Privacy Protection of Grid Service Requesters through Distributed Attribute Based Access Control Model

In Grid service environments, traditional identity based access control models are not effective, and access decisions need to be made based on service requesters’ attributes. All of previous attribute based access control (ABAC) models are lacking in protection of users’ privacy because in these models, access control decisions are made by providing the service provider with user attributes. This paper presents a Distributed Attribute Based Access Control (DABAC) model which protects users’ privacy in Grid service environments. The DABAC model is based on XACML access control framework. In DABAC model, access control is distributed between home organization (service requester’s organization) and destination organization (service provider’s organization). In this model, user attributes are examined in home organization for which policy certificates are provided. This prevents service provider from accessing users’ attributes. Therefore, users’ privacy is protected. Moreover, distributed nature of this model, makes it more efficient comparing with previous models.