Research On Key Technologies Of Ontology Based Grid Authorization

The grid aims at achieving efficient resource sharing and task cooperation, but the grid authorization management meets new challenges in the distributed heterogeneous and dynamic grid environment. The authorization mechanism heterogeneity among grid member domains is an enormous obstacle in grid authorization management. The grid authorization problem, especially the cross-heterogeneous-domain authorization problem, is one of the problems which need badly to be resolved.Before solving the heterogeneous cross-domain authorization mechanism problem, the consistent semantic basis among domains has to be built. This article builds a universal authorization ontology utilizing the ontology technology. According to the attribute based authorization method and the service oriented architecture, this article analyzes deeply into how to build a grid authorization model which could shield the heterogeneity among different authorization mechanisms and an extensible and loose-coupled grid authorization service framework. The main research work shows as below.1. An authorization ontology AuthzOnt is built. Aiming at the semantically heterogeneous information resources and authorization elements such as the permission among different grid member domains, an ontology knowledge representation method for grid environment is proposed and the authorization ontology AuthzOnt is built which provides a consistent semantic basis for multi-domain interoperation and the automatic information processing.2. An ontology based grid authorization model AGAM is proposed. Aiming at the heterogeneous authorization mechanism among different grid member domains and utilizing the authorization ontology to depict knowledge in grid authorization such the subject attribute , object attribute and authorization elements, an ontology based grid authorization model is brought forward. The semantic definition of the model is given. The policy conflict type and corresponding conflict detection method in the model are analyzed. The heterogeneous authorization mechanisms among domains could be shielded by translating cross-domain authorization elements.3. An AGAM based grid authorization service framework is proposed. Aiming at the defects in features such as flexibility, loose-coupling, extensibility and reusability in the existing grid authorization management framework, The AGAM based grid authorization service framework is built and grid authorization key services are designed such as the authorization decision service, permission retrieval service, policy judgment service, stateful resource service and the element service. The invocation procedure is explored such as the access request processing, the policy judgment process and the permission retrieval process. The flexible grid authorization service framework suits better to the heterogeneous and dynamic grid environment.4. After researches deeply into ontology policy inference engine and universal policy inference engine, the ontology based double engine policy inference judgment mechanism is brought forward. According to thoughts such as the nearest distance first and the first applicable combination algorithm, a two level policies based resolution method is brought forward. Utilizing AGAM to build separately the RBAC simulation component AGAM_RBAC and the MAC simulation component AGAM_MAC, the bi-directional authorization inference judgment processes are explored in detail between the RBAC domain and the MAC domain.5. A grid authorization module is designed and implemented. The service oriented grid authorization module is loose-coupled, extensible and reusable.