A generic Grid security policy reconciliation framework

The purpose of this paper is to provide a framework for enhancing security policy management in the Grid.

The Grid security policy reconciliation problem is presented. A generic view on the security policy notion is adopted and the security policy ontology notion is introduced and used.

In the course of this work it was found that, in order to enhance security policy management in the Grid, Grid entities should have the ability to negotiate their security policies. It was also found that, in order to achieve security policy negotiation, effective security policy semantics manipulation towards security policy reconciliation is needed. Finally, it was established, through the use of an example, that if appropriate means are used for security policy reconciliation then incompatible security policy representations can be transformed into compatible ones.

Research limitations stem from the adoption of a generic view on the security policy notion and the selection of identification and authentication security policies as the focal point of the proposed framework. Research implications include the possibility of examining how existing security policy reconciliation models can be incorporated in this generic framework. The possibility of investigating how such a framework can lead to a security policy knowledge management tool for Grid administrators is also demonstrated.

Practical implications of this work include the establishment of a common framework for security information exchange between Grid entities.

This paper proposes a framework for enhancing security policy management in the Grid. The proposed framework can be used by researchers as a reference and by security experts in order to reduce ambiguity concerning the interpretation of security policies expressed in different forms, by negotiating Grid entities.