    Srilekha Mudumbai
                                
                                et al.
                            
                            (1999). 
                            Certificate-based access control for widely distributed resources. 
                            
                            , 17-17.