Dynamic delegation approach for access control in grids

Abstract

Access control is a mechanism to secure resources from unauthorized use. Securing a grid resource imposes a distinctive set of challenges to access control policies and mechanisms. As the grid resources are distributed in space and time, direct authorization methods are not always sufficient. Delegation is a way of indirect authorization whereby an active entity in a grid system can access a resource or act on behalf of another active entity. Access to resources in grids can be broadly categorized as full, nil or partial implying a degree of fuzziness. Conventional security models are rigid and the tasks that need to be performed by an active grid entity, require a more flexible form of access. A fuzzy logic based scheme provides more flexibility to resource access and access control in grids. The delegated rights have to be granted in a dynamic environment where the entities of a grid do not have prior information about each other. We propose a new scheme for this, which uses a two- stage fuzzy inference process based on trust relationships among the grid entities. © 2005 IEEE.