GSI3: Security for Grid Services

Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations." The dynamic and multi-institutional nature of these environments introduces challenging security concerns that demand new technical approaches. In particular, we must deal with diverse local mechanisms, support dynamic creation of services, and enable dynamic creation of trust domains. We describe how these issues are addressed in two generations of the Globus Toolkit (GT2). First, we review the GT2 approach; then, we describe in detail new approaches developed to support the GT3 implementation of the Open Grid Services Architecture, a new initiative aimed at recasting key Grid concepts within a service-oriented framework. GT3's security implementation uses WS-Security mechanisms for credential exchange and other purposes, and introduces a tight least privilege model that avoids the need for any privileged service.