Access Control Model for Grid Virtual Organizations

The problems encountered in the scientific, industrial and engineering fields entail sophisticated processes across widely distributed communities. The Grid emerged as a platform that has a goal enabling coordinated resources sharing and problem resolving in dynamic multi-institutional Virtual Organizations (VO). Though the multi-institutional aspect is considered in the grid definition, there is no recipe that indicates how to fabricate a VO in such environment where mutual distrust is a constraint. Excluding a central management authority, the different partners should cooperate to put in place a multi-administrated environment. The role of each partner in the VO should be clear and unambiguous (permissions, interdictions, users and resources to manage...). Organizing a large scale environment is error prone where not well formalized models lead to unexpected security breaches. Within the access control models RBAC has proved to be flexible but is not adapted to model the multi-institutional aspect. In this context, we propose a formal access control model, OrBAC (Organization Based Access Control model), that encompass concepts required to express a security policy in complex distributed organizations. Its generality and formal foundation makes this model the best candidate to serve as a common framework for setting up Virtual Organizations.