Authorization Framework for Resource Sharing in Grid Environments

  • Jing Jin
  • Gail-Joon Ahn
Part of the Communications in Computer and Information Science book series (CCIS, volume 63)


Grid data sharing services provide a unified platform for dynamic discovery, access and sharing of distributed data in Grid environments. A common authorization system is needed to provide access control for both Grid data sharing services as well as the data resources that are being shared through these services, accommodating different security requirements from the service providers and the data providers. In this paper, we present a flexible policy-driven authorization system, called RamarsAuthZ, for secure data sharing services in Grid environments. RamarsAuthZ adopts a flexible role-based approach with trust-aware feature to advocate originator control and provide unified access control both at the service level and at the data level.


Access Control Grid Environment Grid Service Authorization Policy Identity Provider 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Globus: GT 4.0: Data Replication Service (DRS),
  2. 2.
    Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A Flexible Attribute Based Access Control Method for Grid Computing. Journal of Grid Computing 7(2) (2008)Google Scholar
  3. 3.
    Cantor, S.: Shibboleth Architecture: Protocols and Profiles (2005),
  4. 4.
    Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., Lorentey, L., Spataro, F.: VOMS, an authorization system for virtual organizations. In: Proc. of 1st EuropeanAcross Grids Conferences (2003) Google Scholar
  5. 5.
    Groeper, R., Grimm, C., Piger, S., Wiebelitz, J.: An Architecture for Authorization in Grids using Shibboleth and VOMS. In: Proc. of 33rd EUROMICRO Conference on Software Engineering and Advanced Applications, pp. 367–374 (2007)Google Scholar
  6. 6.
    Thompson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate-based Access Control for Widely Distributed Resources. In: Proc. of 8th Usenix Security Symposium (1999)Google Scholar
  7. 7.
    Chadwick, D.W., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. In: Proc.of the 7th ACM symposium on Access control models and technologies (SACMAT), pp. 135–140 (2002)Google Scholar
  8. 8.
    Jin, J., Ahn, G.J.: Role-based Access Management for Ad-hoc Collaborative Sharing. In: Proc. of 11th Symposium on Access Control Models and Technologies (SACMAT), pp. 200–209 (2006)Google Scholar
  9. 9.
    Jin, J., Ahn, G.J., Shehab, M., Hu, H.: Towards Trust-aware Access Management for Ad-hoc Collaborations. In: Proc. of 3rd IEEE International Conference on Collaborative Computing, pp. 41–48 (2007)Google Scholar
  10. 10.
    OASIS: XACML 2.0 core: extensible access control markup language (XACML) version 2.0 (2005),
  11. 11.
    Welch, V., Ananthakrishnan, R., Siebenlist, F., Chadwick, D., Meder, S., Pearlman, L.: Use of SAML for OGSI authorization (2005),
  12. 12.
    Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile (2004),
  13. 13.
    Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Pearlman, S.M.L., Tuecke, S.: Security for Grid Services. In: Proc. of 12th IEEE International Symposium on High Performance Distributed Computing, pp. 48–57 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jing Jin
    • 1
  • Gail-Joon Ahn
    • 2
  1. 1.University of North Carolina at Charlotte 
  2. 2.Arizona State University 

Personalised recommendations