Research And Improvement Of Grid Security Infrastructure Supporting OGSA

Grid is a global solution to address the requirements of more and more computing ability. Grid is different from traditional network. Computing resources and users are distributed in a grid is dynamic. A virtual trust relationship must be established and destroyed dynamically. The virtual trust relationship need to break through the location of geography, the means of share or cooperation, and constrains of using computational resources in each independent security mechanism. Grid computing system will help people to solve many problems that could not be solved previously. It is a new way, looser and more convenient.In contrast to traditional network environment, grid environments have a broader rang of security requirements. How to share resources safely in a dynamic, interdomain and distributed computing environment, and how to interoperate with, rather than replace and modify, those security mechanisms is a greater challenge for grid computing system, and is also the principal problem of the security environment platform for grid.Grid Security Infrastructure (GSI) is the implementation of existing grid security solution of OGSA in Globus Toolkit. Based on GSI and advanced information security technologies, this paper presents several opinions to improve and strengthen the safety, flexibility and practicability of grid security. In the aspects of protocols, trust model and security infrastructure, performance of grid security, the mechanism of authorization and the management of proxy certification are improved.1. In order to enhance performance of Mutual Authentication between two entities, certificates Caching is imported to expand Web Services Security protocol.2. Role-based multi-identities partial privilege delegation trusted model is introduced. Role-based authorization mapping can be solved in an interdoman computing environment. Identity-mapping in GSI is replaced by security operation-oriented delegation. Corresponding arithmetic of security operation-oriented delegation is put forward. (Role-based credential mapping and access control).3. A CredentialWallet service that allows users to obtain proxy credentials over...