Authorization for Metacomputing Applications
نویسندگان
چکیده
One of the most difficult problems to be solved by metacomputing systems is to ensure strong authentication and authorization. The problem is complicated since the hosts involved in a metacomputing environment often span multiple administrative domains, each with its own security policy. This paper presents a distributed authorization model used by our resource allocation system, the Prospero Resource Manager [8]. The main components of our design are Extended Access Control Lists, EACLs, and a General Authorization and Access API, GAA API. EACLs extend conventional ACLs to allow conditional restrictions on access rights. In the case of the Prospero Resource Manager, specific restrictions include limits on the computational resources to be consumed and on the characteristics of the applications to be executed by the system, such as name, version or endorser. The GAA API provides a general framework for applications to access the EACLs. We have built a prototype of the system.
منابع مشابه
Policy Engine: A Framework for Authorization, Accouting Policy Specification and Evaluation in Grids
We have developed a policy-based decision framework that provides authorization and cost-based accounting in the EZGrid system, a resource broker for metacomputing. Primarily, this work allows the administrators and the owners to exercise more control over their resources by dictating usage permissions and/or restrictions in a grid environment. This mechanism is independent of the applications ...
متن کاملINTERNET - DRAFT Tatyana Ryutov
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." To view the entire list of current Internet-Drafts, please check the "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow ...
متن کاملSecurity Policy Management in Federated Computing Environments
The default Java implementation for security policies based on policy files doesn’t comply with the specific needs of metacomputing environments. Managing a large number of policy files for all Java runtime systems in the metacomputing system doesn’t scale. This paper presents a federated approach for security policy management in Javabased metacomputing systems. Security policies are stored in...
متن کاملGroup-based Security in a Federated File System
The SILENUS federated file system was developed by the SORCER research group at Texas Tech University. The distributed file system with its dynamic nature does not require any configuration by the end users and system administrators. Managing security in a metacomputing system is a new challenge. It must be ensured that every user has a valid authentication and authorization to view, modify, an...
متن کاملSecure Space Computing with Exertions
Exertion-oriented space computing is a valuable advance in distributed and parallel computing seeing as it abstracts out several major problems in distributed computing, such as load balancing and mutual exclusion. The main problem with space computing is that of security due to the fact that exertion spaces are inherently public and ad hoc, thus making it difficult to implement secure groups. ...
متن کامل