Microsoft is developing a new language to improve the security of grid environments through features such as decentralized authorization policies, according to the company’s Blair Dillaway. The Security Policy Assertion Language (SecPAL) is a product of an ongoing Microsoft initiative to develop solutions for access control in large-scale grid environments. The need for tight control over trust relationships and delegated access rights has become more important than ever with the development of broad-based, decentralized distributed computing. The SecPAL prototype mimics a multidomain grid environment, incorporating existing Microsoft products and industry standards such as XML. The need for a new language to express security policies comes from the difficulty of describing the multitude of entities and relationships in large-scale grid environments. In addition to access control, SecPAL is also a tool “for expressing trust relationships, authorization policies, delegation policies, identity and attribute assertions, capability assertions, revocations, and audit requirements,” Dillaway said in a white paper. The language also lessens the reconciliation requirements for disparate security technologies and the need for semantic translation. SecPAL enables a grid user to temporarily delegate a subset of access rights to another user who needs them for a particular job while keeping the rest of the rights restricted. Dillaway claims that SecPAL is more efficient and usable than existing technologies. In the future, SecPAL could be applied to automated access delegation, job management rights, and constrained trust management, Dillaway said. (Source: ACM TechNews; Friday, September 15, 2006).
Click Here to View Full Article