Policy Engine: A Framework for Authorization, Accouting Policy Specification and Evaluation in Grids
نویسندگان
چکیده
We have developed a policy-based decision framework that provides authorization and cost-based accounting in the EZGrid system, a resource broker for metacomputing. Primarily, this work allows the administrators and the owners to exercise more control over their resources by dictating usage permissions and/or restrictions in a grid environment. This mechanism is independent of the applications and the heterogeneous target domains. The EZGrid resource broker uses the policy engine to evaluate authorization policies of the remote site in the process of making resource choices. Globus Access to Secondary storage (GASS) is used as the back end for staging policy files, if needed, from the remote site to which authorization is required.
منابع مشابه
An Effective Modality Conflict Model for Identifying Applicable Policies During Policy Evaluation
Policy evaluation is a process to determine whether a request submitted by a user satisfies the access control policies defined by an organization. Modality conflict is one of the main issues in policy evaluation. Existing modality conflict detection approaches do not consider complex condition attributes such as spatial and temporal constraints. An effective authorization propagation rule is n...
متن کاملA Policy Validation Framework for Enterprise Authorization Specification
The validation of enterprise authorization specification for conformance to enterprise security policies requires an out-of-band framework in many situations since the enforcing access control mechanism does not provide this feature. In this paper we describe one such framework. The framework uses XML to encode the enterprise authorization specification, XML Schema to specify the underlying acc...
متن کاملA Matchmaking Approach for Distributed Policy Specification and Interpretation
In a distributed system, the separation of policy and mechanism is a vital principle. This separation can be achieved by devising a language for specifying policy and an engine for interpreting policy. In the Condor [52] high throughput distributed system the ClassAd language [57] is used to specify resource selection policy and matchmaking is used to interpret that policy. ClassAds and matchma...
متن کاملA Framework for the Modular Specification and Orchestration of Authorization Policies
Many frameworks for defining authorization policies fail to make a clear distinction between policy and state. We believe this distinction to be a fundamental requirement for the construction of scalable, distributed authorization services. In this paper, we introduce a formal framework for the definition of authorization policies, which we use to construct the policy authoring language APOL. T...
متن کاملDistributed Policy Specification and Interpretation with Classified Advertisements
In a distributed system, the principle of separation of policy and mechanism provides the flexibility to revise policies without altering mechanisms and vice versa. This separation can be achieved by devising a language for specifying policy and an engine for interpreting policy. In the Condor [14] high throughput distributed system the ClassAd language [16] is used to specify resource selectio...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2001