A privilege management system for a secure network

Modern research projects may involve dozens of geographically distributed collaborators who access distributed information, applications workstations and devices. We are developing an architecture and methods for distributed, decentralized privilege management and enforcement with regard to access to distributed mass storage data and information via the Internet. Our approach does not require modification of the supporting operating system yet provides a more flexible and finer grained privilege system. We use X-windows and World Wide Web based interfaces in secure environments which support authentication and authorization. Toward this end, we have established secure distributed computing environment (DCE) networks at two sites and implemented selected features of the system. In this paper we report the design and implementation details of the project and summarize the issues that need to be resolved in future. The initial work is part of a larger Distributed Informatics Computing and Collaborative Environments (DICCE) project associated with the US Department of Energy´s Energy Science Network (ESnet). The particular project is a joint effort between the Continuous Electron Beam Accelerator Facility (CEBAF), the Chinese Institute of High Energy Physics, and Old Dominion University