Computational grids can be considered as tiered objects; following a widespread terminology, cluster grids may be grouped into enterprise grids, that in turn may belong to global grids. Therefore, computing grid security has to be “tiered” too, with the ground level remaining the OS one. In this work, we introduce a sort of unified approach, an overall architectural framework for access control to grid resources, and one that adheres as much as possible to current security principles. Current grid security implementations are viewed in the light of this model, their main drawbacks are described, and we show how our proposal is able to avoid them. We believe that a main strategy could be to adopt both PKI and PMI infrastructures at the grid layer, ensuring that an adequate transfer of authentication and authorization will be made between the Virtual Organization and Resource Provider layers. This can be achieved by extending those features at the OS layer as system applications and services.
A framework model for grid security / Laccetti, Giuliano; G., Schmid. - In: FUTURE GENERATION COMPUTER SYSTEMS. - ISSN 0167-739X. - STAMPA. - 23:5(2007), pp. 702-713.
A framework model for grid security
LACCETTI, GIULIANO;
2007
Abstract
Computational grids can be considered as tiered objects; following a widespread terminology, cluster grids may be grouped into enterprise grids, that in turn may belong to global grids. Therefore, computing grid security has to be “tiered” too, with the ground level remaining the OS one. In this work, we introduce a sort of unified approach, an overall architectural framework for access control to grid resources, and one that adheres as much as possible to current security principles. Current grid security implementations are viewed in the light of this model, their main drawbacks are described, and we show how our proposal is able to avoid them. We believe that a main strategy could be to adopt both PKI and PMI infrastructures at the grid layer, ensuring that an adequate transfer of authentication and authorization will be made between the Virtual Organization and Resource Provider layers. This can be achieved by extending those features at the OS layer as system applications and services.| File | Dimensione | Formato | |
|---|---|---|---|
|
FrameworkModelGridSecurity-2007.pdf
non disponibili
Tipologia:
Documento in Post-print
Licenza:
Accesso privato/ristretto
Dimensione
702.85 kB
Formato
Adobe PDF
|
702.85 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
