Security policy management in federated computing environments
Abstract
The default Java implementation for security policies based on policy files doesn’t comply with the specific needs of metacomputing environments. Managing a large number of policy files for all Java runtime systems in the metacomputing system doesn’t scale. This paper presents a federated approach for security policy management in Java-based metacomputing systems. Security policies are stored in a policy base, which is managed by a policy service provider (Policer). The policy base and its Policer are replicated and the replicated policy bases are synchronized with each other in order to avoid a single point of failure. Any bootstrapping service provider gets its security policy dynamically from any available Policer in the network. The proposed solution ensures uniform policy-based authorization for all the services in the SORCER metacomputing environment through the use of the dynamic policy management methodology.