Inter-Domain Policy Management and Access Control WITHIN a Grid Architecture

N. LaMonica, M. Kelkar, R. Baird, and R. Gamble (USA)


Grid, security, access control


Computational grids provide easy access to participating resources. Though access control requirements for grid architecture are clearly defined, it is difficult to implement a serverless architecture while retaining the distribution among grid components. This paper examines a prominent single server approach for inter-domain authentication and access control within the Globus Toolkit. Considering a large community of users and resources, use of a single server for inter domain authentication can be a bottleneck. If compromised, it can serve as a central point of attack. We introduce PoMaS (Policy Management Service), an inter-domain authentication model whose design remedies the aforementioned problems. PoMaS uses a grid service based approach, eliminating the single server to move toward a truly distributed architecture. Policy change management and access control are achieved through a publish/subscribe WS-notification, a Web service specification.

Important Links:

Go Back