Abstract

e-Science and e-Research is about supporting collaborations especially those that cross administrative boundaries. Typically this is achieved through establishing virtual organizations (VOs) where several institutions and individuals wish to contribute resources for their mutual interest, e.g. to address a given research topic. VOs can be fluid in nature and any individual/cooperating entity may in principle join/leave or have their roles/privileges changed/revoked at any time. Management of such dynamic infrastructures is made more complex since they must address the overall configuration and management of VO-specific resources across multiple sites, as well as configuration and management of the underlying infrastructure upon which the VO exists - referred to in this paper as the fabric. An insecure fabric can undermine the security of collaborating sites and any threat (perceived or real) can often impede the operation of the whole VO. In this paper we present a trust-oriented policy-driven infrastructure that overcomes many of the issues with existing VO models based upon blind trust assumptions of the fabric. Our proposed solution extends the Globus authorization framework involving several decision entities before a patch can be pushed to a target node.