A Comprehensive Approach to Self-Restricted Delegation of Rights in Grids

The delegation of user rights is an essential functionality of GSI-based grid environments. This mechanism facilitates proxy certificates that are derived from the users´ end- entity certificates and enables grid services to act in the issuing user´s name. Currently, the implementation of the GSI forces users to delegate their complete scope of rights. Compromised proxy credentials can thus be used to perform every action users are entitled to. While this is no major issue for traditional Grid communities, it effectively prevents security sensitive communities like medical users from using the Grid. This paper presents a user-based approach to restrict the scope of rights that are delegated by the user. Thus, the risk imposed by compromised proxy credentials is significantly reduced. We define a policy extension for proxy certificates that contains fine-grained authorization policies expressed in XACML. These are used to limit delegated privileges for the access of storage and compute resources. The mechanisms shown in this paper enable users to restrict the delegated rights to the access of specific files on storage resources and to the execution of specific compute jobs. The respective policy enforcement takes place on the gLite IO-Service and the gLite computing element. Compatibility to the existing proxy certificate renewal mechanism is preserved by an extension to the MyProxy service. Finally, we present a GridSphere-based graphical front-end that simplifies the process of policy specification and submission of jobs to the grid.