Remember Me
Or use your Academic/Social account:


Or use your Academic/Social account:


You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.


Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message


Verify Password:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Chadwick, David W.; Dimitrakos, Theo; Dam, Kerstin Kleese-Van; Randal, Damian Mac; Matthews, Brian; Otenko, Alexander (2004)
Languages: English
Types: Unknown
Subjects: QA76
Rapid advancements in Grid Computing and the convergence of Grid and Web Services, and the development of infrastructures such as the Ecology GRID (ECO 2003) and NERC DataGrid (Lawrence 2003), bring about protocols and machine-processable message/document formats that will soon enable seamless and open application-application communication. This will bring about the prospect of ad hoc integration of systems across institutional boundaries to support collaborations that may last for a single transaction or evolve over many years. We will witness on-demand creation of dynamically-evolving, scalable Virtual Organisations (VO) spanning national and institutional borders, where the participating entities pool resources, capabilities and information to achieve common objectives. As a motivating example, consider a hypothetical environmental project where there are several research groups in different institutes collaborating on a study of complex physical phenomenon which involves simulation and on-line analysis of existing atmospheric and oceanographic data (including satellite imagery). Being a large project, it would have several work packages involving different parts of the consortia and running for different periods of time within the project timeframe. The satellite images, plus significant quantities of metadata and derived data are held in data centres. This data, collected from many sources, may be commercially sensitive, and therefore access is to be restricted to only those individually with a project-relevant need. The data owners may want to apply varying conditions on access to their data, e.g. non-military personnel should only be given degraded versions of military sourced images, with different degradation filters applicable for different application domains. The data centres have to ensure the security and confidentiality of data and so has to control who can do what on their machines, e.g. who can carry out cross database correlations, or upload filters to be applied to images. The project, which is paying for the data access, wishes to control who is allowed to access the data and when. It needs to be able to define several authorization groups (e.g. corresponding to work packages) and specify what data is available to that group. The groups will have a specific lifetime, and individuals may join or leave the group during its lifetime, i.e. they are dynamic virtual organizations. The data centres need to take these different authorization policies and apply them for each of the actions and units of data being accessed. This raises several challenges: * Applying multiple authorization policies to control access to resources. * Enforcing fine-grained access control at the resource. * Managing dynamic virtual organizations comprising of resources and individuals authorized to use them. * Handling the multiple authorities necessitated by distributed VOs and resources. * Handling policy conflicts where individuals may play different roles, at the same time or at different times. In this paper we outline a new project, DyCom, which seeks to combine the results of two European projects, Grasp and PERMIS, to provide an architecture to manage the complex privileges required in such scenarios. We will describe the mechanisms developed in these projects and show how they could be combined.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • Dimitrakos, Mac Randal, Wesner, Serhan, Ritrovato, Laria (2004a). “Overview of an architecture enabling Grid based Application Service Provision”. 2nd European Across Grids Conference, Nicosia, Cyprus, Jan. 2004
    • Dimitrakos, Ritrovato, Serhan, Valles, Wesner (2003a) The Grid for e-collaboration and Virtual Organisations in P. Cunningham , M. Cunningham and P. Fatelnig (Eds.) Building the Knowledge Economy: Issues, Applications, Case Studies. IOS Press 2003
    • Dimitrakos, Mac Randal, Yuan, Gaeta, Laria, Ritrovato, Serhan, Wesner, Wulf (2003b) An Emerging Architecture Enabling Grid-based Application Service Provision. Proc. 7th International Enterprise Distributed Object Computing Conference. EDOC2003. IEEE Computer Society
    • Dimitrakos, Djordjevic, Matthews, Bicarregui, Phillips (2002). Policy-Driven Access Control over a Distributed Firewall Architecture. Policy 2002: 3rd International Workshop on Policies for Distributed Systems and Networks IEEE Computer Society.
    • Djordjevic, Dimitrakos, Philips (2004a) An Architecture for Dynamic Security Perimeters of Virtual Collaborative Organizations Networks Proceedings of the 9th IEEE/IFIP Network Operations and Management Symposium (NOMS 2004). IEEE Communications Society
    • Djordjevic, Dimitrakos (2004b). Towards Dynamic Security Perimeters for Virtual Collaborative Networks. Proceedings of Trust Management:: Second International Conference. Lecture Notes in Computer Science, Vol. 2995, 2004.
    • ITU-T Recommendation X.812 (1995) | ISO/IEC 10181-3:1996 “Security Frameworks for open systems: Access control framework”
    • ITU-T Recommendation X.509 (2001) | ISO/IEC 9594-8: 2001, Information technology - Open Systems Interconnection - Public-Key and Attribute Certificate Frameworks.
  • No related research data.
  • No similar publications.

Share - Bookmark

Download from

Cite this article