Grid authorization management oriented to large-scale collaborative computing

Authors:
Changqin Huang;Zhiting Zhu;Xianqing Wang;Deren Chen
Affiliations:
ECNU-TCL Joint Workstation for Postdoctoral Research on Educational Technology, East China Normal University, Shanghai, P.R. China;ECNU-TCL Joint Workstation for Postdoctoral Research on Educational Technology, East China Normal University, Shanghai, P.R. China;Guangdong Institute of Technological Personnel, Zhuhai, P.R. China;College of Computer Science, Zhejiang University, Hangzhou, P.R. China
Venue:
CSCWD'04 Proceedings of the 8th international conference on Computer Supported Cooperative Work in Design I
Year:
2004

Citing 10
Cited 0

The Legion vision of a worldwide virtual computer

Communications of the ACM
A security architecture for computational grids

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Supporting Secure Ad-hoc User Collaboration in Grid Environments

GRID '02 Proceedings of the Third International Workshop on Grid Computing
Authorization and Attribute Certificates for Widely Distributed Access Control

WETICE '98 Proceedings of the 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
A Community Authorization Service for Group Collaboration

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A Logical Language for Expressing Authorizations

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
The PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments

GRID '03 Proceedings of the 4th International Workshop on Grid Computing
Workflow-based Authorization Service in Grid

GRID '03 Proceedings of the 4th International Workshop on Grid Computing
Dynamic Context-aware Access Control for Grid Applications

GRID '03 Proceedings of the 4th International Workshop on Grid Computing
The Anatomy of the Grid: Enabling Scalable Virtual Organizations

International Journal of High Performance Computing Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we propose Subtask-based Authorization Service (SAS) architecture to fully secure a type of application oriented to engineering and scientific computing. We minimize privileges for task by decomposing the parallel task and re-allotting the privileges required for each subtask. Community authorization module describes and applies community policies of resource permission and privilege for resource usage or task management. It separates proxy credentials from identity credentials. We adopt a relevant policy and task management delegation to describe rules for task management. The ultimate privileges are formed by the combination of relevant proxy credential, subtask-level privilege certificate and community policy for this user, as well as they conform to resource policy. To enforce the architecture, we extend the RSL specification and the proxy certificate, modify Globus's gatekeeper, jobmanager and the GASS library to allow authorization callouts, and evaluate the user's job management requests and job's resource request in the context of policies.