A Fine-Grained and X.509-Based Access Control System for Globus

The rapid advancement of technologies such as Grid computing, peer-to-peer networking, Web Services to name a few, offer for companies and organizations an open and decentralized environment for dynamic resource sharing and integration. Globus toolkit emerged as the main resource sharing tool used in the Grid community. Access control and access rights management become one of the main bottleneck when using Globus because in such an environment there are potentially unbounded number of users and resource providers without a priori established trust relationships. Thus, Grid computational resources could be executed by unknown applications running on behalf of distrusted users and therefore the integrity of those resources must be guaranteed. To address this problem, the paper proposes an access control system that enhances the Globus toolkit with a number of features: (i) fine-grained behavioral control; (ii) application-level management of user's credentials for access control; (iii) full-fledged integration with X.509 certificate standard; (iv) access control feedback when users do not have enough permissions.