Research On Authorization Of Grid Security Systems Based On GSI

As people require more and more high performance computing and sharing of resources, traditional high performance computing pattern and computing share pattern can not fulfill the needs. People expect to gain the required computing and storing resources like obtaining electric power. Also they hope to find the required services not only from the local computers but also from the whole network. Traditional high computing pattern and resource sharing pattern can not satisfy the requirements. The development of technology and the appearance of new applications need new revolutionary computing pattern. Grid computing is such a new computing pattern to satisfy the requirements. Comparing with the traditional computing mode, Grid computing has many novel properties. Security is a vital factor to the success of grid computing, which relates to almost all the profiles of grid computing infrastructure and is complicated due to the property of dynamics.The thesis starts from the basic background knowledge and makes a conclusion of the characteristics and security requirements of Grid environment. Then we propose an available model of Grid security policy, and analyse the present security condition of Grid. The thesis introduces GSI, the grid security architecture of the Globus project which is the most famous project in Grid area. The thesis studies several fundamental and extended security technologies in GSI, analyzes Community Authority Service in detail, and introduces its concrete application process in Grid. A discussion is made upon the problems those techniques remain. Then the thesis introduces and analyzes several typical grid security authorization models such as CAS, VOMS, Akenti and PERMIS. According to these work, we can find out what problems are addressed in those model, how problems are settled and what problems are remained. According to study the design of general authorization model and the environment in VO, an authorization scheme which applies to VO is defined. At last, the paper discusses the authorization policy of CAS, and combined with current research situation, a model of authorization is put forward based on GSI. Lastly, the design of the model and direction of the research in future are given.This paper brings forward a kind of authorization model which suits for virtual organization through the research and analysis of grid authentication and authorization and based on virtual organization, CAS. This model has improved CAS server, and set up an OMS server which is responsible for member authorization within the virtual organization. The member within the virtual organization send the registration application by his own local part, then OMS will award the certification to user based on his local part and authorize the user based on the local access control policy, the limit of authority is embodied directly in the authorization. Thus, user can apply for resource and be authorized successfully without mapping the identity to the resource location.After every module being validated independently, the entire system is tested synthetically. The result indicated that the model function is satified the designed requirements.This article is successful to come up with one functional dvantage authorization model. This model has increased flexibility and expansibility of system and enhanced the efficiency of system.