Abstract

Grid technology provides an Internet-wide environment where a very large set of entities share their resources. The main feature of a grid environment is that resource providers belong to distinct administrative domains each with its own security policies and enforcement mechanisms. Even more, service providers and entities, exploiting the grid infrastructure, typically have incomplete information about each other mainly because each administrative domain manages its policies and resources with high degree of autonomy. Thus, controlling access to grid resources has become a major security issue and a grid infrastructure has to provide a proper set of mechanisms and tools that allow for a fine-grained and history-based access control management. This paper proposes a comprehensive access control and enforcement framework for grid computational resources. The framework is based on a behavioral model that defines fine-grained and history-based monitoring and on a trust management model that provides access decisions and proper access rights management. The framework provides dynamic and context-aware access control enforcement by generating temporal credentials at run time while user's applications are exploiting grid's resources