323 research outputs found

    Providing Secure Coordinated Access to Grid Services

    No full text
    Coordinating the cumulative use of distributed resources in a grid environment so that users do not consume too much is a difficult task. This paper presents one approach that we have implemented in Globus Toolkit version 4 (GT4), that uses an SQL database to hold coordination data, and policy decision points (PDPs) to make access control decisions about whether the users request for more resources can be granted or denied. When access is granted, obligations in the policy ensure that the coordination database is appropriately updated. In our initial implementation, the coordination service is embedded into the GT4 authorization chain as a custom PDP so that any web service can be provided with a security policy that provides a coordination capability. In the final section we describe how coordinated decision making could be more tightly integrated into a future version of GT

    PERMIS: a modular authorization infrastructure

    No full text
    Authorization infrastructures manage privileges and render access control decisions, allowing applications to adjust their behavior according to the privileges allocated to users. This paper describes the PERMIS role-based authorization infrastructure along with its conceptual authorization, access control, and trust models. PERMIS has the novel concept of a credential validation service, which verifies a user's credentials prior to access control decision-making and enables the distributed management of credentials. PERMIS also supports delegation of authority; thus, credentials can be delegated between users, further decentralizing credential management. Finally, PERMIS supports history-based decision-making, which can be used to enforce such aspects as separation of duties and cumulative use of resources. Details of the design and the implementation of PERMIS are presented along with details of its integration with Globus Toolkit, Shibboleth, and GridShib. A comparison of PERMIS with other authorization and access control implementations is given, along with suggestions where future research and development are still needed

    Coordinating access control in grid services

    No full text
    We describe how to control the cumulative use of distributed grid resources by using coordination-aware policy decision points (coordinated PDPs) and an SQL database to hold 'coordination' data. When access to a resource is granted, obligations in the security policy ensure that the coordination database is updated. The coordination database is a normal grid service providing distributed access to the coordinated PDPs. Access to the databases is secured by the grid security infrastructure (GSI) and its own PDP, so that only authorized users (the coordinated PDPs) can access it. A coordinated PDP is imbedded into the Globus Toolkitv4 authorization chain as a custom PDP so that any grid service can be protected by a security policy that provides a coordination capability. Each coordinated PDP uses the services of an uncoordinated PDP to make its access control decisions, so that any existing stateless PDP can be supplemented with a coordination capability. We provide performance results for the coordinated PDPs and compare these with two stateless PDPs. Virtually the entire performance penalty of using coordinated PDPs is accounted for by the heavy costs of using GSI to secure communications between the coordinated PDPs and the coordination database

    An Impact Study of the Economic Partnership Agreements (EPAs) in the Six ACP Regions

    No full text
    This article intends to present a very detailed analysis of the trade-related aspects of Economic Partnership Agreements (EPAs) negotiations. We use a dynamic partial equilibrium model – focusing on the demand side – at the HS6 level (covering 5,113 HS6 products). Two alternative lists of sensitive products are constructed, one giving priority to the agricultural sectors, the other focusing on tariff revenue preservation. In order to be WTO compatible, EPAs must translate into 90 percent of bilateral trade fully liberalised. We use this criterion to simulate EPAs for each negotiating regional block. ACP exports to the EU are forecast to be 10 percent higher with the EPAs than under the GSP/EBA option. On average ACP countries are forecast to lose 70 percent of tariff revenues on EU imports in the long run. Yet imports from other regions of the world will continue to provide tariff revenues. Thus when tariff revenue losses are computed on total ACP imports, losses are limited to 26 percent on average in the long run and even 19 percent when the product lists are optimised. The final impact on the economy depends on the importance of tariffs in government revenue and on potential compensatory effects. However this long term and less visible effect will mainly depend on the capacity of each ACP country to reorganise its fiscal base.Preferential Trade Agreements, Africa, EPAs, Partial Equilibrium Simulations, International Relations/Trade,

    A privacy preserving authorisation system for the cloud

    No full text
    In this paper we describe a policy based authorisation infrastructure that a cloud provider can run as an infrastructure service for its users. It will protect the privacy of users’ data by allowing the users to set their own privacy policies, and then enforcing them so that no unauthorised access is allowed to their data. The infrastructure ensures that the users’ privacy policies are stuck to their data, so that access will always be controlled by the policies even if the data is transferred between cloud providers or services. This infrastructure also ensures the enforcement of privacy policies which may be written in different policy languages by multiple authorities such as: legal, data subject, data issuer and data controller. A conflict resolution strategy is presented which resolves conflicts among the decisions returned by the different policy decision points (PDPs). The performance figures are presented which show that the system performs well and that each additional PDP only imposes a small overhead

    How to securely break into RBAC: the BTG-RBAC model

    No full text
    Access control models describe frameworks that dictate how subjects (e.g. users) access resources. In the Role-Based Access Control (RBAC) model access to resources is based on the role the user holds within the organization. Although flexible and easier to manage within large-scale authorization frameworks, RBAC is usually a static model where access control decisions have only two output options: Grant or Deny. Break The Glass (BTG) policies can be provided in order to break or override the access controls within an access control policy but in a controlled and justifiable manner. The main objective of this paper is to integrate BTG within the NIST/ANSI RBAC model in a transparent and secure way so that it can be adopted generically in any domain where unanticipated or emergency situations may occur. The new proposed model, called BTG-RBAC, provides a third decision option BTG. This allows break the glass policies to be implemented in any application without any major changes to either the application or the RBAC authorization infrastructure, apart from the decision engine. Finally, in order to validate the model, we discuss how the BTG-RBAC model is being introduced within a Portuguese healthcare institution where the legislation requires that genetic information must be accessed by a restricted group of healthcare professionals. These professionals, advised by the ethical committee, have required and asked for the implementation of the BTG concept in order to comply with the said legislation

