Abstract
Attribute-Based Access Control (ABAC) is a fine-grained and flexible authorization method. In this paper, considering the layered structure of Grid resources, an ABAC model named Grid_ABAC is presented, and the implementation architecture of Grid_ABAC basing on XACML is proposed. The paper also describes the method for integrating Grid_ABAC seamlessly into the authorization framework of the Globus Tloolkit. The test result shows that Grid_ABAC is efficient and provides a more flexible and open access control method for grid computing.
The work was supported by the Hi-Tech Research and Development Program of China under Grant No.2007AA010301, the Foundation of the State Key Laboratory of Software Development Environment under Grant No.SKLSDE-2009ZX-06, and the National Important Research Plan of Infrastructure Software under Grant No.2010ZX01042-002-001-00.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. International J. Supercomputer Applications 15(3), 200–222 (2001)
OASIS: eXtensible Access Control Markup Language (XACML) Version 2.0. (2003), http://www.oasis-open.org/committees/xacml
Barton, T., Basney, J., Freeman, T., Scavo, T., Siebenlist, F., Welch, V., Ananthakrishnan, R., Baker, B., Goode, M.: Keahey. K.: Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, Gridshib, and MyProxy. In: 5th Annual PKI R&D Workshop (2006)
Demchenko, Y., Gommans, L., de Laat, C.: Using SAML and XACML for complex resource provisioning in grid based applications. In: IEEE Workshop on Policies for Distributed Systems and Networks 2007, Bologna, Italy, pp. 183–187 (2007)
Shen, H.: A Semantic- and Attribute-Based Framework for Web Services Access Control. In: 2nd International Workshop on Intelligent Systems and Applications, ISA 2010 (2010)
Yuan, E., Tong, J.: Attribute based access control (ABAC) for Web services. In: The 3rd International Conference on Web Services, pp. 561–569. IEEE Computer Society, Orlando (2005)
Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A Flexible Attribute Based Access Control Method for Grid Computing. Journal of Grid Computing 7, 169–180 (2009)
GT 4.0: Security: Authorization Framework (2004), http://www.globus.org/toolkit/docs/4.0/security/authzframe
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lang, B., Li, H., Ni, W. (2010). Attribute-Based Access Control for Layered Grid Resources. In: Kim, Th., Vasilakos, T., Sakurai, K., Xiao, Y., Zhao, G., Ślęzak, D. (eds) Communication and Networking. FGCN 2010. Communications in Computer and Information Science, vol 120. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17604-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-17604-3_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17603-6
Online ISBN: 978-3-642-17604-3
eBook Packages: Computer ScienceComputer Science (R0)