Research Of Grid Authorization Based On SPKI

Grid, which is regarded as a novel network computing platform after World Wide Web, aims for providing a kind of infrastructure that allows users to share various resources including web pages. Research on grid security plays an important role in current or future research of grid and in which authorization is a hotspot. In order to improve flexibility and scalability of existing authorization system, a novel authorization system model is proposed. SPKI, instead of PKI/X.509 mechanism using in existing authorization systems, is adopted to reduce the system complexity and to improve the flexibility of authorization for Certification Authority (CA) which is used in the PKI mechanism is eliminated. Peer to peer trust model is used in the authorization system, and the trust relationship among entities in grid environment is assessed with trust degree. A fine-grained authorization system model with better scalability and flexibility is implemented in the dissertation. And the main contents of research on the authorization are described as following:(1) To analyze the existing authorization system and related technologies. Then to point out the limitations of current authorization systems and to summarize the issues to be solved in grid authorization system. To design the architecture of authorization system in grid environment.(2) To introduce the concept of"Grid Community"to divide grid entities into different grid communities according to the different areas which grid entities belong to and purpose of grid entities. To propose a peer to peer trust model in grid environment. And to establish the relationship of grid entities by trust degree.(3) To map the trust degree of grid users to authority with role, which is regarded as an intermediary. The granularity of authorization gets better, and scalability of system gets improved. To authorize to grid entities using SPKI certificate, which improves the flexibility for the character of delegation and reduces the system complexity for the elimination of CA using in PKI.(4) To implement the authorization system and to prove the feasibility of the system by experiments, the results indicate that the authorization system has both...