A Credentials Management System for secure trade in a Grid Services Marketplace

摘要

In these years, the Grid middlewares are having a rapid evolution, a successful application and a widespread deployment, thus attracting many commercial interests. The opportunity to evolve the current implementations of Grids, presently used mainly in e-science environments, towards a services market place represents, today, one of the most important challenges in the field of Grids' research. The management of business interactions among a large number of actors with different wishes and behaviors requires the development of a comprehensive set of mechanisms and policies for securing the Grids. In this scenario, however, the rigid policies adopted by the Virtual Organizations for the trusted management of grids resources, both in terms of authentication and in terms of authorization policies, result too restrictive and make impossible the exploitation of the grids resources by those users outside their organizations. This paper focuses on the management of the authorizations within these environments, proposing two techniques to assure trust relationships and secure trade of services overcoming the limits imposed by the Virtual Organizations. The first one, inspired to the international credit cards system, has been designed to avoid that a user has to own a certificate for each Grid/VO providing a specific service. The second technique, based on the concept of identity loan, provides a scalable method to associate dynamically a local user account on the grid resources to each remote consumers.