In this paper, we present a scalable authorization service, based on the concept of fine-grained access control (FGAC), for large-scale Grid infrastructures that span multiple independent domains. FGAC enables participating resource owners to specify fine-grained policies concerning which user can access can their resources under which mode. We argue that such an authorization service must be integrated with the resource broker service to avoid scheduling requests onto resources which do not authorize the user request. For this reason, we develop a novel resource broker service that integrates access control with resource scheduling. In our system, both resource owners and users define their resource access and usage policies. The resource broker schedules a user request only within the set of resources whose policies match the user credentials (and vice-versa). Since this process of evaluating authorization policies of resources and user, in addition to checking the resource requirement, can be a potential bottleneck for a large scale Grid, we also analyze the problem of efficient evaluation of FGAC policies. In this context, we present a novel method for policy organization and compare its performance with other strategies. Preliminary results show that the proposed method can significantly enhance performance.
Efficent Integration of Fine-grained Access Control in Large-scale Grid Services / P. Mazzoleni, B. Crispo, S. Sivasubramanian, E. Bertino - In: 2005 IEEE International Conference on Service Computing : Orlando, Florida, 10-15 July 2005 / Carl K. Chang. - Los Alamitos : IEEE Computer Society, 2005. - ISBN 0769524087. - pp. 77-84 (( convegno IEEE International Conference on Service Computing tenutosi a Orlando, Florida, USA nel 2005 [10.1109/SCC.2005.49].
Efficent Integration of Fine-grained Access Control in Large-scale Grid Services
P. MazzoleniPrimo
;E. BertinoUltimo
2005
Abstract
In this paper, we present a scalable authorization service, based on the concept of fine-grained access control (FGAC), for large-scale Grid infrastructures that span multiple independent domains. FGAC enables participating resource owners to specify fine-grained policies concerning which user can access can their resources under which mode. We argue that such an authorization service must be integrated with the resource broker service to avoid scheduling requests onto resources which do not authorize the user request. For this reason, we develop a novel resource broker service that integrates access control with resource scheduling. In our system, both resource owners and users define their resource access and usage policies. The resource broker schedules a user request only within the set of resources whose policies match the user credentials (and vice-versa). Since this process of evaluating authorization policies of resources and user, in addition to checking the resource requirement, can be a potential bottleneck for a large scale Grid, we also analyze the problem of efficient evaluation of FGAC policies. In this context, we present a novel method for policy organization and compare its performance with other strategies. Preliminary results show that the proposed method can significantly enhance performance.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
