Supporting Secure Collaborative Computing in Grid Environments
In Grid Environments, the dynamic and multi-institutional nature introduces challenging securityissues. In this paper, we propose Subtask-basedAuthorization Service (SAS) architecture to fully securea type of application oriented to engineering andscientific computing. We minimize privileges for task bydecomposing the parallel task and re-allotting theprivileges required for each subtask. Communityauthorization module describes and applies communitypolicies of resource permission and privilege forresource usage or task management. It separates proxycredentials from identity credentials. We adopt arelevant policy and task management delegation todescribe rules for task management. The ultimateprivileges are formed by the combination of relevantproxy credential, subtask-level privilege certificate andcommunity policy for this user, as well as they conformto resource policy. To enforce the architecture, weextend the RSL specification and the proxy certificate,modify Globuss gatekeeper, jobmanager and the GASSlibrary to allow authorization callouts, and evaluate theusers job management requests and jobs resourcerequest in the context of policies.
Qinghuai Zeng Changqin Huang Deren Chen Hualiang Hu
Hunan University of Arts and Science,Changde,415000,P.R.China Hunan University of Arts and Science,Changde,415000,P.R.China;College of Computer Science,Zhejiang U College of Computer Science,Zhejiang University,Hangzhou,310027,P.R.China
国际会议
厦门
英文
413-418
2004-05-26(万方平台首次上网日期,不代表论文的发表时间)