XPOLA – An Extensible Capability-based Authorization Infrastructure for Grids
نویسندگان
چکیده
There is great need for a secure, fine-grained, efficient, and user-friendly authorization infrastructure to protect the services in Grid community. Grid users and administrators still have to deal with authentication and authorization issues in the traditional supercomputer-centric fashion, especially with the host account maintenance and certificate management. This paper proposes a capability-based infrastructure that provides a fine-grained authorization solution to Web service deployments, and also manages to hide complex security issues from regular Grid users. Furthermore, it gives the resource providers and administrators the extensibility, flexibility and convenience to enforce their authorization policies at the resource with minimal efforts.
منابع مشابه
Authorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملSurvivable Grids: Resource Management through Dynamic Authorization Control
Grids are rapidly becoming part of our nation’s critical infrastructure. As the importance of grids in our everyday lives increases, so does the need to make grids survivable that is, to allow them to be easily reconfigured to support new priorities or changes in the underlying resource fabric. Few exposed mechanisms exist for such reconfiguration in today’s grid software. We propose the use of...
متن کاملA Distributed Kerberized Access Architecture for Real Time Grids
Authentication, authorization and encryption in large scale distributed Grids are usually based on a Public Key Infrastructure (PKI) with asymmetric encryption and X.509 – Proxy certificates for user single sign-on to resources. This approach, however, introduces processing overhead, that may be undesirable in near real time Grid applications (e.g. Grids used for time critical instrument monito...
متن کاملA Dynamic, Context-Aware Security Infrastructure
The rapid worldwide deployment of the Internet and Web is the enabler of a new generation of e-healthcare applications, but the provision of a security architecture that can ensure the privacy and security of sensitive healthcare data is still an open question. Current solutions to this problem (mostly built on static RBAC models) are application-dependent and do not address the intricate secur...
متن کاملRepresentation and Evaluation of Security Policies for Distributed System Services
We present a new model for authorization that integrates both local and distributed access control policies and that is extensible across applications and administrative domains. We introduce a general mechanism that is capable of implementing several security policies including role-based access control, Clark-Wilson, ACLs, capabilities, and lattice-based access controls. The Generic Authoriza...
متن کامل