Group-based Security in a Federated File System

The SILENUS federated file system was developed by the SORCER research group at Texas Tech University. The distributed file system with its dynamic nature does not require any configuration by the end users and system administrators. Managing security in a metacomputing system is a new challenge. It must be ensured that every user has a valid authentication and authorization to view, modify, and create files in the system spread across many heterogeneous computers that to individual requestor, it looks and acts like a single computer. User management is a must be on a metacomputing system and scale well. Existing user credential databases must be incorporated as secure data services if present. In this paper a new scalable authentication model for federated file systems is described. In this model users authenticate to an authentication service for their identity and a group manager service for their collaborative groups membership. The group manager service provides an authorization token that can be used to invoke service-oriented functionality of the federated file system. The group manager service uses existing user credential databases as its back-end. There may be any number of group manager services on the network with different user administration domains to provide desirable scalability. Multiple replicated group manager services for the same user base can provide for increased reliability. A scaled-down replica called nomadic group manager service provides support for disconnected operations. It contains the necessary credentials for a single user to use the system while being disconnected from the main network.