| As the application of the grid computing expands and extends, the security problem becomes the main concern of the paradigm. Authentication and authorization services are the foundation stone of the whole security scenario. The Grid Security Infrastructure (GSI) has been accepted as the primary authentication mechanism for the Grid, which defines single sign-on algorithms, protocols, cross-domain authentication protocols, and the temporary credentials called proxy credentials. Up to now, GSI has been widely used in a number of Grid applications.However, the authorization and access control challenges are not fully addressed by existing approaches. The most concerned challenges are: how to control and scale mass of dynamic users and resources, and how to provide the fine-grain access control policy to accommodate the dynamic features of the grid application. Currently, the specification and protocol of the authorization service is still on its improvement, and there are still limitations with the existing approaches. This paper is accomplished in such a condition that it might be helpful to the further research and application in this area.This paper first introduces the security requirement of the open grid service architecture, especially its access control, and then introduces the main kinds of the access control models and their implementation mechanism, analyzing the Role based access control in detail. Based on the previous discussion, and according to the requirement of the dynamic access control of the grid application, this paper gives the algebra definition of the context-constraint ware role based access control model. Finally, this paper discusses how to design and implement the context-constraint ware role based access control model in the grid environment, including the design and implementation of the static access control policy, static access control decision component, dynamic access control policy and the dynamic access control decision component. |
PDF Full Text Request