Nephele: Scalable Access Control for Federated File Services

Giorgos Margaritis, Andromachi Hatzieleftheriou, Stergios V. Anastasiadis
2012 Journal of Grid Computing  
The integration of storage resources across different administrative domains can serve as building block for the development of efficient collaboration environments. In order to improve application portability across such environments, we target data sharing facilities that securely span multiple domains at the filesystem rather than the application level. We introduce the hypergroup as an heterogeneous two-layer construct, where the upper layer consists of administrative domains and the lower
more » ... ayer of users from each participating domain. We use public keys to uniquely identify users and domains, but rely on credentials to securely bind users and domains with hypergroups. Each domain is responsible for authenticating its local users across the federation, and employs access control lists to specify the rights of individual users and hypergroups over local storage resources. In comparison to existing systems, we show both analytically and experimentally reduced transfer cost of remote authorizations and improved scalability properties.
doi:10.1007/s10723-012-9217-4 fatcat:tuo53ytg6beplesdatd3s3kjaq