A Heterogeneous Authorization Policy Management Mechanism for Grid Environments

In order to enable an open Grid to support resource sharing between multiple heterogeneous Virtual Organizations (VOs), an authorization policy management framework is required to support authorization for heterogeneous authorization systems. Traditional authorization policy management frameworks work well in authorization for a single VO where the participating hosts agree to follow a global authorization system. However they are not capable of policy management for multiple VOs which deploy heterogeneous authorization systems. To solve these problems in a loose-coupling way, we propose a dynamic, distributive and heterogeneous authorization policy management framework called Dynamic Policy Management Framework (DPMF). DPMF groups VOs of the same authorization systems to form a virtual cluster. Authorization policy management is divided into inter-cluster heterogeneous policy management, and intra-cluster homogeneous policy management. A Heterogeneous Authorization Policy Management mechanism is developed for DPMF to support inter-cluster heterogeneous policy management. In the mechanism, there is an Account Mapping mechanism for mapping accounts on heterogeneous access control models, and a Policy Mapping mechanism for mapping accounts on heterogeneous authorization policy models.