簡易檢索 / 詳目顯示
| 研究生: |
林信宏 Hsin-Hung Lin |
|---|---|
| 論文名稱: |
行動代理人為基礎的虛擬組織授權管理網格 Mobile Agent-based Virtual Organization Management Grid |
| 指導教授: |
林熙禎
Shi-Jen Lin |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
管理學院 - 資訊管理學系 Department of Information Management |
| 畢業學年度: | 95 |
| 語文別: | 中文 |
| 論文頁數: | 71 |
| 中文關鍵詞: | 虛擬組織管理 、網格運算 、網格經濟 、授權委派 、網格安全 |
| 外文關鍵詞: | Delegation, Authorization Policy, Virtual Organization Management, Grid Computing, Grid Security |
| 相關次數: | 點閱:21 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
在網格運算環境下,各個網點自主性進行資源配置的網格經濟模式,是必然的趨勢。網點間透過分享資源自然形成虛擬組織,各個虛擬組織有各自不同的屬性。而網格運算在資源分享時,所衍生的經濟行為,將產生各自不同型態的市場模式,各個市場模式儼然形成虛擬組織的群落,需要有系統的進行管理。
各個虛擬組織有其專業性,網點間在進行組織內或跨組織的資源分享時勢必牽涉到資源分享公平性與安全性的問題,是故,資源分享需要設計一個安全的授權規劃與執行管理方式。
有鑑於網格經濟對於市場型態的虛擬組織管理與授權機制缺少相關文獻與研究,故本研究企圖以網格經濟模型為基礎,建立一個虛擬組織管理架構。提供的管理操作包含註冊授信、運算代理要求、代理確認與授權委派執行。
本研究所設計之架構,允許代理人透過漫遊至市場主機後,可向市場管理者提出註冊請求,完成合法授信流程。代理人間完成資源協商交易之後,可要求公正的市場管理者為代理運算請求的交易進行背書,確立交易的合法性。資源買賣雙方並可透過管理者的合法背書,要求其對交易進行仲裁。本研究針對進行代理運算所需要的授權政策提出改良的設計,除了提昇政策制定的彈性與運算本身的私密性之外,也確保授權運算的完整性與正確性。本研究對網格環境內的虛擬組織由身份認證、組織內成員管理、授權管理以至於授權委派的執行提出一個系統性的架構,並予以實作,為網格虛擬組織管理架構提出一個參考的依據。
It’s inevitable that Grid economy emerged from nodes in Grid computing environment sharing resources with each other autonomously. Nodes form virtual organization which called VO by sharing resources, and each VO has its own specific properties. When the economic behavior occurred derived from sharing, there will be different types of market pattern. Those types of market obviously form a VO or sub-groups. So, it’s important to build a systematic management mechanism for the VO management.
Each VO owns private domain knowledge. When it comes to sharing resource in internal or external organization, the issue about fairness and security emerged. So, it’s a critical issue for designing secure authorization operation plans and execution management.
We propose a virtual organization authorization management model to provide a management architecture for VO in the Grid environment. Management operations include building trust relationship from authentication and authorization, VO member management, delegation request, proxy execution and authorization management. Besides that, we also improve the flexibility of the authorization policy to increase more security and more privacy when enforcing the delegated mission.
Based on such concept, we implement this architecture and accomplish several management scenarios practically. Besides that, we carry out experiments to prove the feasibility of the proposed model.
1. 王世甫,民95,「MAREG─以行動代理人及網格經濟為基礎之網格資源管理系統」,碩士論文–國立中央大學資訊管理學系研究所。
2 詹晏誠,民95,「適用網格計算環境之多重代理人付款系統」,碩士論文–國立中央大學資訊管理學系研究所。
英文文獻
3. Afsarmanesh, H., Camarinha, M., “A Framework for Management of Virtual Organization Breeding Environments”, Proceedings PRO-VE’2005, pp 35-48, Sep 2005.
4 Ahsant, M,., Basney, J., Mulmo, O., “Grid Delegation Protocol”. In Proceedings of the Workshop on Grid Security Practice and Experience July 2004.
5 Barker, R., Yu, D., Wlodek, T., “A Model for Grid User Management”, Computing in High Energy and Nuclear Physics, March 2003.
6 Caire, G., “JADE Tutorial JADE Programming for Beginners”, TiLab, Dec. 2003.
7 Chadwick, D., Otenko, S., Welch, V., “Using SAML to Link the Globus Toolkit to the PERMIS Authorization Infrastructure” In Proceedings of Eighth Annual IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, Windermere, UK, Sep. 2004.
8 Cannon, S. , “Using CAS to Manage Role-Based VO Sub-Groups”, Proceedings of Computing in High Energy Physics, 2003.
9 Foster, I, “What is the Grid? A Three Point Checklist”, GRID Today, 2002.
10 Foster, I., et. al., “The Anatomy of the Grid Enabling Scalable Virtual Organizations”, International Journal of Supercomputer Applications, pp.200-222, 2001.
11 Tuecke, S., et. al., “Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile”, Internet RFC 3820, IETF, June. 2004.
12 Kanaskar, N., Topaloglu, U. and Bayrak, C., “Globus Security Model for Grid environment”, ACM SIGSOFT Software Engineering Notes, Vol. 30 No. 6, Nov. 2005.
13 Kim, B., Hong, S., Kim, J., “Ticket-based Fine-Grained Authorization Service in the Dynamic VO Environment” ACM Workshop on Secure Web Service, Oct. 2004.
14 Pearlman, L., et. al., “The Community Authorization Service Status and Future”, Proceedings of Computing in High Energy Physics, 2003.
15 Saleem, A., “Using the VOM portal to manage policy within Globus Toolkit, Community Authorisation Service & ICENI resources”, Proceedings of the UK e-Science All Hands Meeting, 2004.
16 Security Assertion Markup Language (SAML) V2.0 Technical Overview, OASIS, Oct. 2006.
17 Sotomayor, B.: The Globus Toolkit 4 Programmer''s Tutorial. Globus Documentation Project, 2005.
18 The Globus Alliance: GT 4.0: Security: Community Authorization Service. Globus Documentation Project, 2005.
19 Welch, V., et. al., “X.509 Proxy Certificates for Dynamic Delegation”. In Proceedings of the 3rd Annual PKI R&D Workshop, 2004.
20 Welch, V. (Eds.), “Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective”, The Globus Security Team, July, 2005.
21 Welch, V., “Grid Security Infrastructure Message Specification”, Open Grid Forum, 2006.
網頁資料
22 Boutboul, I., “Manage credentials and access control in a grid application”, http://www.ibm.com/developerworks/library/gr-cred/index.html?S_TACT=105AGX52&S_CMP=cn-a-gr
23 The Globus Alliance, http://www.globus.org
24 WS-Trust (2005), “Web Service Trust Language (WS-Trust)”, http://www.ibm.com/developerworks/webservices/library/specification/ws-trust/
25 Java cryptography APIs, http://www.bouncycastle.org
26 Silva, V., “ Using Java with Globus Grid Security Infrastructure”, http://www.ibm.com/developerworks/grid/library/gr-ggsi.html
