A Service Oriented Architecture for Authorization of Unknown Entities in a Grid Environment

In many cases, within distributed environments, authorization manifests itself in the form of existing trust relationships. Before pervasive computing can be successfully achieved, we may have to transcend the current notion of pre-established trust. This is not conducive to a low administrative overhead, nor is it realistic in a distributed environment, where processing may occur over a large number of nodes which may be distributed geographically across different domains. This paper presents a unique architecture which provides a distributed authorization capability that allows arbitrary entities to participate in the grid, while greatly improving scalability due to lower administrative overhead. Within our architecture, the access decision is made at the individual resource sites, based on the combination of local policy and a set of accumulated points carried in the requesting entity’s PKC. These points, which are derived from previous actions the entity has been involved with, will be used to represent an entity’s reputation. The system is called Augmented Authorization System Using Reputation (AASUR). Key-Words: Authorization, Security, Grid, Web Services, OGSA, Reputation, Evidence