Access Control Requirements for Grid Computing Environments

One question I hear a lot is "How does SecPAL compare with [InsertRandomSecurityTechnologyAcronymHere]?". Well the good news is that Marty Humphrey, Sang-Min Park, Jun Feng, Norm Beekwilder and Glenn Wasson from the Department of Computer Science at the University of Virginia have been studying just this question using real requirements from their grid network as the basis for this evaluation. The results of their study have been published in a paper called Fine Grained Access Control for GridFTP using SecPAL.

They have identified and categorized a number of requirements and then performed an in-depth analysis evaluating the extent to which SecPAL (and other security technologies) meet these requirements. They also consider six specific data access use-cases that have been problematic in today’s Grids: attribute-based access, role-based access, “role-deny” access, impersonation-based access, delegation-based access, and capability-based access and show actual SecPAL policies that they used to solve these use-cases.

One of the reasons why I think this paper is so important is that the UVa folks started their evaluation with a thorough understanding of their requirements - and documented them. So if you are in the process of evaluating a new access control solution (or perhaps building a custom access control solution) you will definitely gain by using the requirements in this paper as a starting point for your work.

All in all a really great paper - and the best news is that the paper has officially been accepted for Grid2007 - so if you are interested in hearing more hopefully you will be able to watch the presentation at Grid2007 in Austin Texas.

Comments (5)

  1. A. Khan says:

    Will it work on open source systems e.g. Linux?

  2. Jason Hogg says:

    We have released an XML specification for SecPAL which will allow interoperable implementations of SecPAL to be created – so the answer is yes. Take a look here ( if you are interested. Dr Periorellis from the University of Newcastle Upon Tyne is currently developing a Java implementation of SecPAL – which would obviously work on Linux as well.

  3. venkatesh says:

    This seems to be similar to our requirement. Like to have look on this. Kindly send the requirements along with this.

  4. Jason Hogg says:

    I am not sure exactly what you mean by sending the requirements along. You can take a look at the UVa paper referenced about for their requirements. You can also take a look at the samples that are inside our .NET download to get a sense of some of the key usage scenarios we were working against… Would definitely be interested in hearing how SecPAL mapped to your requirements…

  5. fadwa says:

    i hope me ones your help my thesis about Access Control Requirements for Grid Computing Environments

Skip to main content