| As the "Grid" becomes closer and closer to fruition, not as a static entity, but as a dynamic global solution, certain issues must be addressed. These issues include, but are not limited to, virtualization, discovery, accounting and fault tolerance [Kesselman2002]. Many of such issues are being addressed with the advent of OGSA/OGSI and related service-based changes, which are being applied to grid-based computing [Kesselman2002]. Of course, these changes also include security, but not from the point of view of unknown entities. Before we can successfully achieve pervasive computing, we must leave behind, or at least augment, the current notion of pre-established trust [Rivington2004]. This requires too much administrative overhead, and is not realistic in a distributed environment where processing may occur across thousands to millions of independently administered nodes [Kirschner2004]. Therefore, the purpose of this paper is to present a new architecture for distributed authorization which will surpass current schemes in scalability, due to a lower administrative overhead, while also supporting the notion of arbitrary entities. |
