An access control model for a grid environment employing security-as-a-service approach

Abstract

There is a continuous effort at addressing security challenges of large scale service oriented computing (SOC) infrastructures like grids. A lot of research efforts towards development of authentication and authorization models for grid systems have been made because existing grid security solutions do not satisfy some desirable access control requirements of distributed services; such as support for multiple security policies. However, most of these security models are domain and/or application specific. Domain/application-specific approach to providing security solution is a duplication of effort, which also increases the cost of developing and maintaining applications. This paper presents the design of an access control model for grid-based system that employs security as a service (SecaaS) approach. By SecaaS approach, each atomic access control function (such as authentication, authorization) will be provided as a reusable service that can be published and subscribed to by different grid entities. In this approach, each admin domain will no longer need to have its own domain-specific access control logic built into it. Whenever an access control service is required the domain administrator subscribes to this service from SecaaS. This approach has a number of benefits, including making changes to security policies dynamically on the fly.