Delegation is a key facility in dynamic, distributed and collaborative environments like Grids and enables an effective use of a wide range of dynamic applications. Traditional delegation frameworks approach a top-down model of delegation for delegating rights from a superior to a subordinate in advance before a delegate starts off a delegated task. However, a top-down model of delegation cannot meet all the requirements of dynamic execution of distributed applications, as in such environments, required access rights for completing a task cannot easily be anticipated in advance. Delegating fewer rights than required for completing a task may cause the task execution to fail while delegating more rights than needed may threaten abuse by malicious parties. It is therefore reasonable and more robust to utilize a mechanism that allows determining and acquiring only required rights and credentials for completing a task, when they are needed. This is what we call an on-demand delegation framework, which realizes a bottom-up delegation model and provides a just-in-time acquisition of rights for a restricted and dynamic delegation. In this paper we elaborate the concept of bottom-up delegation and describe how an on-demand delegation framework can leverage workflows to meet the requirements of the least privileges principle. We also discuss the vital need for dynamic and adaptive scientific workflows to support an on-demand delegation framework. We present three different models of bottom-up delegation, which cover a wide range of usage scenarios in Grids and dynamic collaborative environments. Using a standard RBAC authorization model and a graph-based workflow model (DAG), we define and analyze a formal model of our proposed bottom-up delegation approach.

Adam, N., Atluri, V., and Huang, W. (1998), 'Modeling and analysis of workflows using petri nets,' J. Intell. Inf. Syst., 10(2), 131-158.

Ahsant, M., Basney, J., and Johnsson, L. (2007), 'Dynamic, context-aware, least privilege grid delegation.' in Proceedings of the 8th IEEE/ACM International Conference on Grid Computing (Grid2007).IEEE Press, Sept. 2007, pp. 209-216.

Ahsant, M., Basney, J., Mulmo, O., Lee, A., and Johnsson, L. (2006), 'Toward an on-demand restricted delegation mechanism for grids.' in Proceedings of the 7th IEEE/ACM International Conference on Grid Computing (Grid2006).IEEE Press, Sep. 2006, pp. 152-159.

Alfieri, R., Cecchini, R., Ciaschini, V., dell'Agnello, L., Frohner, A., Gianoli, A., Lorentey, K., and Spataro, F. (2003) 'VOMS, an authorization system for virtual organizations.' in European Across Grids Conference, 2003, pp. 33-40.

Atluri, V. (2001), 'Security for workflow systems,' Elsevier Science Ltd., Tech. Rep. 2, 2001.

Atluri, V. and Huang, W. (1996), 'An authorization model for workflows,' in ESORICS 96: Proceedings of the 4th European Symposium on Research in Computer Security. London, UK: Springer-Verlag, 1996, pp. 44-64.

Atluri, V. and Huang, W. (1997), 'An extended petri net model for supporting workflow in a multilevel secure environment,' in Proceedings of the tenth annual IFIP TC11/WG11.3 international conference on Database security: volume X : status and prospects.London, UK, UK: Chapman & Hall, Ltd., 1997, pp. 240-258.

Atluri, V. and Warner, J. (2005), 'Supporting conditional delegation in secure workflow management systems,' in SACMAT, 2005, pp. 49-58.

Barker, A. and van Hemert, J. (2007), 'Scientific workflow: A survey and research directions,' in PPAM, 2007, pp. 746-753.

Bertino, E., Ferrari, E., and Atluri, V. (1997), 'A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems,' in RBAC 97: Proceedings of the second ACM workshop on Role-based access control. New York, NY, USA: ACM, 1997, pp. 1-12.

Bertino, E., Ferrari, E., and Atluri, V. (1999), 'The specification and enforcement of authorization constraints in workflow management systems,' ACM Trans. Inf. Syst. Secur. 2(1), 65-104.

Chadwick, D. (2005), 'Delegation issuing service for x.509,' in Proceedings of the 4th Annual PKI R&D Workshop.USA: NIST Technical Publication, IR 7224, April 2005, pp. 66-77.

