TY - GEN
T1 - Dynamic, context-aware, least-privilege grid delegation
AU - Ahsant, Mehran
AU - Basney, James Alan
AU - Johnsson, Lennart
PY - 2007/12/1
Y1 - 2007/12/1
N2 - Performing delegation in large scale, dynamic and distributed environments with large numbers of shared resources is more challenging than inside local administrative domains. In dynamic environments like Grids, on one hand, delegating a restricted set of rights reduces exposure to attack but also limits the flexibility and dynamism of the application; on the other hand, delegating all rights provides maximum flexibility but increases exposure. This issue has not yet been adequately addressed by current Grid security mechanisms and is becoming a very challenging and crucial issue for future Grid development. Therefore, providing an effective delegation mechanism which meets the requirements of the least privilege principle is becoming an essential need. Furthermore, we are witnessing a phenomenal increase in the automation of organizational tasks and decision making, as well as the computerization of information related services, requiring automated delegation mechanisms. In order to meet these requirements we introduce an Active Delegation Framework which extends our previous work on on-demand delegation, making it context-aware. The framework provides a just-in-time, restricted and dynamic delegation mechanism for Grids. In this paper we describe the development of this framework and its implementation and integration with the Globus Toolkit.
AB - Performing delegation in large scale, dynamic and distributed environments with large numbers of shared resources is more challenging than inside local administrative domains. In dynamic environments like Grids, on one hand, delegating a restricted set of rights reduces exposure to attack but also limits the flexibility and dynamism of the application; on the other hand, delegating all rights provides maximum flexibility but increases exposure. This issue has not yet been adequately addressed by current Grid security mechanisms and is becoming a very challenging and crucial issue for future Grid development. Therefore, providing an effective delegation mechanism which meets the requirements of the least privilege principle is becoming an essential need. Furthermore, we are witnessing a phenomenal increase in the automation of organizational tasks and decision making, as well as the computerization of information related services, requiring automated delegation mechanisms. In order to meet these requirements we introduce an Active Delegation Framework which extends our previous work on on-demand delegation, making it context-aware. The framework provides a just-in-time, restricted and dynamic delegation mechanism for Grids. In this paper we describe the development of this framework and its implementation and integration with the Globus Toolkit.
UR - http://www.scopus.com/inward/record.url?scp=47249133315&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=47249133315&partnerID=8YFLogxK
U2 - 10.1109/GRID.2007.4354135
DO - 10.1109/GRID.2007.4354135
M3 - Conference contribution
AN - SCOPUS:47249133315
SN - 1424415608
SN - 9781424415601
T3 - Proceedings - IEEE/ACM International Workshop on Grid Computing
SP - 209
EP - 216
BT - Proceedings - 8th IEEE/ACM International Conference on Grid Computing, GRID 2007
T2 - 8th IEEE/ACM International Conference on Grid Computing, GRID 2007
Y2 - 19 September 2007 through 21 September 2007
ER -