Semantic-Based Access Control for Grid Data Resources in Open Grid Services Architecture - Data Access and Integration (OGSA-DAI)

In this paper, we propose a semantic-based access control method for grid data resources in the open grid services architecture - data access and integration (OGSA-DAI). The OGSA-DAI is an efficient grid-enabled middleware implementation of interfaces and services to access and control data resources (such as files, relational databases and XML databases). However, the identity-based access control in the OGSA-DAI causes substantial overhead for the resource providers in virtual organizations (VOs), because the access control information of individual users has to be maintained by each resource provider. In addition, access control policies need to be specified and managed across multiple VOs. To solve these problems, we propose the use of semantic-based access control policies in data grids. We use the Web ontology language (OWL) standard to represent the ontology of an organization's resources and users. Recently, eXtensible Access Control Markup Language (XACML) has been increasingly used for the representation of access control policies in grid environments. We propose the use of semantics in conjunction with the XACML standard for better interoperability and reduced administration overhead.

[1]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[2]  Thomas R. Gruber,et al.  A translation approach to portable ontology specifications , 1993 .

[3]  Félix J. García Clemente,et al.  Description of Policies Enriched by Semantics for Security Management , 2008 .

[4]  Robert L. Grossman,et al.  Data integration in a bandwidth-rich world , 2003, CACM.

[5]  Marty Humphrey,et al.  Security for Grids , 2005, Proceedings of the IEEE.

[6]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[7]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[8]  Lionel Brunie,et al.  Semantic Access Control for Medical Applications in Grid Environments , 2003, Euro-Par.

[9]  María-del-Mar Gallardo,et al.  Semantic Access Control Model: A Formal Specification , 2005, ESORICS.

[10]  Jeffrey M. Bradshaw,et al.  Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder , 2003, SEMWEB.

[11]  Nora Kamprath,et al.  Supporting attribute-based access control with ontologies , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[12]  V. Welch,et al.  Attributes , Anonymity , and Access : Shibboleth and Globus Integration to Facilitate Grid Collaboration , 2005 .

[13]  Norman W. Paton,et al.  A new Architecture for OGSA-DAI , 2005 .

[14]  Peng Liu,et al.  Semantic access control for information interoperation , 2006, SACMAT '06.

[15]  Soon Myoung Chung,et al.  Role-based access control for grid database services using the community authorization service , 2006, IEEE Transactions on Dependable and Secure Computing.

[16]  Timothy W. Finin,et al.  A Policy Based Approach to Security for the Semantic Web , 2003, SEMWEB.

[17]  Jeffrey M. Bradshaw,et al.  KAoS: A Policy and Domain Services Framework for Grid Computing and Semantic Web Services , 2004, iTrust.

[18]  Jeremy J. Carroll,et al.  Resource description framework (rdf) concepts and abstract syntax , 2003 .

[19]  Jim Melton,et al.  Standards for databases on the grid , 2003, SGMD.

[20]  Jeffrey M. Bradshaw,et al.  KAoS policy management for semantic Web services , 2004, IEEE Intelligent Systems.

[21]  Deborah L. McGuinness,et al.  OWL Web ontology language overview , 2004 .

[22]  José M. Troya,et al.  Applying the semantic Web layers to access control , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[23]  Soon Myoung Chung,et al.  Managing Role-Based Access Control Policies for Grid Databases in OGSA-DAI Using CAS , 2007, Journal of Grid Computing.

[24]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[25]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[26]  Soon Myoung Chung,et al.  Role-based access control for a Grid system using OGSA-DAI and Shibboleth , 2010, The Journal of Supercomputing.

[27]  Thomas R. Gruber,et al.  A Translation Approach to Portable Ontologies , 1993 .

[28]  James A. Hendler,et al.  The Semantic Web" in Scientific American , 2001 .

[29]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[30]  Yarden Katz,et al.  Pellet: A practical OWL-DL reasoner , 2007, J. Web Semant..

[31]  Dan Brickley,et al.  Rdf vocabulary description language 1.0 : Rdf schema , 2004 .

[32]  Mark Baker,et al.  Emerging grid standards , 2005, Computer.

[33]  Ernesto Damiani,et al.  Extending Policy Languages to the Semantic Web , 2004, ICWE.

[34]  Maozhen Li,et al.  OBIRE: Ontology Based Bibliographic Information Retrieval in P2P Networks , 2010, Int. J. Distributed Syst. Technol..