Abstract
Because the distribution of services and resources in wide-area networks are heterogeneous, dynamic, and multi-domain, security is a critical concern in grid computing. This paper proposes a general authorization and access control architecture, RB-GACA, for grid computing. It is based on classical access control mechanism in distributed applications, Role Based Access Control (RBAC). We also use a kind of standard policy language as the presentation of access control policies to provide a general and standard support for different services and resources.
This paper is supported by National Science Foundation under grant 60125208 and 60273076.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. International Journal of Supercomputer Applications 15(3), 200–222 (2001)
Global Grid Form, http://www.ggf.org/
Overview of the Grid Security Infrastructure, http://www.globus.org/security/overview.html
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A Security Architecture for Computational Grids. In: Proceedings of the 5th ACM Conference on Computer and Communications Security, San Francisco, CA, USA, pp. 83–92 (1998)
Organization for the Advancement of Structured Information Standards (OASIS), eXtensible Access Control Markup Language (XACML) Specification Set v1.0, Oasis XACML TC (February 2003)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2) (February 1996)
Ferraiolo, D.F., Sandhu, R., et al.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)
Ferraiolo, D.F., Barkley, J.F., Kuhn, D.R.: A Role Based Access Control Model and Reference Implementation within a Corporate Intranet. ACM Transactions on Information and System Security 2(1), 34–64 (1999)
Chadwick, D., Otenko, A.: The Permis X.509 Role Based Privilege Management Infrastructure. In: Proceedings of SACMAT 2002 Conference, pp. 135–140. ACM Press, New York (2002)
Thompson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate-based Access Control for Widely Distributed Resources. In: Proceedings of the Eighth Usenix Security Symposium (August 1999)
Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A Community Authorization Service for Group Collaboration. In: Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks (2002)
Keahey, K., Welch, V., Lang, S., Liu, B., Meder, S.: Fine-Grain Authorization Policies in the GRID: Design and Implementation. In: Proceedings of the 1st International Workshop on Middleware for Grid Computing (2003)
Ramakrishnan, L., et al.: An Authorization Framework for a Grid Based Component Architecture. In: Proc. of the 3rd International Workshop on Grid Computing (2002)
Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization, IETF RFC (April 2002)
Sun’s XACML implementation, http://sunxacml.sourceforge.net/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Qiang, W., Jin, H., Shi, X., Zou, D., Zhang, H. (2004). RB-GACA: A RBAC Based Grid Access Control Architecture. In: Li, M., Sun, XH., Deng, Qn., Ni, J. (eds) Grid and Cooperative Computing. GCC 2003. Lecture Notes in Computer Science, vol 3032. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24679-4_91
Download citation
DOI: https://doi.org/10.1007/978-3-540-24679-4_91
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21988-0
Online ISBN: 978-3-540-24679-4
eBook Packages: Springer Book Archive