Information Technology Reference
In-Depth Information
2003; Open Grid Forum, 2006; Vivas, López, &
Montenegro, 2007) are presented below:
whose trust status is hard to determine.
Determining trust relations between partic-
ipant entities in the presence of delegation
is important, and delegation mechanisms
must rely upon stringent trust requirements.
•
Freshness
. Freshness is related to authen-
tication and authorization and is important
in many Grid applications. Validity of a
user's proof of authentication and authori-
zation is an issue when user rights are del-
egated and the duration of a job may span
several weeks.
•
Scalability
. A Grid must be easy to extend
and capable of progressive replacement in
mobile environments. Fault recovery and
dynamic optimization should be usually
possible, and degradation should happen
gracefully.
•
Trust
. Trust refers to the assured reliance
on someone or something. Since VOs can
span multiple security domains, trust re-
lationships between domains are of para-
mount importance. Sites in a Grid must be
able to enter into trust relationships with
Grid users, mobile users and maybe other
Grid sites as well. In a Grid environment
trust is usually established through ex-
change of credentials, either on a session
or a request basis.
•
Single sign-on
. A user should be able to
authenticate only once, whereupon he may
acquire, use and release resources without
further authentication in different domains
of the Grid. Users may want to initiate
computations running for long periods of
time without needing to remain logged on
all the time.
•
Delegation
. Privilege delegation for op-
erations executed by a proxy is a basic re-
quirement for Grid environments, among
other reasons in order to satisfy the single
sign-on requirement. Delegation of user
rights depends upon the security require-
ments of the application.
•
Authentication
. Authentication mecha-
nisms and policies are supposed to con-
stitute the basis on which local security
policies can be integrated within a VO.
Difficult issues with respect to authentica-
tion in Grids are scalability, trust across
different certification authorities, revoca-
tion, key management, and delegation.
•
Confidentiality.
. The nature of Grids forc-
es data to be stored in accessible online
databases. Confidential code may be re-
quested to execute on a remote host, and
confidential data may need to be used at
remote locations. Data may also need to be
replicated at multiple sites, and thus should
be stored in an encrypted form and remain
consistent throughout.
•
Integrity
. Many applications have strong
code or data integrity concerns. The trust
status of remote resources is important
when data arises from remote processing
as the accuracy of results can be trusted
only to the extent that the remote host gen-
erating the data is trusted.
•
Authorization and access control
.
Authorization refers to the ability to con-
trol the level of access that individuals or
entities have to a wireless network or re-
source and how much information they can
receive. In Grids local access mechanisms
should be applied whenever possible, and
the owner of a resource should be able to
enforce local user authorization.
•
Revocation
. Revocation is crucial for au-
thentication in case of a compromised key
and for authorization when a VO is ter-
minated or a user or mobile user proves
untrustworthy.
•
Distributed trust
. Trust is a complex theo-
retical issue. A Grid must be constructed
in a dynamic fashion from components
Search WWH ::
Custom Search