Another interesting new area for grid security is the growing discussion around developing a handle system for the grid.
This Handle System could be an alternative implementation that you could use for attribution servers and naming servers in general. The handle system, which is being worked on by the Corporation for National Research Initiatives (CRNI), would not only provide attribute services but it would also serve as an infrastructure and root service able to resolve resource names globally. It is very much a domain name system (DNS) type of model. You have a global naming system and values or attributes that are bound to that name. It's like the DNS on steroids -- security is truly integrated into the whole fabric. It will have all the good features of transparent applications, and it allows individuals to administer their own bindings, so you can push the access rights of the bindings down to the individual names.
The concept of having a centralized root system for registering grid resources is interesting, as we consider the future of 'extra-grids,' where coordinated resource sharing requires us to think about distributed policy requirements and resource discovery issues.
David Holtzman, former CTO of Network Solutions (acquired by Verisign for $21 billion in '00), led the team that ran the DNS in the late '90s and oversaw the growth of the Internet from 500,000 domain names to more than 20 million. Network Solutions' contract with the National Science Foundation meant that anyone who wanted to have a domain name and participate in the Internet had to go through the Network Solutions domain name registrar system.
Holtzman sees the grid computing handle system as the logical next step in the grid evolution, and he thinks the collective body of vendors with commercial interests in grid would be smart to stand behind it.
"Managing millions of domain names was a tremendous challenge, but the idea of accounting for billions of resources participating in a global grid is mind-numbing," Holtzman said. "Having the inventory of resources consolidated in a central broker seems like a logical step to solving the issues. One lesson I've learned from the bad-boy days of the early commercial Internet is that harnessing distributed power is not so much a matter of leveraging the sum of the individual components but of building an appropriate framework so that each constituent can derive value from the whole without being forced to make one-off tactical decisions in the enterprise. Building a handle system empowers the lowest management point in the organization to fully utilize the technology without constantly building organizational consensus. I believe that the DNS system, for this reason, was the prime catalyst for the rapid adoption of the commercial Internet in the late '90s."
This Globus handle system project intends to provide a Web services interface to the handle system leveraging standard interfaces, like SAML attribute query interfaces, XKMS queries, with simple name/value resolutions.