| A grid is a system that integrate large-scale distributed resources by using open,unified,standard protocols to achieve resources sharing between different organizations and provide services for the autonomous domains which dynamically participate in virtual organization to work collaboratively. Scalable, distributed virtual organizations and dynamic, cross-domain resources sharing and collaboration in grid is a new challenge for the original system's security architecture and resources control. Grid security problem has not just involved in a single domain authentication and authorization, but in multiple heterogeneous domains mutual authentication and authorization issues.The autonomous domains will have been in use for authentication and authorization mechanisms and put in a lot of human and material resources. How can we achieve cross-domain authentication and authorization by integrate heterogeneous resources which in different security architectures with the least change to the current system is still a challenging and urgent task.To solve the problems of security mechanism integration,authentication, authorization in grid,we design a security architecture for cross-domain authentication and authorization under Combined Public Key Infrastructure which achieve heterogeneous domains participate in virtual organizations for resource sharing, and distributed interactive.Using Combined Public Key Infrastructure to accomplish cross-heterogeneous domains authentication and session key consultation mechanisms;Using role-based access control model which translate local role of autonomous domains to the global role of the virtual organization, to achieve cross-heterogeneous domains authorization control;also use WS-Security protocol to ensure the safety and integrity of grid communication. |
PDF Full Text Request