Skip to Main Content
To date, not enough attention has been paid to issues surrounding the description and enforcement of policies for controlling grid resources. These policies define the permitted or desired usage scenario(s) allowed by resource providers, virtual organizations, or even the governing body for an entire grid. Most existing Grid systems have either "in-spirit" usage policies with no actual enforcement (e.g., all resource providers are assumed to contribute in kind), or have implicit resource usage policies whose intent can only be manifested by examining the ad-hoc policy enforcement. Moreover, systems that do define some resource usage policies typically consider only CPU resources, without mentioning other grid resources such as disk and bandwidth. Unless sufficient resource usage policies and enforcement mechanisms are created, resource providers will be increasingly reluctant to participate in grids out of fear that their local resources will be overrun. In this paper, we identify the requirements for a resource usage policy language, and then propose an event-centric model by which to implement these policies. We describe the language structure, its implementation on top of the XML access control language XACML and a policy service that processes the language. Because decisions based on this type of policy typically require information from outside the security context of a single grid request, we extend XACML for general timer-based and event-centric processing necessary to enforce such Grid resource usage policies. We evaluate our prototype implementation on a grid consisting of three data repositories by showing that a usage policy-controlled grid environment can be achieved with only minimal overhead.
Date of Conference: 19-21 Sept. 2007