XACML policy integration algorithms: not to be confused with XACML policy combination algorithms!
Proceedings of the eleventh ACM symposium on Access control models and technologies
XACML Policy Integration Algorithms
ACM Transactions on Information and System Security (TISSEC)
International Journal of Web and Grid Services
A trust degree based access control in grid environments
Information Sciences: an International Journal
| Hi-index | 0.00 |
In this paper, we present a scalable authorization service, based on the concept of fine-grained access control (FGAC), for large-scale Grid infrastructures that span multiple independent domains. FGAC enables participating resource owners to specify fine-grained policies concerning which user can access can their resources under which mode. We argue that such an authorization service must be integrated with the resource broker service to avoid scheduling requests onto resources which do not authorize the user request. For this reason, we develop a novel resource broker service that integrates access control with resource scheduling. In our system, both resource owners and users define their resource access and usage policies. The resource broker schedules a user request only within the set of resources whose policies match the user credentials (and vice-versa). Since this process of evaluating authorization policies of resources and user, in addition to checking the resource requirement, can be a potential bottleneck for a large scale Grid, we also analyze the problem of efficient evaluation of FGAC policies. In this context, we present a novel method for policy organization and compare its performance with other strategies. Preliminary results show that the proposed method can significantly enhance performance.