Skip to Main Content
This paper describes a Role-based Access Control (RBAC) mechanism for distributed High Performance Computing (HPC) systems that will facilitate scalable evaluation, management and enforcement of access control policies. The RBAC mechanism forms an enhanced security framework for Grids and Clouds that will allow for interoperability between technologies in the two domains. The mechanisms being proposed here are important because the current lack of software tools and security standards in accessing distributed HPC systems and transporting Large Data Sets can add immensely to overheads in data processing or data integration times. RBAC models make policy management scalable and by virtue of being modular allow for more sophisticated access control models to be integrated with them. This paper shows how existing security standards can be leveraged for the specification and management of RBAC policies with the aim to allow disparate applications, systems and security domains to interoperate. The extensible Access Control Markup Language (XACML) can be used for policy specification and management across disparate organizations and the Security Assertion Markup Language (SAML) can be used for authentication and authorization assertions across the same. Both standards can be leveraged to facilitate policy management and enforcement, and delegation of rights. Authorization servers like Shibboleth can be leveraged for use as RBAC system components.
Date of Conference: 16-20 May 2011