Dynamic Role Lease Authorization for a Grid/Cloud

A distributed computing system, such as a Grid or Cloud, could be a very dynamic environment and the user groups are most likely become highly diverse. A user group could be formed by the users of different networks, organizations, or administrative-domains with different hardware/software infrastructures and managerial policies. Handling requests from a wide range of users from different domains becomes a challenge when attempting to accommodate all the differences. Service providers find it impossible to track all users (the number of users could be potentially very large) in a Grid. Therefore, an access control mechanism that provides users appropriate access to the resources in a dynamic environment is required. RBAC models have been demonstrated to be an effective and efficient approach for an administrator to manage accesses in a computing system. Much has been done to adapt the RBAC concept to Grids and focus on the authorization and verification of the dynamic factors or contexts of a user, such as time, location, rank, etc. Some applications also allow administrators to change the policies during the authorization process. However, no implementation has been found, from the reviewed literature that handles the real-time and on-demand authorization in a distributed system. Therefore, this problem motivated us to develop a new dynamic authorization protocol, Dynamic Role Lease Authorization (DRLA) that is suitable for a dynamic distributed computing environment.