Abstract: This paper describes the authorization system
architecture for Pervasive Grid environment. It discusses the
characteristics of classical authorization system and requirements of
the authorization system in pervasive grid environment as well.
Based on our analysis of current systems and taking into account the
main requirements of such pervasive environment, we propose new
authorization system architecture as an extension of the existing grid
authorization mechanisms. This architecture not only supports user
attributes but also context attributes which act as a key concept for
context-awareness thought. The architecture allows authorization of
users dynamically when there are changes in the pervasive grid
environment. For this, we opt for hybrid authorization method that
integrates push and pull mechanisms to combine the existing grid
authorization attributes with dynamic context assertions. We will
investigate the proposed architecture using a real testing environment
that includes heterogeneous pervasive grid infrastructures mapped
over multiple virtual organizations. Various scenarios are described
in the last section of the article to strengthen the proposed mechanism
with different facilities for the authorization procedure.
Abstract: Centrally controlled authentication and authorization services can provide enterprise with an increase in security, more flexible access control solutions and an increased users' trust. By using redirections, users of all Web-based applications within an organization are authenticated at a single well known and secure Web site and using secure communication protocol. Users are first authenticated at the central server using their domain wide credentials before being redirected to a particular Web-based application. The central authentication server will then provide others with pertinence authorization related particulars and credentials of the authenticated user to the specific application. The trust between the clients and the server hosts is established by secure session keys exchange. Case- studies are provided to demonstrate the usefulness and flexibility of the proposed solution.