Sinnott, R.O. and Chadwick, D.W. and Doherty, T. and Martin, C. and Stell, A. and Stewart, G. and Su, L. and Watt, J. (2008) Advanced Security for Virtual Organizations: The Pros and Cons of Centralized vs Decentralized Security Models. In: Proceedings of the 8th IEEE International Symposium on Cluster Computing and the Grid (CCGrid 08), May 19-22, 2008, Lyon, France.
Grids allow for collaborative e-Research to be undertaken, often across institutional and national boundaries. Typically this is through the establishment of virtual organizations (VOs) where policies on access and usage of resources across partner sites are defined and subsequently enforced. For many VOs, these agreements have been lightweight and erred on the side of flexibility with minimal constraints on the kinds of jobs a user is allowed to run or the amount of resources that can be consumed. For many new domains such as e-Health, such flexibility is simply not tenable. Instead, precise definitions of what jobs can be run, and what data can be accessed by who need to be defined and enforced by sites. The role based access control model (RBAC) provides a well researched paradigm for controlling access to large scale dynamic VOs. However, the standard RBAC model assumes a single domain with centralised role management. When RBAC is applied to VOs, it does not specify how or where roles should be defined or made known to the distributed resource sites (who are always deemed to be autonomous to make access control decisions). Two main possibilities exist based on either a centralized or decentralized approach to VO role management. We present the advantages and disadvantages of the centralized and decentralized role models and describe how we have implemented them in a range of security focused e-Research domains at the National e-Science Centre (NeSC) at the University of Glasgow.
|Item Type:||Conference or workshop item (Paper)|
|Subjects:||Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,|
|Divisions:||Faculties > Science Technology and Medical Studies > School of Computing > Security Group|
|Depositing User:||Mark Wheadon|
|Date Deposited:||29 Mar 2010 12:11|
|Last Modified:||06 Sep 2011 04:53|
|Resource URI:||http://kar.kent.ac.uk/id/eprint/24029 (The current URI for this page, for reference purposes)|
- Depositors only (login required):