Authorization for Metacomputing Applications

13 years 8 months ago
Authorization for Metacomputing Applications
One of the most difficult problems to be solved by metacomputing systems is to ensure strong authentication and authorization. The problem is complicated since the hosts involved in a metacomputing environment often span multiple administrative domains, each with its own security policy. This paper presents a distributed authorization model used by our resource allocation system, the Prospero Resource Manager [8]. The main components of our design are Extended Access Control Lists, EACLs, and a General Authorization and Access API, GAA API. EACLs extend conventional ACLs to allow conditional restrictions on access rights. In the case of the Prospero Resource Manager, specific restrictions include limits on the computational resources to be consumed and on the characteristics of the applications to be executed by the system, such as name, version or endorser. The GAA API provides a general framework for applications to access the EACLs. We have built a prototype of the system.
G. Gheorghiu, Tatyana Ryutov, B. Clifford Neuman
Added 04 Aug 2010
Updated 04 Aug 2010
Type Conference
Year 1998
Where HPDC
Authors G. Gheorghiu, Tatyana Ryutov, B. Clifford Neuman
Comments (0)