Skip to main content
Kent Academic Repository

Coordinated decision making in distributed applications

Chadwick, David W. (2007) Coordinated decision making in distributed applications. Information Security Technical Report, Elsevier, 12 (3). pp. 147-154. ISSN 1363-4127. (doi:10.1016/j.istr.2007.05.003) (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided) (KAR id:14612)

The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided.
Official URL:


This paper describes how it is possible to use today’s existing stateless PDPs such as the

XACML PDP, to provide coordinated access control decision making throughout a distributed

application. This is achieved by utilising an external database service to store the

retained ADI that is needed by the PDPs. In this way the decision making can be coordinated

and controlled throughout time and space. The retained ADI is modelled as coordination

attributes of a coordination object, and coordination PIPs linked to each PDP access the coordination

database service to retrieve the current values of the coordination attributes

prior to the access control decision being made. Obligations in the access control policy define

how the coordination attributes should be updated when the user is granted access to

a resource. Three different modes of enforcing obligations are defined by a Chronicle directive,

namely Chronicle ¼ Before, Chronicle ¼ After and Chronicle ¼ With. The paper

describes how the coordinated decision making has been implemented in Globus Toolkit

v4, by developing a Coordinated PDP that incorporates a coordination PIP, an Obligations

Service that implements the Chronicle ¼ Before mode of operation, and a stateless PDP

that makes the access control decisions; and an external coordination database grid service

that has its own security controls to ensure that only Coordinated PDPs can access it. The

paper concludes by discussing the implementation and indicating how the Chronicle ¼

After and Chronicle ¼ With modes of operation might also be supported in GT4.

Item Type: Article
DOI/Identification number: 10.1016/j.istr.2007.05.003
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Mark Wheadon
Date Deposited: 24 Nov 2008 18:05 UTC
Last Modified: 16 Nov 2021 09:53 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.