Metacomputing [8,9] provides the abstraction of a single system for a collection of geographically dispersed computing and communication resources (e.g. supercomputers and high-speed networks). The user of the system is presented with a consistent and familiar interface that hides the geographical scale, the complexity, and the system heterogeneity.
A metacomputing system will often cross administrative domains and involve many computing nodes. Such systems have unique requirements for security which are difficult to satisfy because of the diversity of administration and the heterogeneity of the resources involved. This difficulty stems from the variety of representations of access control policies across applications and administrative domains.
This paper describes the integration of authentication and authorization mechanisms with the Prospero Resource Manager (PRM [1]), a scalable resource allocation system that manages processing resources in metacomputing environments. PRM uses Kerberos [3] to achieve strong authentication and uses a new distributed authorization model described in this paper. Because the system must support heterogeneity in the security services supported for authentication of principals (e.g. Kerberos, DCE, SSL), we designed our method of integration to be extensible and support a variety of security services in addition to Kerberos. Further, integration of security is simplified because the acquisition of authentication and authorization credentials is handled by the transport protocol, relieving application programmers from the need to exchange credentials within the application protocol.
Our framework consists to two components, a policy language and the Generic Authorization and Access-Control API.
The language allows us to represent existing access control models (e.g. ACL, capability, lattice-based access controls) in a uniform and consistent manner. Authorization restrictions allow one to define what operations are allowed, and under what conditions (e.g., user identity, group membership, time of day, or security level) particular rules apply. These restrictions may implement application specific policies.
For our integration with PRM, the restrictions include strength of authentication, limits on the physical resources managed by the system (e.g. CPU load, memory usage) and characteristics of applications that may run on a particular processor (e.g. name, version, endorser).
A common access control API facilitates the integration of authentication and authorization with applications. This API allows applications to request the authorization policy information for particular resource and to evaluate this policy against credentials carried in the security context for the current connections. PRM invokes GAA API functions to determine if a requested operation or set of operations was authorized or if additional checks are necessary.
Ease of use and configurability are important issues to be considered for any resource management system. For this reason, we developed a scalable mechanism based on the Prospero Directory Service to facilitate the management of the policies.
The paper is organized as follows. Section 2 describes the Prospero Resource Manager. Section 3 presents the motivation for our new authorization model applied to metacomputing applications. Section 4 discusses the two components of the distributed authorization model: the policy language and the GAA API. Section 5 shows how the model is adapted and integrated within PRM. Section 6 describes the management of the policies using the Prospero Directory Service. Section 7 shows how the model can be applied to the lattice-based metacomputing environment. Section discusses 8 related work.