Extending XACML authorisation model to support policy obligations handling in distributed application

The paper summarises the recent developments and discussions in the Grid and networking security community to build interoperable and scalable authorisation infrastructure for distributed applications. The paper provides a short overview of the XACML policy format and policy obligations definition in the XACML specification. The paper analyses the basic use cases for obligations in computer Grids and on-demand network resource provisioning abstracted to the general complex resource provisioning (CRP) model to identify major requirements and functionalities in obligations handling that further is proposed as a Reference Model for Obligations Handling (OHRM). The paper refers to ongoing implementations of the policy obligations interoperability and handling framework in such project as EU funded projects EGEE and Phosphorus and the proposed XACML policy and attributes profiles for Grid and network resource provisioning.