Supporting Decentralized, Security Focused Dynamic Virtual Organizations across the Grid

Abstract: Abstract

“…Authorization to access a specific resource is performed by using a locally managed Access Control List (ACL) of authorized users or gridmapfile. As the grid-mapfile only allows the mapping users' DNs to local user names at resource level, it lacks the ability to grant fine grained access control to the resources, thus compromising the security of the providers (Sinnott et al 2006a). Moreover, any access control relying only on the local listing names of authorized users is not scalable to the proportions needed for a VO that may grow dynamically (Sinnott et al 2006a, b).…”

“…Advance authorization services aiming at fine grained access control are based on users sharing similar roles (Demchenko et al 2006), for instance membership of the same project, all researchers at ECMWF, etc. As Sinnott et al 2006a state attribute basedauthorization is scalable to global proportions and when it is coupled to a policy based authorization system, allows fine-grained access control to local resources. One of the challenges of the SIMDAT architecture is, therefore, to embrace multi-organization federations, allowing scalable growth of the distributed infrastructure.…”

“…Moreover, to overcome the multiple security challenges in any grid environment (Chivers 2003;Welch et al 2003;Humphrey et al 2005;Sinnott et al 2006a) VMC incorporates a novel security model that protects users' privacy and data resources, but without hindering the basic grid principles. The VMC platform is the result of a joint effort by the meteorological centres of Germany (Deutscher Wetterdienst), France (Météo-France) and the United Kingdom (UK MetOffice) and two European organisations: ECMWF (European Centre for Medium-range Weather Forecasts) and EUMETSAT (European Organisation for the Exploitation of Meteorological Satellites).…”

Virtual organisation in the SIMDAT meteorological activity: a decentralised access control mechanism for distributed data

“…Authorization to access a specific resource is performed by using a locally managed Access Control List (ACL) of authorized users or gridmapfile. As the grid-mapfile only allows the mapping users' DNs to local user names at resource level, it lacks the ability to grant fine grained access control to the resources, thus compromising the security of the providers (Sinnott et al 2006a). Moreover, any access control relying only on the local listing names of authorized users is not scalable to the proportions needed for a VO that may grow dynamically (Sinnott et al 2006a, b).…”

“…Advance authorization services aiming at fine grained access control are based on users sharing similar roles (Demchenko et al 2006), for instance membership of the same project, all researchers at ECMWF, etc. As Sinnott et al 2006a state attribute basedauthorization is scalable to global proportions and when it is coupled to a policy based authorization system, allows fine-grained access control to local resources. One of the challenges of the SIMDAT architecture is, therefore, to embrace multi-organization federations, allowing scalable growth of the distributed infrastructure.…”

“…Moreover, to overcome the multiple security challenges in any grid environment (Chivers 2003;Welch et al 2003;Humphrey et al 2005;Sinnott et al 2006a) VMC incorporates a novel security model that protects users' privacy and data resources, but without hindering the basic grid principles. The VMC platform is the result of a joint effort by the meteorological centres of Germany (Deutscher Wetterdienst), France (Météo-France) and the United Kingdom (UK MetOffice) and two European organisations: ECMWF (European Centre for Medium-range Weather Forecasts) and EUMETSAT (European Organisation for the Exploitation of Meteorological Satellites).…”

Virtual organisation in the SIMDAT meteorological activity: a decentralised access control mechanism for distributed data

“…To our knowledge, DyVOSE (Sinnott, Chadwick, Koetsier, Otenko, Watt, & Nguyen, 2006) may be the only scheme that has similar functionalities with our novel framework. It is a delegation authorization model based on X.509 Attribute Certificates.…”

A Framework for Managing Access of Large-Scale Distributed Resources in a Collaborative Platform

“…This account registration, which is a simple authorization method, is commonly achieved with middleware such as Globus, through gridmap files which map the distinguished name (DN) of a certificate to a local user account. As discussed in [14][15][16], there are many limitations associated with this model of authorisation and access control. Furthermore, such a close association between identity management and authorisation can be a problem when the status of the user changes.…”

Integrating Security Solutions to Support nanoCMOS Electronics Research