By Jack M. Germain TechNewsWorld
04/30/07 10:31 AM PT
Microsoft's Security Policy Assertion Language, or SecPAL, is the company's attempt to develop a language for expressing decentralized authorization policies. The software firm hopes that making available the implementation and design information from its SecPAL project will encourage the security and grid research communities to test and experiment with it.
Microsoft (Nasdaq: MSFT) has released details about its SecPAL project to encourage collaboration from the grid computing community on methods for greater security and access controls.
Microsoft created SecPAL, or Security Policy Assertion Language, as a research project to develop a language for expressing decentralized authorization policies. The project also investigates computing language design and semantics as well as related algorithms and analysis techniques.
Microsoft hopes the SecPAL project will lead to developing a simpler, more accurate way of expressing decentralized authorization policies in a grid environment through a logic-based security policy language.
The software firm hopes that making available the implementation and design information from its SecPAL project will encourage the security and grid research communities to test and experiment with it.
"One of the issues in grid computing is delegation of access rights. This is a key issue for enterprise users, who have trouble managing grid security," Blair Dillaway, lead software architect for Microsoft, told TechNewsWorld.
Grid Computing Exposed
Grid Computing is a process that links computers in separate locations to combined computational resources. By sharing computer resources on a grid, users can operate a unified resource for solving large-scale compute and data-intensive computing applications.
The Open Grid Services Architecture (OGSA) is an open set of standards and protocols that forms the basis for grid computing. The OGSA enables communication across heterogeneous, geographically dispersed environments. Grid computing provides organizations a way to optimize computing and data resources. Grid users can pool the grid resources for large capacity workloads and share them across networks for collaboration.
Software developers such as Microsoft, IBM (NYSE: IBM) and Oracle (Nasdaq: ORCL) develop products that provide an infrastructure for grid computing for the enterprise community. Grid computing is sometimes referred to as distributed computing or virtualization computing.
SecPAL Explained
Microsoft began researching a security language policy for grid computers about two years ago, Dillaway said. The need for improved security language protocols results from an increasing interest in enterprise circles for grid computing.
Different solutions evolved by various researchers, but none of the security and access solutions was very encompassing. SecPAL is designed to be broadly applicable, according to Dillaway.
"We made it flexible enough to work with several grid platforms. We have been experimenting with SecPAL internally for one year. I feel very positive about this progress," he said.
Expert Opinions
The next step in achieving industry acceptance for SecPAL is to get more eyes on this technology. Microsoft is now releasing the details and a copy of the implementation along with language design to the grid community, Dillaway explained.
"We may see more scenarios and language refinement," he explained.
The University of Virginia and the University of Newcastle Upon Tyne are actively trying SecPAL. Other universities and organizations have downloaded the information but haven't responded yet, Dillaway noted.
Security Main Goal
Effective solutions for regulating user policies for grid computing will require broad cooperation. Microsoft is making the overture now to share in the process, according to Dillaway, who said SecPAL development has a long way to go before it can be fully implemented.
"Security is big concern before adopters make a plunge," he said. "SecPAL is not going to be the only solution to the grid security issue."
Microsoft is going public with its research to try to help move it along, Dillaway said.
"Most big companies have mainframe and Unix computing systems. We need to make it all work together. Microsoft is open to more collaboration with other developers," he said.
Open Grid Forum
While the research on grid computing and and regulating user policies is far from complete, Dillaway is not sure how much time will be devoted to finalizing SecPAL. He hopes to see some convergence over the next two years because grid computing is starting to impact on mainstream business.
Microsoft released SecPAL in an effort to generate a response at the 20th Open Grid Forum, to be held May 7 through May 11 in Manchester, England.
The forum, hosted by UK e-Science and the University of Manchester, is expected to attract strong interest from the global Grid community to develop Grid standards, showcase real-world applications and discuss large-scale grid infrastructure techniques and applications.
New SourceLabs App Aims to Make Open Source Safe April 27, 2007
SourceLabs' new Open Source Management System is designed to assist large enterprises in manging the risks that come with open source usage. While open source software has been widely adopted throughout large organizations organically, it typically bypasses traditional controls, exposing businesses to unknown and often unnecessary security, operational and legal risks.
Related Stories
Microsoft Cashes In on Vista in Q3 April 27, 2007
Aided by Windows Vista and Office 2007 sales, Microsoft posted a 65 percent increase in its third-quarter earnings. The company earned $4.93 billion in the period, up from $2.98 billion in the year-ago quarter. Its revenue was $14.4 billion, up 32 percent when compared with last year.
The Truth About Open Source Security April 26, 2007
Is it better to run your company's firewall or IDS using an open source tool, or is it better to buy something off the shelf? Let's step through some of the most common arguments used by each side of the open source security debate and see how they do or do not stand up in the light of practical reality.
Microsoft, SAP Plot Duet Software Road Map April 25, 2007
Microsoft and SAP will continue the joint developing of Duet, which lets users access SAP applications via the familiar Microsoft Office interface. The next version of Duet, which is expected later this year, will include support for sales management and supply chain-related business processes.
Related News Alerts
More by Jack M. Germain
The Gaping Hole Where Auto Software Standards Should Be March 18, 2010
Toyota is not the only car maker navigating around accusations of quality problems with its auto controls, but recent fatalities drove the company into the spotlight.
Over the years, Ford, Audi and Nissan had similar troubles. In all cases, government agencies responsible for overseeing consumer safety detoured away from the situation.
Notable Note Apps for Fastidious FOSS Freaks March 17, 2010
At their heart, note-taking apps perform a very simple function: put letters on the screen. They differ widely, though, in the special features each offers. Tomboy Notes, for example, is the power of WikiText, which keeps multiple notes on any topic organized, no mater how you rename or rearrange them. With Xpad, you can banish sticky notes from your real desktop and keep them neatly inside the computer screen.
New Cisco Router Boasts Breakneck Speeds March 09, 2010
With its eye on Internet video and new online services that require ever increasing amounts of bandwidth, Cisco has announced its new CRS-3 Carrier Routing System. The company offered up a few examples of just how speedy CRS-3 is: Hypothetically, the system could serve up a copy of every movie ever made in less than four minutes, or facilitate video calls for every person in China simultaneously.
Headline Feeds
Talkback: 
