The rise of Internet and Web technologies has enabled traditional scientic collaborations to turn out- ward and connect distributed participants across enterprises and research institutes. By removing the geographical distance barriers, scientists and engineers from dierent organizations are able to establish collaboration relationships and share information correspondingly. Under many circumstances, the es- tablishment of collaboration relationship is highly dynamic and may vary tremendously in purpose, scope, size, duration, and the number of involved participants. We refer this type of collaboration as ad-hoc collaboration. Ad-hoc collaboration allows individual participants who belong to many dierent organi- zations to spontaneously establish or join collaborations, and dynamically perform a variety of activities such as communication, information sharing, cooperation, problem solving, and negotiation. Compared to well-structured collaborations, the formulation of ad-hoc collaboration is essentially more transient. Interactions among collaborating users are not always predictable, and there is no pre-established global consensus of trustworthiness among all participating parties. Traditionally, collaborative information sharing heavily relies on client-server based approach or email systems. By recognizing the inherent deciencies such as a central point of failure and scalability issue, several alternatives have been proposed to support collaborative sharing of resources, including Grid computing and Peer-to-Peer (P2P) networking. While Grid computing suits for highly structured col- laborations with established infrastructures, P2P works well on heterogeneous network environments and promises to be more exible and reliable for smaller ad-hoc interactions. Given all the diverse contexts of ad-hoc collaboration, achieving eective access control is a critical requirement. The sharing of sensitive information is necessarily to be highly controlled by dening what is shared, who and under which con- dition is allowed to share. In particular, users without pre-existing relationships may try to collaborate and request the information. It is required for a data provider to be able to cope with a large number of strangers and guarantee the information be released only to trusted collaborators within the community. In addition, after information or digital objects have been delivered to a legitimate collaborator, the re-dissemination of such information needs to be well regulated as well. Also, resources are constructed with various types and domain policies, and each collaborating party may enforce security policies in their systems with the dierent degrees of assurance. Therefore, building systematic mechanisms for composite resource sharing and rigorous policy analysis is indeed an important challenge. As the identity alone does not imply privileges, it has made the traditional identity-based access control approaches ineective for authorizing strangers in ad-hoc collaboration. In order to overcome this drawback, many delegation and trust management approaches have been proposed to use credentials to delegate permissions and propagate administrative authorities. These approaches essentially belong to the category of attribute-based access control which is suitable for distributed access control dealing with strangers. However, in these approaches, the compliance of trust management policies directly implies the authorization decision. This simplication neglects the subjectiveness of the entity that is making the trust decision. And existing trust management systems seldom restrict the distribution of digital information with data owner's control. Our preliminary study clearly indicates that there is a need to design a comprehensive access management framework that is general and exible enough to cope with the special access control as well as trust management requirements associa
|Effective start/end date||2/1/09 → 1/31/10|
- US Department of Energy (DOE): $100,575.00
Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.