A scalable authorization approach for the Globus grid system

Grid computing has received widespread attention in recent years as a significant new research field. To date, there has been only limited work on the problem of grid system authorization. In this paper, we address the authorization problem in grid system environments and propose a solution for authorization within Globus system. Our authorization approach is based on distributed authorization servers and extensions to Globus' Metacomputing Directory Service (MDS). The goal is to provide a scalable authorization approach that is able to meet the requirements of a dynamic grid environment.

[1]  Ian T. Foster,et al.  Globus: a Metacomputing Infrastructure Toolkit , 1997, Int. J. High Perform. Comput. Appl..

[2]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[3]  Von Welch,et al.  Fine-Grain Authorization for Resource Management in the Grid Environment , 2002, GRID.

[4]  Simon S. Lam,et al.  Designing a distributed authorization service , 1998, Proceedings. IEEE INFOCOM '98, the Conference on Computer Communications. Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies. Gateway to the 21st Century (Cat. No.98.

[5]  Geoffrey C. Fox,et al.  Computational grids , 2001, Comput. Sci. Eng..

[6]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[7]  John Viega,et al.  Network Security with OpenSSL , 2002 .

[8]  Ian T. Foster,et al.  Grid information services for distributed resource sharing , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[9]  Tim Howes,et al.  Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions , 1997, RFC.

[10]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[11]  Ian T. Foster,et al.  A National-Scale Authentication Infrastructur , 2000, Computer.

[12]  Tim Howes,et al.  The LDAP Application Program Interface , 1995, RFC.

[13]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[14]  B. Clifford Neuman,et al.  Proxy-based authorization and accounting for distributed systems , 1993, [1993] Proceedings. The 13th International Conference on Distributed Computing Systems.

[15]  Marty Humphrey,et al.  Security Implications of Typical Grid Computing Usage Scenarios , 2004, Cluster Computing.

[16]  Ian Foster,et al.  The Grid 2 - Blueprint for a New Computing Infrastructure, Second Edition , 1998, The Grid 2, 2nd Edition.

[17]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[18]  Tim Howes,et al.  Lightweight Directory Access Protocol , 1995, RFC.

[19]  Ian T. Foster,et al.  The Globus project: a status report , 1998, Proceedings Seventh Heterogeneous Computing Workshop (HCW'98).

[20]  Warren Smith,et al.  A directory service for configuring high-performance distributed computations , 1997, Proceedings. The Sixth IEEE International Symposium on High Performance Distributed Computing (Cat. No.97TB100183).

[21]  Warren Smith,et al.  A Resource Management Architecture for Metacomputing Systems , 1998, JSSPP.