Abstract

Many grid usage scenarios depend on small, dynamic working groups for which the ability to establish transient collaboration with little or no intervention from resource administrators is a key requirement. The system developed, PRIMA, focuses on the issues of management and enforcement of fine-grained privileges. Dynamic account creation and leasing as well as expressive enforcement mechanisms facilitate highly dynamic authorization policies and least privilege access to resources. PRIMA mechanisms enable the use of finegrained access rights, reduce administrative costs to resource providers, enable ad hoc and dynamic collaboration scenarios, and can also be used to provide improved security service to long-lived grid communities while leveraging other work in the grid computing and security domains.