Title :
Access Control Policy Combinations for the Grid Using the Policy Machine
Author :
Hu, Vincent C. ; Ferraiolo, David F. ; Scarfone, Karen
Author_Institution :
Nat. Inst. of Stand. & Technol., Gaithersburg, MD
Abstract :
Many researchers have tackled the architecture and requirements aspects of grid security, concentrating on the authentication or authorization mediation instead of authorization techniques, especially the topic of policy combination. Policy combination is an essential requirement of grid, not only because of the required remote (or global) vs. local interaction between grid members, but also the dynamic scalability nature of handling the joining and leaving of grid membership. However, evolving from the general security requirements of grid, the independency of a grid member´s access control system is critical and needs to be maintained when the access decision is determined by the combination of global and local access control policies. The Policy Machine (PM) provides features which not only can meet the significant independency requirement but also have better performance, easier management, and more straightforward policy expression than most of the popular policy combination techniques for grid.
Keywords :
authorisation; grid computing; PM; access control policy; authentication mediation; authorization mediation; dynamic scalability; grid security; policy combination technique; policy machine; Access control; Authentication; Authorization; Computers; Grid computing; Mediation; NIST; National security; Resource management; Scalability;
Conference_Titel :
Cluster Computing and the Grid, 2007. CCGRID 2007. Seventh IEEE International Symposium on
Conference_Location :
Rio De Janeiro
Print_ISBN :
0-7695-2833-3
DOI :
10.1109/CCGRID.2007.15