    De la laïcité à la française à la théorie normative de la religion (et retour).: Un entretien de Luc Foisneau avec Cécile Laborde

    No full text
    This interview with Cécile Laborde was conducted by Luc Foisneau in Aubervilliers on 13th April 2023. This interview has been published on the website Politika.io in French and English versions. In addition to Critical Republicanism (Oxford 2008) and a collective volume with John Maynor, Republicanism and Political Theory (Blackwell 2008), Cécile Laborde is the author of Liberalism's Religion (Harvard 2017). She's a Fellow of the British Academy and of the Royal Academy of Belgium.Cet entretien avec Cécile Laborde a été réalisé par Luc Foisneau à Aubervilliers le 13 avril 2023. Cet entretien a été publié sur le site Politika.io en versions française et anglaise. Outre Critical Republicanism (Oxford 2008) et un volume collectif avec John Maynor, Republicanism and Political Theory (Blackwell 2008), Cécile Laborde est l'auteur de Liberalism's Religion (Harvard 2017). Elle est membre de la British Academy et de l'Académie royale de Belgique

    Instant certificate revocation and publication using WebDAV

    No full text
    There are several problems associated with the current ways that certificates are published and revoked. This paper discusses these problems, and then proposes a solution based on the use of WebDAV, an enhancement to the HTTP protocol. The proposed solution provides instant certificate revocation, minimizes the processing costs of the certificate issuer and relying party, and eases the administrative burden of publishing certificates and certificate revocation lists (CRLs). We describe how WebDAV can be used for X.509 certificate revocation, and describe how we have implemented it in the PERMIS authorization infrastructure

    Adding Support to XACML for Multi-Domain User to User Dynamic Delegation of Authority

    No full text
    Abstract. We describe adding support for dynamic delegation of authority between users in multiple administrative domains, to the XACML model for authorisation decision making. Delegation of authority is enacted via the issuing of credentials from one user to another, and follows the role based access control model. We present the problems and requirements that such a delegation model demands, the policy elements that are necessary to control the delegation chains and a description of the architected solution. We propose a new conceptual entity called the Credential Validation Service (CVS) to work alongside the XACML PDP. We describe our implementation of the CVS and present performance measurements for validating delegated chains of credentials

    Culturalisme libéral et républicanisme néo-romain : réponses normatives à la diversité culturelle et religieuse

    No full text
    Thèse présentée en cotutelle en vue de l’obtention des grades de Philosophiae Doctor (Ph. D.) en Sciences des Religions (Université de Montréal) et de Docteur en philosophie (École Pratique des Hautes Études, Université Paris Sciences et Lettres).Cette thèse examine les réponses que le culturalisme libéral et le républicanisme néo-romain donnent à la question de savoir quelle position l’État démocratique doit adopter dans des contextes caractérisés par la présence d’individus et de groupes ayant des engagements culturels et religieux différents de ceux de la culture et de la religion majoritaires. Notre étude constitue un exercice de reconstruction théorique original et comparatif de la réponse apportée à cette question par huit théories politiques dominantes se situant au sein de ces deux courants. En ce qui concerne le culturalisme libéral, la thèse examine les réponses apportées par la théorie du droit des minorités (Kymlicka), la théorie perfectionniste (Raz), la théorie nationaliste (Tamir) et la théorie neutraliste (Patten). Pour ce qui est du républicanisme néo-romain, la thèse examine la théorie de la liberté et du gouvernement (Pettit), la théorie délibérative (Maynor), la théorie critique (Laborde) et le patriotisme républicain (Viroli, Habermas et Laborde). Cette recherche se veut une contribution à la clarification et systématisation de ces théories, et une défense de l’idée selon laquelle le libéralisme et le républicanisme sont tous deux philosophiquement compatibles avec la prise en compte gouvernementale de la diversité culturelle et religieuse, notamment en raison de l’adaptation de leurs principes fondamentaux à la réalité pluriculturelle contemporaine.This dissertation examines the responses that liberal culturalism and neo-Roman republicanism provide to the question of what position the democratic state should adopt in contexts characterized by the presence of individuals and groups who have different cultural and religious commitments to those of the majority culture and religion. Our study consists of an original and comparative theoretical reconstruction of the answers given to this question by eight dominant political theories within these two currents. Concerning liberal culturalism, this dissertation examines the answers given by the liberal theory of minority rights (Kymlicka), the perfectionist theory (Raz), the nationalist theory (Tamir) and the neutralist theory (Patten). Regarding the neo-Roman republicanism, this dissertation examines the theory of freedom and government (Pettit), the deliberative theory (Maynor), the critical theory (Laborde) and the republican patriotism (Viroli, Habermas and Laborde). This research is intended to contribute to the clarification and systematization of these theories and defend the idea that liberalism and republicanism are both philosophically compatible with the government consideration of cultural and religious diversity, in particular because of the adaptation of their fundamental principles to the contemporary pluricultural reality
    corecore