A new architecture design for differentiated resource sharing on grid service

Abstract

Current Grid Security Infrastructure (GSI) using Single Sign On (SSO) mechanism based on Public Key Infrastructure (PKI) allows resource consumer to access resources securely and widely. There is no mechanism to access resource differentially in Grid environment currently. Furthermore, Open Grid Service Infrastructure (OGSI) in Global Grid Forum (GGF) extends use of Grid system or services up to business area using Web service technology. Therefore differential resource (or service) access from remote users is necessary operation to resource holders to share their resources securely. This paper presents a novel security approach on GSI to share resources differentially on the private policy using Security Assertion Markup Language (SAML) and extensible Access Control Markup Language (XACML) by adding scripts for resource broker (or controller). This scheme offers much flexible and effective mechanism on the recent Grid service environments. © Springer-Verlag 2004.