A Coordinated Negotiation Policy for Privileges in Grid Authorization Mechanism

The unilateral dynamic change of access policy between different domains in the grid computing platforms would incur global inconsistent privileges. To address the problem, this paper proposes a new component named coordinated negotiation policy and introduces it into authorization mechanism in the grid system. Based on the policy repository stating how to response to the change of privileges, the coordinated negotiation policy refers to several negotiation primitives to automatically negotiate and make the decision how to deal with negotiation proposals for the changed privileges and enforce the decision to renew global consistency of privileges between distributed domains. The test result of implementation shows that the coordinated negotiation policy shortens greatly the period of resolving the conflict or inconsistency of privileges, compared with the negotiation by manual work. As a result, it reduces grid jobs with inconsistent privileges, and avoids system wasting increasing overhead to deal with these meaningless grid jobs rejected ultimately because of inconsistent privileges, and improves system performance.