Chadwick, D., Otenko, A., and Ball, E. (2003), 'Role-based access control with x.509 attribute certificates,' IEEE Internet Computing, 7(2), 62-69.

Foster, I., Kesselman, C., Tsudik, G., and Tuecke, S. (1998), 'A security architecture for computational grids,' ACM Conference on Computer and Communications Security, 1998, pp. 83-92.

Fox, G. and Gannon, D. (2006), 'Special issue: Workflow in grid systems: Editorials,' Concurr. Comput. : Pract. Exper. 18(10), 1009-1019.

Housley, W. Ford, W., Polk, and Solo, D. (1999), 'Internet X.509 Public Key Infrastructure Certificate and CRL Profile.' RFC 2459.

Huber, V. (2001), 'Unicore: A grid computing environment for distributed and parallel computing.' in PaCT, 2001, pp. 258-265.

Kumar, A. (1999), 'A framework for handling delegation in workflow management systems,' in Workshop on Information Technology and Systems (WITS).

Laure, E., Fisher, S., Frohner, A., Grandi, C., Kunszt, P., Krenek, A., Mulmo, O., Pacini, F., Prelz, F., White, J., Barroso, M., Buncic, P., Hemmer, F., Di Meglio, A., and Edlund, A. (2006), 'Programming the grid with glite,' CERN, Geneva, Tech. Rep. EGEETR-2006-001.

Lawrence, P. (1997), Workflow handbook, New York, NY, USA: John Wiley & Sons, Inc.

Lorch, M., Adams, D., Kafura, D., Koneni, M., Rathi, A., and Shah, S. (2003), 'The prima system for privilege management, authorization and enforcement in grid environments,' in GRID '03: Proceedings of the Fourth International Workshop on Grid Computing.Washington, DC, USA: IEEE Computer Society, 2003, p. 109.

OASIS (2005), 'extensible access control markup language (xacml) version 2.0,' http://docs.oasis-open.org/xacml/2.0/, February 2005.

Pearlman, L., Welch, V., Foster, I., Kesselman, C., and Tuecke, S. (2002), 'A community authorization service for group collaboration,' in POLICY '02: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02).Washington, DC, USA: IEEE Computer Society, 2002, p. 50.

Rambadt, M. and Wieder, P. (2002), 'Unicore - globus interoperability: Getting the best of both worlds.' in HPDC, 2002, p. 422.

Sadiq, W. and Orlowska, M. (2000), 'Analyzing process models using graph reduction techniques,' Inf. Syst., 25(2), 117-134.

Sandhu, R., Ferraiolo, D., and Kuhn, R. (2000), 'The nist model for role-based access control: towards a unified standard,' in Proceedings of the fifth ACM workshop on Role-based access control (RBAC 00).New York, NY, USA: ACM, 2000, pp. 47-63.

Snelling, D., van den Berghe, S., and Qian, V. (2004), 'Explicit trust delegation: Security for dynamic grids.' FUJITSU Sci.Tech.Journal, 40 282-294.

Thompson, M., Essiari, A., and Mudumbai, S. (2003), 'Certificate-based authorization policy in a pki environment,' ACM Trans. Inf. Syst. Secur. 6(4), 566-588.

Venter, K. and Olivier, M. (2002), 'The delegation authorization model: A model for the dynamic delegation of authorization rights in a secure workflow management system,' in ISSA2002, Muldersdrift, South Africa, 2002, published electronically.

Wainer, J. and Barthelmess, P. (2003), 'Wrbac : A workflow security model incorporating controlled overriding of constraints,' International Journal of Cooperative Information Systems, 12, 2003.

Wainer, J., Kumar, A., and Barthelmess, P. (2007), 'Dw-rbac: A formal security model of delegation and revocation in workflow systems,' Inf. Syst. 32(3), 365-384.

Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Meder, S., Pearlman, L., Tuecke, S. (2003), 'Security for grid services.' in HPDC '03: Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing (HPDC'03).Washington, DC, USA: IEEE Computer Society, 2003, p. 48.