International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 4, April 2012) 163 A Proposed Mechanism for Cross-Domain Authorization in Grid Computing Environment Kaustav Roy 1 , Avijit Bhowmick 2 1. M.Tech(2 nd yr),Department of CSE, Dr. B.C. Roy Engg. College, Durgapur, India 2 Asst.Professor.,Department of CSE/IT, Dr. B.C. Roy Engg. College, Durgapur, India 1 kaust_1984@yahoo.co.in 2 er.avijit.bhowmick@gmail.com Abstract— Authorization in Grid computing environment involves primarily the technique of providing the access control to the users for the resources. Lack of proper authorization process leads towards great loss and damage of vital data and information. The matter is more complicated in Grid environment because of the interior concept of virtual organization (VO). Role Based Access Control (RBAC) has gained significance for authorization and for providing RBAC, some sets of policies are to be created for the Grid computing environment with the corresponding virtual organizations. In this paper we have developed a novel architecture and cross-domain policy mechanism for authorization in Grid which is based on RBAC, where access control is attained through global-local role of users and resources providers. Keywords—Grid authorization, Security, RBAC, Cross- domain framework. I. INTRODUCTION The dynamic and multi-domain nature of Grid computing environment [1] has created challenging issues related to its security [2]. Grids are generally employed in high computation oriented jobs which requires secure association among the various independent domains geographically isolated at various places. A lot of research has been done on authorization in distributed systems but not much work has been done in real life distributed applications such as Grids. The identity based authorization which was initially put into practice maps a user’s global identity (distinguished name) to a local account that has to be setup at every Grid site. This is maintained in a list called “Grid-mapfile”. In a scalable Grid infrastructure this should not be a amiable solution for authorization purposes. The development of role based access-control(RBAC) mechanism is thus a natural choice in such a scenario[3][4]. A Grid has got multi institutional domains [1][6] and each domain is disseminated in the network, so Grid access control will be implemented in global management and local self-rule. The Grid access control strategy assigns different access permissions and variety to various global user in every local area. Users will be given roles according to his/her responsibility and permission. The user has to be constrained by access permission. There is no standard way out for authorization in case of cross domain architectures. A service request may initiate from one domain and may distance several domains to accomplish its task. Thus the local role of the user has to be mapped to a global role and a proper authorization policy has to be designed for accepting or rejecting access rights to the user. In such a state of affairs, the model described in the following section comes in handy to put to practice. II. CROSS-DOMAIN AUTHORIZATION MECHANISM Cross-domain authorization [5] is a vital factor in multi domain access control policy. Generally the Grid environment consists of numerous domains and sub- domains having dissimilar roles and responsibilities. Every sub-domain might have an administrator who is in charge of the whole domain, i.e adding users, giving local permission, restricting user rights etc.The role of a node in one domain will differ significantly in some other domain. A role in one domain may have no importance in some other domain. So the need is of some policy that could result in some equality of roles in various domains. Here is the approach which has been considered as a weighted tree. By combining the role of a node with that of its parent a global ranking has been established for access control purposes.