Policy-based access control in peer-to-peer grid systems

Access control to resources is one of the most important requirements to be satisfied in grid systems that span over multiple administrative domains. Such a mechanism allows every institution taking part of a grid community to define and enforce policies for the use of their local resources by remote users. Despite the efforts of the research community to address this topic, existing approaches do not scale (e.g., in terms of communication overhead) for a large number of nodes (peers) providing resources, as these approaches rely on centralized servers to process access requests. Furthermore, they provide limited, large-grain policy specification functionality and are not committed to employing open, standardized formats to express policies. In this paper, we address these limitations by proposing PeGAC (peer-to-peer grid access control), a policy-based, distributed access control mechanism, which can be applied to P2P grid systems. In our proposal, policies are specified using the role-based access control model and coded using the extensible access control markup language. As a proof-of-concept we have integrated PeGAC into OurGrid, a middleware for the implementation of P2P grid systems. Preliminary results of experiments carried out at the resulting infrastructure show that our solution poses small communication and processing overhead, and can handle large policy repositories efficiently.