A scalable capability-based authorization infrastructure for web services in grids

Grid technologies bring revolutionary changes to traditional computing tasks by sharing seamless and dependable computing resources pervasively to Grid users. Including the underlying security mechanisms, they make it possible through a set of open and general purpose standards on top of Web services, which provide interoperability across administrative domains. Nowadays, following the Service-Oriented Architecture (SOA), more and more large-scale applications in science and industry embrace the Grid. However, the rapid growth of Grid technologies suffers from two key problems: (1) the coarse-grainedness of authorization methods by using gridmap files, and (2) serious performance and performance issue due to the complexity of Web services and XML technologies. The first generation of Grid authorization frameworks try to address the coarse-grainedness, while bring the other issues. For example, in a Grid application, individual scientists, the service providers, would like to share their highly dynamic Grid services in a large quantity, to grade school students, the service users, for educational purposes. Both of them find it difficult with the existing frameworks for their centralized administration, rigid policies, complexity and unscalability. In this dissertation, we first present a fine-grained authorization framework, XPOLA, for Web services and Grid services based on capability model. In a peer-to-peer administrative fashion, XPOLA features integrity, extensibility, usability, interoperability and programmability to Grid services and their users on top of Web services security and SAML standards. Consequentially, its performance and scalability are derived from three efforts: (1) fast digital signature, (2) session-based secure communication, and (3) pipelined and parallel load balancing on SOAP message processing. These frameworks comprise a scalable capability-based authorization infrastructure that has been applied in a real-world project, the Linked Environments for Atmospheric Discovery (LEAD).