| Grid security is a rising hot area in Grid research these years. Work around this topic is focused on researching a unified approach within multiple administrative organizations enabled different security policies where subjects may dynamics sign on or off. This paper studies a unified Authentication and Authorization mechanism to solve a meaningful problem that invocation between services in different security mechanisms can be enforced. Firstly, this paper introduces motivation and background of the study including origin and status of Grid, highlighting the Globus project which has most influence. Secondly, analyzes security of Grid based on the Open Grid Services Architecture (OGSA) including not only requirements of OGSA and security model of Grid, but also Grid Security Infrastructure (GSI) and its existing shortage. As core of Grid Security, authentication and authorization play an important role. The paper summarizes the demands and component features of authentication in Grid, especially introduces the process of X.509 and Kerberos identity Authentication mechanisms. It presents a new identity mapping mechanism which can federate different Authentication mechanisms in terms of Horn digital signation. The paper also describes concepts of Authorization, analyzes the architecture of authorization with its components, and introduces Community Authorization Service (CAS) with an improvement of it in detail. Through the GT4 authorization architecture and module interfaces, explain ways to implement custom authorization scenarios. At last, with enough analysis of practibility this paper introduces a new security framework that unifies both features, authentication and authorization to improve service performance without compromising security. Also give a conclusion and prospect of the authentication and authorization in Gird. |
PDF Full Text Request