Research of Trusted Grid Role-based Delegation
|Course||Computer Software and Theory|
|Keywords||grid security trust role-based delegation fine-grained authorization|
Grid is a supporting platform for distributed and parallel computing, a collaborative environment for seamless, integrated computing, by its focus on dynamic, large-scale resource sharing over a wide geographic distribution. So it uses a difference way to authenticate identity information between grid entities, and the trust establishment among entities is more complicated and plays a more important role.In grid environment, every autonomous domain may have its own policy and may change its policy dynamically. Hence, the authorization mechanism of the grid system needs to support multiple security policies and needs to have the flexibility to support dynamic changes in security policies, which suggest new challenges to the grid platforms. Delegation is a promising approach to realize more flexible and scalable authorization management for grid systems. When a user has several roles or permissions, user’s single trust level can no longer satisfied grid’s open character and application-oriented requirement, so the trusted grid role-based delegation model (TGRD) is presented to realize the delegation of role and permission through the introduction of trust levels. By controlling delegate times and adding time and permission cardinality constraints on roles and permissions, we can prevent permission’s over expansion of delegator and delegatee. The fine-grain authorization delegation policy implements the part-role delegation. The instance of delegation process indicates the delegation negotiation with trust level is valid. Basing on the experiments of repast platform, we have simulated the grid role-based trusted authorization scenario that can support multiple delegation policies, and prove the feasibility of the model. To show the flexibility and scalability of the model, we introduce the concepts of our design and describe the structure and princples of the authorization model in chapter 5 that can be seamlessly integrated into the GT4.