— A large and diverse consortium of grid clusters, as can be found in a university setting, requires a flexible authorization model that is scalable, extensible and easy to administer. Current approaches to grid authorization suffer from administrative interfaces that don’t scale, authorization models that don’t provide needed functionality, or both. This paper proposes a solution with initial implementation that uses existing standards to support the requirements of such a consortium of grid clusters. Our solution eliminates the need to manage authentication and authorization on a per-host basis, and implements a mechanism to temporarily bind a grid user to a local guest account on grid resource.
Beth A. Kirschner, Thomas J. Hacker, William A. Ad