Authorisation session management in on-demand resource provisioning in collaborative applications

Effective use of the resources in modern collaborative environment suggests their sharing between collaborating organisations and user groups and on-demand provisioning for the specific tasks and projects that may involve distributed resources and users from different administrative and security domains. The proposed in earlier authors´ work the general Complex Resource Provisioning (CRP) model provides a basis for developing the Authorisation (AuthZ) infrastructure for on-demand multidomain resource provisioning. This paper discusses such important issues as managing authorisation session and security context in multidomain CRP and security mechanisms used for this. The use of AuthZ tokens for AuthZ session management in multidomain network resource provisioning is considered as a particular case for the general CRP. It provides information about practical implementation of AuthZ session management functionality in the GAAA Toolkit library being developed in the framework of the Phosphorus project.