Message-Based Security Model for Grid Services

Grid is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations.” The dynamic and multi-institutional nature of these environments introduces challenging security issues that demand new technical approaches. In particular, one must deal with diverse local mechanisms, support dynamic creation of services, and enable dynamic creation of trust domains. As Grid services are adopted and applied widely, as definition of an organizational boundary fade away in support of virtual organizations, as virtual organizations continue to evolve to support intermediaries such as firewalls, load balancers, and messaging hubs, and as awareness of the threats organizations face becomes more well understood, the need for a security model within Grid services grows clear. This paper reflects the challenges and requirements we have identified in a Grid environment. Based on those requirements, the proposed security architecture, by extending and leveraging (rather than replacing) existing security technology and assets, will enable businesses and organizations to more rapidly develop secure, interoperable Grid services. Because of the important role of message in Grid services, we limit our scope to message level security when developing our security model.