Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
Groupware: some issues and experiences
Communications of the ACM
A security architecture for computational grids
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Generalized certificate revocation
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Grapevine: an exercise in distributed computing
Communications of the ACM
Flexibility, Manageability, and Performance in a Grid Storage Appliance
HPDC '02 Proceedings of the 11th IEEE International Symposium on High Performance Distributed Computing
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Decentralized user authentication in a global file system
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
End-user controlled group formation and access rights management in a shared workspace system
CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
The Grid2003 Production Grid: Principles and Practice
HPDC '04 Proceedings of the 13th IEEE International Symposium on High Performance Distributed Computing
The Anatomy of the Grid: Enabling Scalable Virtual Organizations
International Journal of High Performance Computing Applications
Separating Abstractions from Resources in a Tactical Storage System
SC '05 Proceedings of the 2005 ACM/IEEE conference on Supercomputing
The Consequences of Decentralized Security in a Cooperative Storage System
SISW '05 Proceedings of the Third IEEE International Security in Storage Workshop
Shibboleth and community authorization services: enabling role-based grid access
ICA3PP'11 Proceedings of the 11th international conference on Algorithms and architectures for parallel processing - Volume Part II
Nephele: Scalable Access Control for Federated File Services
Journal of Grid Computing
| Hi-index | 0.00 |
Sharing data among collaborators in widely distributed systems remains a challenge due to limitations with existing methods for defining groups across administrative domain boundaries with various file systems. Groups in traditional systems are bound to particular domains or file systems using centralized storage locations either beyond ordinary users' ability to manage, inaccessible outside a closed system, or both. We present a method for users to independently create and manage groups on any networked workstation using global user identities and to control access to shared data and storage resources based on group membership, regardless of domain boundaries or underlying file systems. Decentralized groups are decoupled from shared user databases and centralized authentication servers through the use of a virtual user namespace. We describe how owners of shared resources can define security policies through the use of caching, and demonstrate how each caching policy represents tradeoffs between performance, scalability, and consistency.