Skip to Main Content
In this paper, we present a scalable authorization service, based on the concept of fine-grained access control (FGAC), for large-scale grid infrastructures that span multiple independent domains. FGAC enables participating resource owners to specify fine-grained policies concerning which user can access can their resources under which mode. We argue that such an authorization service must be integrated with the resource broker service to avoid scheduling requests onto resources which do not authorize the user request. For this reason, we develop a novel resource broker service that integrates access control with resource scheduling. In our system, both resource owners and users define their resource access and usage policies. The resource broker schedules a user request only within the set of resources whose policies match the user credentials (and vice-versa). Since this process of evaluating authorization policies of resources and user, in addition to checking the resource requirement, can be a potential bottleneck for a large scale grid, we also analyze the problem of efficient evaluation of FGAC policies. In this context, we present a novel method for policy organization and compare its performance with other strategies. Preliminary results show that the proposed method can significantly enhance performance.