Abstract
In this paper, we propose Subtask-based Authorization Service (SAS) architecture to fully secure a type of application oriented to engineering and scientific computing. We minimize privileges for task by decomposing the parallel task and re-allotting the privileges required for each subtask. Community authorization module describes and applies community policies of resource permission and privilege for resource usage or task management. It separates proxy credentials from identity credentials. We adopt a relevant policy and task management delegation to describe rules for task management. The ultimate privileges are formed by the combination of relevant proxy credential, subtask-level privilege certificate and community policy for this user, as well as they conform to resource policy. To enforce the architecture, we extend the RSL specification and the proxy certificate, modify Globus’s gatekeeper, jobmanager and the GASS library to allow authorization callouts, and evaluate the user’s job management requests and job’s resource request in the context of policies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. International Journal of Supercomputer Applications 15(3), 200–222 (2001)
Grimshaw, A., Wulf, W.A., et al.: The Legion Vision of a Worldwide Virtual Machine. Communications of the ACM 40(1), 39–45 (1997)
Foster, I., Kesselman, C.: Globus: a metacomputing infrastructure toolkit. International Journal of Supercomputer Applications 11(2), 115–128 (1997)
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A Security Architecture for Computational Grids. In: Proc. of 5th ACM Conference on Computer and Communications Security Conference (1998)
Salzer, J.R., Schroeder, M.D.: The Protection of Information in Computer Systems. In: Proc. of the IEEE (1975)
Pearlman, L., Welch, V., et al.: A Community Authorization Service for Group Collaboration. In: Proc. of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks (2002)
Johnston, W., Mudumbai, S., et al.: Authorization and Attribute Certificates for Widely Distributed Access Control. In: Proc. of IEEE 7th International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (1998)
Alfieri, R., et al.: VOMS: an Authorization System for Virtual Organizations. In: Proc. of the 1st European Across Grids Conference (2003)
Lorch, M., Adams, D.B., et al.: The PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments. In: Proc. of the 4th International Workshop on Grid Computing (2003)
Zhang, G., Parashar, M.: Dynamic Context-aware Access Control for Grid Applications. In: Proc. of the 4th International Workshop on Grid Computing (2003)
Sandhu, R., Coyne, E., et al.: Role-based Access Control Models. In: Proc. of the 5th ACM Workshop on Role-Based Access Control (2000)
Kim, S., Kim, J., Hong, S., et al.: Workflow-based Authorization Service in Grid. In: Proc. of the 4th International Workshop on Grid Computing (2003)
Tuecke, S. et al.: Internet X. 509 Public Key Infrastructure Proxy Certificate Profile (2002)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A Logical Language for Expressing Authorizations. In: Proc. of IEEE Symposium on Security and Privacy (1997)
Ryutov, T., Neuman, C.: Access Control Framework for Distributed Applications, IETF Internet-draft draft-ietfcat-acc-cntrl-frmw-05.txt (2000)
Keahey, K., Welch, V., et al.: Fine-Grain Authorization Policies in the Grid: Design and Implementation. In: Proc. of 1st Intl. Workshop on Middleware for Grid Computing (2003)
Lorch, M., Kafura, D.: Supporting Secure Ad-hoc User Collaboration in Grid Envi-ronments. In: Proc. of the 3rd IEEE/ACM International Workshop on Grid Computing (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Huang, C., Zhu, Z., Wang, X., Chen, D. (2005). Grid Authorization Management Oriented to Large-Scale Collaborative Computing. In: Shen, W., Lin, Z., Barthès, JP.A., Li, T. (eds) Computer Supported Cooperative Work in Design I. CSCWD 2004. Lecture Notes in Computer Science, vol 3168. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11568421_6
Download citation
DOI: https://doi.org/10.1007/11568421_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29400-9
Online ISBN: 978-3-540-31740-1
eBook Packages: Computer ScienceComputer Science (R0)