Session Abstract

An Authorization framework for applications a.o. virtual Connections, Grid Computing, Distributed Network Access and credit card transactions.

We present a 5 level organization trust framework where each level provides authority to the lower level.

The upper two are Governance levels that establish "trust" and pass it to operatioal levels as "authority". The framework applies to Service Provider Groups (SPG) that consist of a number of members providing services to the group and an SPG Directorate. The SPG Directorate is responsible for group rules, policies and handles interaction with the users of SPG services.

The framework is applied to a number of different SPG Groups, including MasterCard credit card handling, EduRoam distributed network access, GLIF multi-segment global connections, and European Grid Initiative (EGI). Others may be added.

Group members and Directorate interact on lower levels via agents which carry out the policies of their owner as established in the Governance levels. To be part of the SPG members and their agents must abide by rules at all levels as defined by the SPG Directorate.

MasterCard is used as a very successful operational example of the way Governance both defines relationships between members and sets up operational requirements for the lower layers.


Chaired by Cees de Laat, University of Amsterdam, delaat@uva.nl