A Coordination-Driven Authorization Framework for Space Containers

Collaborative applications usually involve multiple autonomous processes that have to coordinate themselves over the Internet in an efficient way. For such systems, shared tuple spaces provide a highly flexible coordination medium that enables the asynchronous exchange of messages and data and decouples the participants so that they do not need to know each other. However, if interactions are complex, security constraints are difficult to manage and to enforce. Unauthorized processes must be prevented from accessing protected data using fine-grained permissions that are specified by comprehensible policies. In this paper, we present an authorization model for an extensible space-based middleware that uses its own coordination mechanisms to specify fine-grained access control policies with simple yet expressive rules on function parameters, data content, and context information. It is shown how a modular architecture for an authorization framework that enforces these policies can be bootstrapped with the middleware itself, enabling simple management of policies. The integration of coordination and security mechanisms into a single concept allows for flexible and secure distributed collaboration, as shown by a use case based on an open reviewing platform.