Access Control Requirements for Grid Computing Environments
One question I hear a lot is "How does SecPAL compare with [InsertRandomSecurityTechnologyAcronymHere]?". Well the good news is that Marty Humphrey, Sang-Min Park, Jun Feng, Norm Beekwilder and Glenn Wasson from the Department of Computer Science at the University of Virginia have been studying just this question using real requirements from their grid network as the basis for this evaluation. The results of their study have been published in a paper called Fine Grained Access Control for GridFTP using SecPAL.
They have identified and categorized a number of requirements and then performed an in-depth analysis evaluating the extent to which SecPAL (and other security technologies) meet these requirements. They also consider six specific data access use-cases that have been problematic in today’s Grids: attribute-based access, role-based access, “role-deny” access, impersonation-based access, delegation-based access, and capability-based access and show actual SecPAL policies that they used to solve these use-cases.
One of the reasons why I think this paper is so important is that the UVa folks started their evaluation with a thorough understanding of their requirements - and documented them. So if you are in the process of evaluating a new access control solution (or perhaps building a custom access control solution) you will definitely gain by using the requirements in this paper as a starting point for your work.
All in all a really great paper - and the best news is that the paper has officially been accepted for Grid2007 - so if you are interested in hearing more hopefully you will be able to watch the presentation at Grid2007 in Austin Texas.
Comments
Anonymous
July 08, 2007
Will it work on open source systems e.g. Linux?Anonymous
July 09, 2007
We have released an XML specification for SecPAL which will allow interoperable implementations of SecPAL to be created - so the answer is yes. Take a look here (http://research.microsoft.com/projects/secpal/downloadSecPALSpecification.aspx) if you are interested. Dr Periorellis from the University of Newcastle Upon Tyne is currently developing a Java implementation of SecPAL - which would obviously work on Linux as well.Anonymous
November 27, 2007
This seems to be similar to our requirement. Like to have look on this. Kindly send the requirements along with this.Anonymous
November 29, 2007
I am not sure exactly what you mean by sending the requirements along. You can take a look at the UVa paper referenced about for their requirements. You can also take a look at the samples that are inside our .NET download to get a sense of some of the key usage scenarios we were working against... Would definitely be interested in hearing how SecPAL mapped to your requirements...Anonymous
October 17, 2009
i hope me ones your help my thesis about Access Control Requirements for Grid Computing Environments