Coordinating access control in grid services
نویسندگان
چکیده
We describe how to control the cumulative use of distributed grid resources by using coordination aware policy decision points (coordinated PDPs) and an SQL database to hold coordination data. When access to a resource is granted, obligations in the security policy ensure that the coordination database is updated. The coordination database is a normal grid service, thereby providing distributed access to the coordinated PDPs. Access to the databases is secured by the Grid Security Infrastructure (GSI) and its own PDP, so that only authorized users (the coordinated PDPs) can access it. A coordinated PDP is imbedded into the Globus Toolkitv4 authorization chain as a custom PDP so that any grid service can be protected by a security policy that provides a coordination capability. Each coordinated PDP uses the services of an uncoordinated PDP to make its access control decisions, so that any existing stateless PDP can be supplemented with a coordination capability. We provide performance results for the coordinated PDPs and compare these with two stateless PDPs. Virtually the entire performance penalty of using coordinated PDPs is accounted for by the heavy costs of using GSI to secure the communications between the coordinated PDPs and the coordination database.
منابع مشابه
Nimrod/G: An Architecture of a Resource Management and Scheduling System in a Global Computational Grid
The availability of powerful microprocessors and high-speed networks as commodity components has enabled high performance computing on distributed systems (wide-area cluster computing). In this environment, as the resources are usually distributed geographically at various levels (department, enterprise, or worldwide) there is a great challenge in integrating, coordinating and presenting them a...
متن کاملAuthorization Framework for Resource Sharing in Grid Environments
Grid data sharing services provide a unified platform for dynamic discovery, access and sharing of distributed data in Grid environments. A common authorization system is needed to provide access control for both Grid data sharing services as well as the data resources that are being shared through these services, accommodating different security requirements from the service providers and the ...
متن کاملAccess Control for Dynamic Virtual Organisations
Business process integration can be complex when it spans organisations. Existing grid technology aims to provide the capability to link processing between organisations, but does not presently provide manageable secure access to grid resources. Furthermore, current workflow tools connecting grid services lack security for collaborative workflows. The DAME (Distributed Aircraft Maintenance Envi...
متن کاملRB-GACA: A RBAC Based Grid Access Control Architecture
Because the distribution of services and resources in wide-area networks are heterogeneous, dynamic, and multi-domain, security is a critical concern in grid computing. This paper proposes a general authorization and access control architecture, RB-GACA, for grid computing. It is based on classical access control mechanism in distributed applications, Role Based Access Control (RBAC). We also u...
متن کاملTowards Novel And Efficient Security Architecture For Role- Based Access Control In Grid Computing
Recently, there arose a necessity to distribute computing applications frequently across grids. Ever more these applications depend on services like data transfer or data portal services and submission of jobs. Owing to the fact that the distribution of services and resources in wide-area networks are heterogeneous, dynamic, and multi-domain, security is of vital significance in grid computing....
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Concurrency and Computation: Practice and Experience
دوره 20 شماره
صفحات -
تاریخ انتشار 2008