Attribute-Based Authorization for Grid Computing

The development of adequate security solutions and in particular of authorization techniques for grid computing systems is a challenging task. Traditional security trends tried to overcome this problem by using a low-level access control policy which maps a user´s identity to a local account. This approach is not scalable and is hard to manage in a distributed environment. Current trends started adopting approaches that pass attributes for authorization instead of passing user´s credentials. The problem still hasn´t been solved completely primarily because it uses PKI (public key infrastructure) user certificate for authorization, and the main problem with this approach is the inflexibility of the PKI infrastructure when it comes to open distributed systems (Grid). Additionally implementations of attribute-based authorization have largely adopted the XML based SAML (security assertion markup language) and XACML (extensible access control markup language) standards for authentication and authorization. The author investigates an approach that uses XACML for authorizations and utilizes a proxy for the attribute authority to allow for the distribution of attribute requests to numerous attribute authorities to whom the user is subscribed.