University of Illinois at Chicago
Grids are intended to enable a cross-organizational interaction which makes grid security a challenging and non-trivial issue. In grids, delegation is a key facility that can be used to authenticate and authorize requests on behalf of disconnected users. In current grid systems there is a tradeoff between flexibility and security in the context of delegation. Applications must choose between limited or full delegation: on one hand, delegating a restricted set of rights reduces exposure to attack but also limits the flexibility/dynamism of the application; on the other hand, delegating all rights provides maximum flexibility but increases exposure.