Skip to main content

Achieving Fine-grained Access Control in Virtual Organisations

Zhang, Nien Fan, Yao, L., Nenadic, A., Chin, J., Goble, C., Rector, A., Chadwick, David W., Otenko, Sassa, Shi, Q. (2007) Achieving Fine-grained Access Control in Virtual Organisations. Concurrency and Computation: Practice and Experience, 19 (9). pp. 1333-1352. ISSN 1532-0626. (doi:10.1002/cpe.1099)


In a virtual organization environment, where services and data are provided and shared amongorganizations from different administrative domains and protected with dissimilar security policies and measures, there is a need for a flexible authentication framework that supports the use of various authentication methods and tokens. The authentication strengths derived from the authentication methods and tokens should be incorporated into an access-control decision-making process, so that more sensitive resources are available only to users authenticated with stronger methods. This paper reports our ongoingefforts in designing and implementing such a framework to facilitate multi-level and multi-factor adaptive authentication and authentication strength linked fine-grained access control. The proof-ofconcept prototype is designed and implemented in the Shibboleth and PERMIS infrastructures, which specifies protocols to federate authentication and authorization information and provides a policy-driven, role-based, access- control decision-making capability.

Item Type: Article
DOI/Identification number: 10.1002/cpe.1099
Additional information: Available from
Uncontrolled keywords: authentication; authorization; virtual organization; Shibboleth; PERMIS; smart tokens
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Mark Wheadon
Date Deposited: 24 Nov 2008 18:05 UTC
Last Modified: 23 Jan 2020 04:03 UTC
Resource URI: (The current URI for this page, for reference purposes)
Chadwick, David W.:
  • Depositors only (login required):


Downloads per month over past year