Research Of Grid Security Architecture

Along with the prevalence of the internet and the stronger function of the softwares and hardwares, People require computing application developing with high-powered performance, diversity and multi-function. Under this ground, the conception of grid computing appears.Grid computing uses plenty of resource,requires resource dynamically,communicates across different management domains.For the reasons mentioned above, traditional security technology cannot satisfy the security requirement of grid computing.Under this background, we compare the existing security groupware, discuss access control technology emphatically for the purpose of researching the grid's security architecture penetratingly. Combining Role-based Access Control(RBAC) model, We develop middle-ware of Privilege Management Infrastructure(PMl), propose a RBAC model in the grid Architecture and implement Single-Sign On (SSO) by Security Assertion Markup Language(SAML).This paper is organized into six sections. The first section is a summary of grid computing.The second section introduces two kinds of grid architecture that include the five-tiers sandglass configuration and the Open Grid Services Architecture(OGSA), and analyzes simply the characteristics of them. The third section reserches the security mechanism of grid computing ,bring forward the most important challenges which grid computing must resolve, illustrates the security requirements, as well as analyzes the security groupware of Globus Toolkit 3.0.Grid Security Infrastructure(GSI) that is a critical apart in the Globus project is expatiated in the fourth section. Additionally,we propose a grid security scheme based on GSI after compare the traditional distributed security technology.In this scheme we specify the security policies design details , realization and the implement of Globus API . RBAC model is introduced in the fifth section. At the same time, we come up with a PMI, illustrating attribute certificate mechanism. We emphasize the organization of the policies management system and functions of every module in it .Implementing this system, we develop middle-ware of PMI by security cookies and attribute certificate, in order to achieve role-based access control scheme on various web servers. The sixth section is the most matter in the paper. At first, we put forward a RBAC model in the context of grid. Secondly, we describe the design goals, execution principle and specification organization of SAML . Based on SAML, we design a SSO scheme for achieving authentication/authorization by roles management.