Access and Usage Control in Grid Systems

Abstract

This chapter describes some approaches that have been proposed for access and usage control in grid systems. The first part of the chapter addresses the security challenges in grid systems and describes the standard security infrastructure provided by the Globus Toolkit, the most used middleware to establish grids. Since the standard Globus autho- rization system provides very basic mechanisms that do not completely fulfill the requirements of this environment, a short overview of well-known access control frameworks that have been integrated in Globus is also given: Community Authorization Service (CAS), PERMIS, Akenti, Shibboleth, Vir- tual Organization Membership Service (VOMS), Cardea, and PRIMA. Then, the chapter describes the usage control model UCON, a novel model for authorization, along with an implementation of UCON in grid systems. The last part of the chapter describes the authorization model for grid compu- tational services designed by the GridTrust project. This authorization model is also based on UCON.