Skip to main content

PERMIS: a modular authorization infrastructure

Chadwick, David W., Zhao, Gansen, Otenko, Sassa, Laborde, Romain, Su, Linying, Nguyen, Tuan Anh (2008) PERMIS: a modular authorization infrastructure. Concurrency and Computation: Practice and Experience, 20 (11). pp. 1341-1357. ISSN 1532-0626. (doi:10.1002/cpe.1313) (KAR id:14877)

Abstract

Authorization infrastructures manage privileges and render access control decisions, allowing applications to adjust their behavior according to the privileges allocated to users. This paper describes the PERMIS role-based authorization infrastructure along with its conceptual authorization, access control, and trust models. PERMIS has the novel concept of a credential validation service, which verifies a user's credentials prior to access control decision-making and enables the distributed management of credentials. PERMIS also supports delegation of authority; thus, credentials can be delegated between users, further decentralizing credential management. Finally, PERMIS supports history-based decision-making, which can be used to enforce such aspects as separation of duties and cumulative use of resources. Details of the design and the implementation of PERMIS are presented along with details of its integration with Globus Toolkit, Shibboleth, and GridShib. A comparison of PERMIS with other authorization and access control implementations is given, along with suggestions where future research and development are still needed.

Item Type: Article
DOI/Identification number: 10.1002/cpe.1313
Uncontrolled keywords: PDP, authorization infrastructure, access control decisions, Grid security
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Funders: Jisc (https://ror.org/01rv9gx86)
European Commission (https://ror.org/00k4n6c32)
Depositing User: Suzanne Duffy
Date Deposited: 04 Feb 2009 11:55 UTC
Last Modified: 12 Jul 2022 10:39 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/14877 (The current URI for this page, for reference purposes)

University of Kent Author Information

Chadwick, David W..

Creator's ORCID: https://orcid.org/0000-0003-3145-055X
CReDIT Contributor Roles:

Zhao, Gansen.

Creator's ORCID:
CReDIT Contributor Roles:

Su, Linying.

Creator's ORCID:
CReDIT Contributor Roles:

Nguyen, Tuan Anh.

Creator's ORCID:
CReDIT Contributor Roles:
  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.