Research on Cross-realm Resource Access Control Based on Virtual Organizations

Grid computing is becoming a mainstream technology for large-scale distributed resource sharing and system integration (Foster and Kesselman, 2004). Virtual organization (VO) is a collection of people in the same administrative domain (Stell et al., 2005). Currently, if a user has to access to many resources from different VOs, he should belong to those VOs and have credential certificates in each of them. In this way users have to enter their user names and passwords when they need to initialize their proxies to access to different VOs and cause redundancy about VO accounts. Traditional mechanism always confused users and blocked the spread of grid computing. This paper describes the GEIP (Globus Enterprise Information Portal) deployed in our grid computing environment, based on Trust Matrix based on trust degree and RB&MAC(role-based and mapping access control) giving special emphasis on whether a user with only one credential certificate is allowed to travel through different VOs and how to do it. These technologies create a feasible framework for authentication and authorization in distributed grid applications. We discuss the main features in GEIP, including mapping mechanism between global and local accounts, management of credential certificate