Skip to main content
SpringerLink
Log in

Grid Authorization Management Oriented to Large-Scale Collaborative Computing

  • Conference paper
Computer Supported Cooperative Work in Design I (CSCWD 2004)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3168))

  • 1016 Accesses

Abstract

In this paper, we propose Subtask-based Authorization Service (SAS) architecture to fully secure a type of application oriented to engineering and scientific computing. We minimize privileges for task by decomposing the parallel task and re-allotting the privileges required for each subtask. Community authorization module describes and applies community policies of resource permission and privilege for resource usage or task management. It separates proxy credentials from identity credentials. We adopt a relevant policy and task management delegation to describe rules for task management. The ultimate privileges are formed by the combination of relevant proxy credential, subtask-level privilege certificate and community policy for this user, as well as they conform to resource policy. To enforce the architecture, we extend the RSL specification and the proxy certificate, modify Globus’s gatekeeper, jobmanager and the GASS library to allow authorization callouts, and evaluate the user’s job management requests and job’s resource request in the context of policies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. International Journal of Supercomputer Applications 15(3), 200–222 (2001)

    Article  Google Scholar 

  2. Grimshaw, A., Wulf, W.A., et al.: The Legion Vision of a Worldwide Virtual Machine. Communications of the ACM 40(1), 39–45 (1997)

    Article  Google Scholar 

  3. Foster, I., Kesselman, C.: Globus: a metacomputing infrastructure toolkit. International Journal of Supercomputer Applications 11(2), 115–128 (1997)

    Article  Google Scholar 

  4. Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A Security Architecture for Computational Grids. In: Proc. of 5th ACM Conference on Computer and Communications Security Conference (1998)

    Google Scholar 

  5. Salzer, J.R., Schroeder, M.D.: The Protection of Information in Computer Systems. In: Proc. of the IEEE (1975)

    Google Scholar 

  6. Pearlman, L., Welch, V., et al.: A Community Authorization Service for Group Collaboration. In: Proc. of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks (2002)

    Google Scholar 

  7. Johnston, W., Mudumbai, S., et al.: Authorization and Attribute Certificates for Widely Distributed Access Control. In: Proc. of IEEE 7th International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (1998)

    Google Scholar 

  8. Alfieri, R., et al.: VOMS: an Authorization System for Virtual Organizations. In: Proc. of the 1st European Across Grids Conference (2003)

    Google Scholar 

  9. Lorch, M., Adams, D.B., et al.: The PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments. In: Proc. of the 4th International Workshop on Grid Computing (2003)

    Google Scholar 

  10. Zhang, G., Parashar, M.: Dynamic Context-aware Access Control for Grid Applications. In: Proc. of the 4th International Workshop on Grid Computing (2003)

    Google Scholar 

  11. Sandhu, R., Coyne, E., et al.: Role-based Access Control Models. In: Proc. of the 5th ACM Workshop on Role-Based Access Control (2000)

    Google Scholar 

  12. Kim, S., Kim, J., Hong, S., et al.: Workflow-based Authorization Service in Grid. In: Proc. of the 4th International Workshop on Grid Computing (2003)

    Google Scholar 

  13. Tuecke, S. et al.: Internet X. 509 Public Key Infrastructure Proxy Certificate Profile (2002)

    Google Scholar 

  14. Jajodia, S., Samarati, P., Subrahmanian, V.S.: A Logical Language for Expressing Authorizations. In: Proc. of IEEE Symposium on Security and Privacy (1997)

    Google Scholar 

  15. Ryutov, T., Neuman, C.: Access Control Framework for Distributed Applications, IETF Internet-draft draft-ietfcat-acc-cntrl-frmw-05.txt (2000)

    Google Scholar 

  16. Keahey, K., Welch, V., et al.: Fine-Grain Authorization Policies in the Grid: Design and Implementation. In: Proc. of 1st Intl. Workshop on Middleware for Grid Computing (2003)

    Google Scholar 

  17. Lorch, M., Kafura, D.: Supporting Secure Ad-hoc User Collaboration in Grid Envi-ronments. In: Proc. of the 3rd IEEE/ACM International Workshop on Grid Computing (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ECNU-TCL Joint Workstation for Postdoctoral Research on Educational Technology, East China Normal University, Shanghai, 200062, P.R. China

    Changqin Huang & Zhiting Zhu

  2. Guangdong Institute of Technological Personnel, Zhuhai, 519090, P.R. China

    Xianqing Wang

  3. College of Computer Science, Zhejiang University, Hangzhou, 310027, P.R. China

    Changqin Huang, Xianqing Wang & Deren Chen

Authors
  1. Changqin Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhiting Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xianqing Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Deren Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Integrated Manufacturing Technologies Institute, National Research Council of Canada, 800 Collip Circle, N6G 4X8, London, ON, Canada

    Weiming Shen

  2. Institute of Computing Technology, Chinese Academy of Sciences, 100080, Beijing, China

    Zongkai Lin

  3. CNRS, Heudiasyc, Centre de Recherches de Royallieu, University of Compiègne, 60205, Compiègne, France

    Jean-Paul A. Barthès

  4. College of Information Science and Technology, Xiamen University, 361005, Xiamen, China

    Tangqiu Li

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Huang, C., Zhu, Z., Wang, X., Chen, D. (2005). Grid Authorization Management Oriented to Large-Scale Collaborative Computing. In: Shen, W., Lin, Z., Barthès, JP.A., Li, T. (eds) Computer Supported Cooperative Work in Design I. CSCWD 2004. Lecture Notes in Computer Science, vol 3168. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11568421_6

Download citation

  • DOI: https://doi.org/10.1007/11568421_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29400-9

  • Online ISBN: 978-3-540-31740-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation