M. R. Thompson, A. Essiari, K. Keahey, V. Welch, S. Lang, B. Liu, "Fine-Grained Authorization for Job and Resource Management Using Akenti and the Globus Toolkit," Preprint ANL/MCS-P1095-0903, September 2003. [pdf]
As the Grid paradigm is adopted as a standard way of sharing remote resources across organizational domains, the need for fine-grained access control to these resources increases. This paper presents an authorization solution for job submission and control, developed as part of the National Fusion Collaboratory, that uses the Globus Toolkit 2 and the Akenti authorization service in order to perform fine-grained authorization of job and resource management requests in a Grid environment. At job startup, it allows the system to evaluate a user's Resource Specification Language request against authorization policies on resource usage (determining how many CPUs or memory a user can use on a given resource or which executables the user can run). Furthermore, based on authorization policies, it allows other virtual organization members to manage the user's job.