Premium
Coordinating access control in grid services
Author(s) -
Chadwick David W.,
Su Linying,
Laborde Romain
Publication year - 2007
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.1284
Subject(s) - access control , grid , computer science , stateless protocol , database , authorization , service (business) , resource (disambiguation) , computer security , security policy , database transaction , computer network , business , geometry , mathematics , marketing , network packet
We describe how to control the cumulative use of distributed grid resources by using coordination‐aware policy decision points (coordinated PDPs) and an SQL database to hold ‘coordination’ data. When access to a resource is granted, obligations in the security policy ensure that the coordination database is updated. The coordination database is a normal grid service providing distributed access to the coordinated PDPs. Access to the databases is secured by the grid security infrastructure (GSI) and its own PDP, so that only authorized users (the coordinated PDPs) can access it. A coordinated PDP is imbedded into the Globus Toolkitv4 authorization chain as a custom PDP so that any grid service can be protected by a security policy that provides a coordination capability. Each coordinated PDP uses the services of an uncoordinated PDP to make its access control decisions, so that any existing stateless PDP can be supplemented with a coordination capability. We provide performance results for the coordinated PDPs and compare these with two stateless PDPs. Virtually the entire performance penalty of using coordinated PDPs is accounted for by the heavy costs of using GSI to secure communications between the coordinated PDPs and the coordination database. Copyright © 2007 John Wiley & Sons, Ltd.