The open archive for STFC research publications

Full Record Details

Persistent URL http://purl.org/net/epubs/work/33889
Record Status Checked
Record Id 33889
Title Multilayer Privilege Management for Dynamic Collaborative Scientific Communities
Abstract Rapid advancements in Grid Computing and the convergence of Grid and Web Services, and the development of infrastructures such as the Ecology GRID[ref] and NERC DataGrid[ref], bring about protocols and machine-processable message/document formats that will soon enable seamless and open application-application communication. This will bring about the prospect of ad hoc integration of systems across institutional boundaries to support collaborations that may last for a single transaction or evolve over many years. We will witness on-demand creation of dynamically-evolving, scalable Virtual Organisations (VO) spanning national and institutional borders, where the participating entities pool resources, capabilities and information to achieve common objectives. The data owners may want to apply varying conditions on access to their data, e.g. non-military personnel should only be given degraded versions of military sourced images, with different degradation filters applicable for different application domains. The data centres have to ensure the security and confidentiality of data and so has to control who can do what on their machines, e.g. who can carry out cross database correlations, or upload filters to be applied to images. The project, which is paying for the data access, wishes to control who is allowed to access the data and when. It needs to be able to define several authorization groups (e.g. corresponding to work packages) and specify what data is available to that group. The groups will have a specific lifetime, and individuals may join or leave the group during its lifetime, i.e. they are dynamic virtual organizations. The data centres need to take these different authorization policies and apply them for each of the actions and units of data being accessed. In this paper we outline a new project, DyCom, which seeks to combine the results of two European projects, Grasp and PERMIS, to provide an architecture to manage the complex privileges required in such scenarios. We will describe the mechanisms developed in these projects and show how they could be combined.
Organisation CCLRC , BITD , ESC , ESC-DMG
Keywords Enforcement , Grids , Trust , Privilege Management , Security , Datagrids , Policies , Authorisation , Biology , Role-based Access Control
Funding Information
Related Research Object(s):
Licence Information:
Language English (EN)
Type Details URI(s) Local file(s) Year
Paper In Conference Proceedings In UK Workshop on Grid Security Practice, Oxford, UK, 8-9 Jul 2004, (2004). GridSecurityPract…ltilayerSecurity.pdf 2004