Information Technology Reference
In-Depth Information
proposed, none of them fulfills in a satisfactory way the entire list of security re-
quirements.
This section provides an overview of existing security architectures, evaluating
each of them in terms of the security issues raised in section 2. More specifically, the
security mechanisms that each architecture implements are associated with the secu-
rity requirements that they fulfill, commenting on their effectiveness, maturity and
trust.
3.1
The Security Architecture for Open GRID Services
3.1.1 The Open GRID Services Architecture (OGSA)
The Open GRID Services Architecture (OGSA) is the result of research work aiming
to produce a GRID system architecture that integrates GRID and Web services, con-
cepts and technologies. An initial set of technical specifications has been proposed by
the Globus Project and IBM, and has been recently put forward at the Global GRID
Forum for discussion and refinement. At the same time, a strategy for addressing
security issues within the OGSA is being developed aiming to comprise the security
architecture for OGSA.
3.1.2 Proposed Security Architecture
The efforts described above led to an important conclusion regarding the proposed
security architecture for OGSA: Abstraction of security components in a single secu-
rity model is the only way to give organizations the necessary breathing space so as to
be able to utilize existing investments in security technologies while communicating
with others in a GRID environment.
Therefore, the basic principles that should underlie the GRID security model are [4]:
developing a security model to secure GRID services in general, and
developing security specific services built to provide the necessary functionality.
To fulfil the above basic principles, the GRID security model should take into account
several aspects of GRID services invocation. This is possible through the various
components of the GRID Security Model (Fig. 1).
3.2
GRID Security Infrastructure (GSI)
3.2.1 The Globus Toolkit
The Globus Toolkit was developed under the Globus Project, a research effort that
introduces fundamental technologies required for building GRIDs. This toolkit com-
prises a set of components that implement basic services for security, resource alloca-
tion, resource management etc. GRID Security Infrastructure or GSI is the name
given to Globus security services.
3.2.2 Proposed Security Architecture
I. Foster et al. proposed in 1998 a security architecture for Computational GRIDs [5].
This work constitutes the base of many GRID security architectures that were pro-
posed later on, one of them being the GSI. Next we present the basic features of the
GSI [8] [9].
Search WWH ::




Custom Search