A Stringent Authorization using Principles and Policy for Grid Computing

Abstract

Problem statement: The current information security mechanisms are insufficient to address authorization issues. The access control models today are mostly static and they are not wellsuited for the service-oriented environments where information access is dynamic in nature. Traditional authorization security techniques do not directly address these concerns as they primarily use access control lists for authorization, where the user whose name appears in the list is authorized to access the grid with some privileges associated with the names, which requires the resource provider to maintain authorization decisions for every user, which is very time consuming and non-scalable solution. Approach: Organizations pass user roles instead of name and date of birth but it used Public Key Infrastructure user certificate for authorization which is inflexible when it comes to open distributed systems (Grid) as it assumes a pre-agreed trust between Service Provider and the Service consumer. Usage of Java authentication and authorization services is performed in a pluggable fashion. It permits the application to remain independent from underlying authentication technology. Results: Our implementation provides service providers with full control over authentication and authorization of accounts that access services. Implementation of the proposed technique has proved to be less time consuming and more secured for authentication and authorization as compared to the traditional way of authenticating the users. The Policy Decision Service is envisioned to be used by many Web services protected by their PEPs. Conclusion: The model brings out many advantages over traditional identity. It is more flexible and more powerful and is suited for dynamic environments for Web services.