Domain-based access control for distributed computing systems

Existing management tools and approaches are not appropriate to the size and multiple-organisation nature of very large distributed computing systems (VLDCSs). The paper describes a new approach to the management of VLDCSs based on a domain model. While this model is applicable to most aspects of management, the paper describes an implementation of the domain model for management of access rights. Domains provide a flexible means for specifying access control policies, which reflect organisational structure, and permit secure inter-organisation interactions, while giving users transparent access to resources. The paper describes an implementation of domains in terms of capability-based access rights, which meets the flexibility and security requirements for managing VLDCSs. Security is enhanced by physically preventing programs from directly accessing capabilities