Tatyana Ryutov and Clifford Neuman
Information Sciences Institute
University of Southern California
4676 Admiralty Way suite 1001
Marina del Rey, CA 90292
{tryutov, bcn}@isi.edu
(310)822-1511 (voice) (310)823-6714 (fax)
We present a new model for authorization that integrates both local and distributed access control policies and that is extensible across multiple applications and administrative entities. We introduce a general mechanism that is capable of implementing multiple security policies including role-based access control, Clark-Wilson, ACLs, capabilities, and lattice-based access controls. The Generic Authorization and Access-control API (GAA API) provides a general framework for applications to facilitate access control decisions and request authorization information about a particular resource, thus making our model application-independent. We have integrated our system with the Prospero Resource Manager and Globus Security Infrastructure.