Grid Security and SecPAL

Last week at the OGF meeting in DC - Blair Dillaway presented their incubation work around SecPAL - Papers and slide deck are available on the Microsoft Research SecPAL web site (see

Of specific interest, Blair's paper A Unified Approach to Trust, Delegation, and Authorization in Large-Scale Grids

The development of large-scale, decentralized distributed computing environments has highlighted the need for fine-grained control over trust relationships and delegated access rights. Existing approaches do not fully satisfy these needs. They typically lack precision and/or require an undesirable reliance on centralized administration to be effective. In addition, one finds multiple independent mechanisms, with disparate semantics, being used to manage trust, delegation and authorization. This makes it difficult to understand the effective security in large distributed systems and complicates their management.

The goal of the SecPAL project is to develop a language for expressing decentralized authorization policies, and to investigate language design and semantics, as well as related algorithms and analysis techniques. This project is a collaboration between the advanced technology incubation group of Microsoft’s Chief Research and Strategy Officer and Microsoft Research Cambridge.