Distributed Security Architectures

A NC Base Program Project

DOE scientific resources - instruments, data, and collaborations - that are accessed via networks require protection from unauthorized use. Since many collaboratory environments span several administrative domains, it is important to have uniform cross-domain standards and processes for setting and enforcing policy.

The goal of the Distributed Security Architectures project is to provide assured, policy-based access control for computer mediated resources that operate in a wide area network environment, specifically integrating the existing authorization mechanism with the core of emerging standards.

The objectives of this project are to extend the Akenti authorization system to provide

• Secure/flexible way to authorize access to distributed resources based on signed Policy, Use-condition and Attribute certificates
• Authorization server easily called from a resource gatekeeper
• Graphic interface to generate Policy, Use Condition, or Attribute certificates
• Proxy credential delegation capabilities
• Integration with GSI – Grid Security Infrastructure

For more info, see:

• Project website: Akenti Distributed Access Control
• 2-Page Summary, March 2004 (PDF)
• 2-Page Summary, March 2003 (PDF)
• 4-Slide Presentation, March 2003 (PowerPoint Presentation)
• Overview: Distributed Security Architectures (PDF, 349KB)
• Summary: Distributed Security Architectures (PDF, 23KB)