Authorization Strategies for Grid Security: Attribute-Based Multipolicy Access Control (ABMAC) Model

Abstract

The emergence of Grid computing technology is being followed by three main security concerns: the independence of the domains where the resource providers (RPs) are situated; the need for supporting different security policies andthe non-necessity of the science gateways for user authentication. Great effort has been involved in order to solve these concerns through the appearance of different access control models, like Identity-Based Authorization Control (IBAC) and Role-Based Authorization Control (RBAC), which based their access request decisionson user identity, that is, on user authentication. However, these models proved asinflexible, non-scalable and unmanageable in a distributed environment.Accordingly, a novel approach, known as Atrribute-Based MultipolicyAuthorization Control (ABMAC) model has appeared. ABMAC, which is beingdescribed in this paper, uses the attributes of the Grid entities for user authorization,based on the concepts of service-oriented architecture (SOA) and the eXtensibleMarkup Language (XML) standards - eXtensible Access Control Markup Language(XACML) and Security Assertion Markup Language (SAML). Moreover, ABMAChas been partly implemented in the Globus Toolkit 4 (GT4) Authorization Framework, and consequently it is expected to be outstanding contributor to Gridsecurity.