Abstract
Grid technology concerns the sharing of resources among a very large set of users. One of the main security issues of the Grid environment concerns the user authorization. As a matter of fact, Grid resource providers grant accesses to their resources to possibly unknown Grid users, but they want that these accesses are regulated by proper security policies.
This paper proposes a framework that integrates an advanced authorization system, the RTML one, in the Globus toolkit. For each Grid user that requests to access the Grid resource, the framework determines the proper set of rights to be paired to the user depending on the trust he previously collected interacting with other sites on the Grid, instead of simply considering his identity. This trust is represented by the set of credentials issued by other Grid sites that grant to the user some roles in these sites.
Work partially supported by EU-funded project Trust and Security for Next Generation Grids, GridTrust, IST-033817.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Chadwick, D.W., Otenko, A.: The permis x.509 role based privilege management infrastructure. In: Proceedings of the seventh ACM symposium on Access control models and technologies (SACMAT 2002), pp. 135–140. ACM Press, New York (2002)
Foster, I.: Globus toolkit version 4: Software for service-oriented systems. In: Jin, H., Reed, D., Jiang, W. (eds.) NPC 2005. LNCS, vol. 3779, pp. 2–13. Springer, Heidelberg (2005)
Foster, I., Kesselman, C., Pearlman, L., Tuecke, S., Welch, V.: A community authorization service for group collaboration. In: Proceedings of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), pp. 50–59. IEEE Computer Society Press, Los Alamitos (2002)
Keahey, K., Welch, V.: Fine-grain authorization for resource management in the grid environment. In: Parashar, M. (ed.) GRID 2002. LNCS, vol. 2536, pp. 199–206. Springer, Heidelberg (2002)
Li, N., Mitchell, J., Winsborough, W.H.: Beyond proof-of-compliance: Safety and availability analysis in trust management. In: IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, Los Alamitos (2003)
Li, N., Mitchell, J.C.: Datalog with constraints: A foundation for trust management languages. In: Dahl, V., Wadler, P. (eds.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proceedings of IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (2002)
Li, N., Tripunitara, M.V.: Security analysis in role-based access control. In: Proceedings of the ninth ACM Symposium on Access Control Models and Techniques (SACMAT 2004), ACM Press, New York (2004)
Li, N., Winsborough, W.H., Mitchell, J.C.: Distributed credential chain discovery in trust management. Journal of Computer Security 1, 35–86 (2003)
Pearlman, L., Kesselman, C., Welch, V., Foster, I., Tuecke, S.: The community authorization service: Status and future. In: Proceedings of Computing in High Energy and Nuclear Physics (CHEP 2003): ECONF, C0303241:TUBT003 (2003)
Globus authorization framework: Saml callout, http://www.globus.org/toolkit/docs/4.0/security/authzframe/
Stell, A.J., Sinnott, R.O., Watt, J.P.: Comparison of advanced authorisation infrastructures for grid computing. In: Proceedings of High Performance Computing System and Applications 2005, HPCS, pp. 195–201 (2005)
Thompson, M.R., Essiari, A., Keahey, K., Welch, V., Lang, S., Liu, B.: Fine-grained authorization for job and resource management using akenti and the globus toolkit. In: Proceedings of Computing in High Energy and Nuclear Physics (CHEP 2003) (2003)
Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based authorization policy in a pki environment. ACM Transactions on Information and System Security (TISSEC) 6(4), 566–588 (2003)
Winsborough, W.H., Li, N.: Safety in automated trust negotiation. In: IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Colombo, M., Martinelli, F., Mori, P., Vaccarelli, A. (2007). Extending the Globus Architecture with Role-Based Trust Management. In: Moreno Díaz, R., Pichler, F., Quesada Arencibia, A. (eds) Computer Aided Systems Theory – EUROCAST 2007. EUROCAST 2007. Lecture Notes in Computer Science, vol 4739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75867-9_57
Download citation
DOI: https://doi.org/10.1007/978-3-540-75867-9_57
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75866-2
Online ISBN: 978-3-540-75867-9
eBook Packages: Computer ScienceComputer Science (R0)