Fine grained authorization services in virtual organizations

More about the book

The last few years have experienced a steady growth in research institutions' interest in developing research projects that involve more than one institution's computing resources - forming virtual organizations. The goal of any virtual organization is to provide member institutions with an interoperable, easy to use and secure research environment. Shibboleth was one of the premier choices of infrastructure to be used to create collaborative inter-institutional research environments as it provides a coherent architecture to securely share computing resources across multiple institutions without the need for individualized user credentials for each shared resource. Some of the problems that Shibboleth encountered in practice deal with its distributed authentication and authorization mechanisms and its user data accessability design. This work addresses these issues and provides a solution that allows for fine-grained authorization services in any virtual organization. We propose an extension to the Shibboleth design by separating the definition, management, and usage of the user's virtual organization entitlements from the identity provider. This book is addressed to professionals in InformationTechnology, researchers and students in Distributed Systems, Networking and Security."