The PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments
نویسندگان
چکیده
Many grid usage scenarios depend on small, dynamic working groups for which the ability to establish transient collaboration with little or no intervention from resource administrators is a key requirement. The system developed, PRIMA, focuses on the issues of management and enforcement of fine-grained privileges. Dynamic account creation and leasing as well as expressive enforcement mechanisms facilitate highly dynamic authorization policies and least privilege access to resources. PRIMA mechanisms enable the use of finegrained access rights, reduce administrative costs to resource providers, enable ad hoc and dynamic collaboration scenarios, and can also be used to provide improved security service to long-lived grid communities while leveraging other work in the grid computing and security domains.
منابع مشابه
PRIMA - Privilege Management and Authorization in Grid Computing Environments
Computational grids and other heterogeneous, large-scale distributed systems require more powerful and more flexible authorization mechanisms to realize fine-grained access-control of resources. Computational grids are increasingly used for collaborative problem-solving and advanced science and engineering applications. Usage scenarios for advanced grids require support for small, dynamic worki...
متن کاملAn Authorization Architecture Oriented to Engineering and Scientific Computation in Grid Environments
Large-scale scientific and engineering computation is normally accomplished through the interaction of collaborating groups and diverse heterogeneous resources. Grid computing is emerging as an applicable paradigm, whilst, there is a critical challenge of authorization in the grid infrastructure. This paper proposes a Parallelized Subtask-level Authorization Service architecture (PSAS) based on...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملPolicy and Contract Management for Semantic Web Services
This paper summarizes our efforts to develop capabilities for policy and contract management for Semantic Web Services applications. KAoS services and tools allow for the specification, management, analyzes, disclosure and enforcement of policies represented in OWL. We discuss three current Semantic Web Services applications as examples of the kinds of roles that a policy management framework c...
متن کاملSupporting Secure Ad-hoc User Collaboration in Grid Environments
We envision that many usage scenarios involving computational grids will be based on small, dynamic working groups for which the ability to establish transient collaboration with little or no intervention from resource administrators is a key requirement. Current grid security mechanisms support individual users who are members of well-defined virtual organizations. Recent research seeks to pro...
متن کامل