Multilayer Privilege Management for Dynamic Collaborative Scientific Communities

Rapid advancements in Grid Computing and the convergence of Grid and Web Services, and the development of infrastructures such as the Ecology GRID (ECO 2003) and NERC DataGrid (Lawrence 2003), bring about protocols and machine-processable message/document formats that will soon enable seamless and open application-application communication. This will bring about the prospect of ad hoc integration of systems across institutional boundaries to support collaborations that may last for a single transaction or evolve over many years. We will witness on-demand creation of dynamically-evolving, scalable Virtual Organisations (VO) spanning national and institutional borders, where the participating entities pool resources, capabilities and information to achieve common objectives. As a motivating example, consider a hypothetical environmental project where there are several research groups in different institutes collaborating on a study of complex physical phenomenon which involves simulation and on-line analysis of existing atmospheric and oceanographic data (including satellite imagery). Being a large project, it would have several work packages involving different parts of the consortia and running for different periods of time within the project timeframe. The satellite images, plus significant quantities of metadata and derived data are held in data centres. This data, collected from many sources, may be commercially sensitive, and therefore access is to be restricted to only those individually with a project-relevant need. The data owners may want to apply varying conditions on access to their data, e.g. non-military personnel should only be given degraded versions of military sourced images, with different degradation filters applicable for different application domains. The data centres have to ensure the security and confidentiality of data and so has to control who can do what on their machines, e.g. who can carry out cross database correlations, or upload filters to be applied to images. The project, which is paying for the data access, wishes to control who is allowed to access the data and when. It needs to be able to define several authorization groups (e.g. corresponding to work packages) and specify what data is available to that group. The groups will have a specific lifetime, and individuals may join or leave the group during its lifetime, i.e. they are dynamic virtual organizations. The data centres need to take these different authorization policies and apply them for each of the actions and units of data being accessed. This raises several challenges: * Applying multiple authorization policies to control access to resources. * Enforcing fine-grained access control at the resource. * Managing dynamic virtual organizations comprising of resources and individuals authorized to use them. * Handling the multiple authorities necessitated by distributed VOs and resources. * Handling policy conflicts where individuals may play different roles, at the same time or at different times. In this paper we outline a new project, DyCom, which seeks to combine the results of two European projects, Grasp and PERMIS, to provide an architecture to manage the complex privileges required in such scenarios. We will describe the mechanisms developed in these projects and show how they could be combined.