Attribute Based Access Control for Grid Computing

Grid systems, which are composed of autonomous domains, are open and dynamic. In such systems, there are usually a large number of users, the users are changeable, and different domains have their own policies. The traditional access control models that are identity based are closed and inflexible. The Attribute Based Access Control (ABAC) model, which makes decisions relying on attributes of requestors, resources, and environment, is scalable and flexible and thus is more suitable for distributed, open systems. But no ABAC model meets the special authorization requirements of Grid computing. This paper presents an Attribute Based Multipolicy Access Control (ABMAC) model based on the concept of ABAC and the authorization requirements of Grid systems. Also described is an authorization framework that was implemented in the Globus Toolkit release 4 and supports ABMAC. This attribute-based authorization framework supports several different policies and integrates third-party attribute-based authorization systems. It shows great advantages in supporting Grid application access control, which not only demonstrates the effectiveness of ABMAC model but also provides an open architecture for Grid authorization systems.