Access control policy negotiation for remote hot-deployed grid services

Author

Xue, Wei ; Huai, Jinpeng ; Liu, Yunhao

Author_Institution

Dept. of Comput. Sci. & Technol., Beihang Univ., Beijing

fYear

2005

fDate

1-1 July 2005

Lastpage

386

Abstract

Service grid is a widely distributed environment, where service deployers and containers may be located in different autonomous domains. In such cases, different from traditional scenarios such as J2EE applications, the access control policy should not be determined by a deployer or a container only. Existing grid application deployment solutions do not address this unique requirement. In this paper, we propose a general approach, namely CROWN.ST, an access control policy negotiation solution for remote hot-deployment of grid services in CROWN (China R&D Environment Over Wide-area Network). Based on an access control policy language derived from non-recursive stratified Datalog with constraints, we design the negotiation procedure and three types of meta-policies. We implement a CROWN.ST prototype and evaluate our design by comprehensive experiments

Keywords

Java; authorisation; grid computing; CROWN.ST; China R&D Environment Over Wide-area Network; J2EE applications; access control policy negotiation; distributed environment; grid application deployment; grid computing; metapolicies; nonrecursive stratified Datalog; remote hot-deployed grid services; security; trust; Access control; Application software; Computer science; Containers; Data security; Grid computing; Network topology; Prototypes; Research and development; Simple object access protocol; CROWN; Grid Computing; Implementation; Policy Negotiation; Security; Trust;

fLanguage

English

Publisher

ieee

Conference_Titel

e-Science and Grid Computing, 2005. First International Conference on

Conference_Location

Melbourne, Vic.

Print_ISBN

0-7695-2448-6

Type

conf

DOI

10.1109/E-SCIENCE.2005.11

Filename

1572248