Computational grids can be considered as tiered objects; following a widespread terminology, cluster grids may be grouped into enterprise grids, that in turn may belong to global grids. Therefore, computing gridsecurity has to be "tiered" too, with the ground level remaining the OS one. In this work, we introduce a sort of unified approach, an overall architectural framework for access control to grid resources, and one that adheres as much as possible to current security principles. Current gridsecurity implementations are viewed in the light of this model, their main drawbacks are described, and we show how our proposal is able to avoid them. We believe that a main strategy could be to adopt both PKI and PMI infrastructures at the grid layer, ensuring that an adequate transfer of authentication and authorization will be made between the Virtual Organization and Resource Provider layers. This can be achieved by extending those features at the OS layer as system applications and services.
A framework model for grid security
Schmid Giovanni;
2007-01-01
Abstract
Computational grids can be considered as tiered objects; following a widespread terminology, cluster grids may be grouped into enterprise grids, that in turn may belong to global grids. Therefore, computing gridsecurity has to be "tiered" too, with the ground level remaining the OS one. In this work, we introduce a sort of unified approach, an overall architectural framework for access control to grid resources, and one that adheres as much as possible to current security principles. Current gridsecurity implementations are viewed in the light of this model, their main drawbacks are described, and we show how our proposal is able to avoid them. We believe that a main strategy could be to adopt both PKI and PMI infrastructures at the grid layer, ensuring that an adequate transfer of authentication and authorization will be made between the Virtual Organization and Resource Provider layers. This can be achieved by extending those features at the OS layer as system applications and services.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.