Access Control Requirements for Grid Computing Environments

One question I hear a lot is "How does SecPAL compare with [InsertRandomSecurityTechnologyAcronymHere]?". Well the good news is that Marty Humphrey, Sang-Min Park, Jun Feng, Norm Beekwilder and Glenn Wasson from the Department of Computer Science at the University of Virginia have been studying just this question using real requirements from their grid network as the basis for this evaluation. The results of their study have been published in a paper called Fine Grained Access Control for GridFTP using SecPAL.

They have identified and categorized a number of requirements and then performed an in-depth analysis evaluating the extent to which SecPAL (and other security technologies) meet these requirements. They also consider six specific data access use-cases that have been problematic in today’s Grids: attribute-based access, role-based access, “role-deny” access, impersonation-based access, delegation-based access, and capability-based access and show actual SecPAL policies that they used to solve these use-cases.

One of the reasons why I think this paper is so important is that the UVa folks started their evaluation with a thorough understanding of their requirements - and documented them. So if you are in the process of evaluating a new access control solution (or perhaps building a custom access control solution) you will definitely gain by using the requirements in this paper as a starting point for your work.

All in all a really great paper - and the best news is that the paper has officially been accepted for Grid2007 - so if you are interested in hearing more hopefully you will be able to watch the presentation at Grid2007 in Austin Texas.