The Grid security mechanisms were designed under the assumption that users would submit their jobs directly to the Grid gatekeepers. However, many groups are starting to use pilot-based infrastructures, where users submit jobs to a centralized queue and are successively transferred to the Grid resources by the pilot infrastructure. While this approach greatly improves the user experience, it does introduce several security and policy issues, the more serious being the lack of system level protection between the users and the inability for Grid sites to apply fine grained authorization policies. One possible solution to the problem is provided by gLExec, a X.509 aware suexec derivative. By using gLExec, the pilot workflow becomes as secure as any traditional one.
ASJC Scopus subject areas
- Physics and Astronomy(all)