Philippa J. Broadfoot and Gavin Lowe
Revised September 2003, 15pp.
The purpose of a grid is to enable large scale distributed computing over wide area networks, where entities (for example, users) can gain seamless access to computing resources across heterogeneous and geographically dispersed environments. There are a number of difficult issues that arise within the design and deployment of such a grid architecture; security has been a particularly difficult issue. In this paper, we will focus on the security implications arising through the introduction of delegation, an essential requirement to enable the sort of distributed collaboration and resource sharing for which the grid is designed. The precise impact of proposed delegation mechanisms upon security remains unclear within many grid projects. What security guarantees are required from the delegation architecture, and how does one determine whether a particular architecture provides those guarantees? In this paper, we aim to address these issues more precisely. We begin by identifying a number of security aspects of delegation. We then consider two existing architectures for secure delegation and evaluate what security requirements they meet. Finally, we discuss their applicability in practice within a grid environment, focusing mainly upon our observations within the European Union DataGrid project.