Title: RB-GACA: an RBAC based grid access control architecture

Authors: Hai Jin, Weizhong Qiang, Xuanhua Shi, Deqing Zou

Addresses: Cluster and Grid Computing Lab., Huazhong University of Science and Technology, Wuhan 430074, China. ' Cluster and Grid Computing Lab., Huazhong University of Science and Technology, Wuhan 430074, China. ' Cluster and Grid Computing Lab., Huazhong University of Science and Technology, Wuhan 430074, China. ' Cluster and Grid Computing Lab., Huazhong University of Science and Technology, Wuhan 430074, China

Abstract: Grid computing is emerging as a new format of wide area distributed computing. Because the distribution of services and resources in wide-area networks are heterogeneous, dynamic, and multi-domain, security is a critical concern in grid computing. Authorisation and access control, which are important aspects of security, have obtained more and more attention. This paper proposes a universal, scalable authorisation and access control architecture, RB-GACA, for grid computing. It is based on classical access control mechanism in distributed applications, Role Based Access Control (RBAC). The paper provides a flexible policy management approach for various grid environments. We also use a standard policy language for the presentation of access control policies to provide a general and standard support for different services and resources.

Keywords: grid computing; grid security; authorisation; role based access control; RBAC; VO; virtual organisations; policy language; XACML; policy management; PDP; PEP; wide area networks; distributed computing; policy decision point; policy enforcement point.

DOI: 10.1504/IJGUC.2005.007061

International Journal of Grid and Utility Computing, 2005 Vol.1 No.1, pp.61 - 70

Published online: 16 May 2005 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article