1. Technical Field
The present invention relates generally to an improved data processing system and in particular to an improved method and apparatus for managing network resources. Still more particularly, the present invention relates to a method, apparatus, and computer instructions for authorizing a user to access resources on a network and detecting intrusions on a network.
2. Description of Related Art
Network data processing systems are commonly used in all aspects of business and research. These networks are used for communicating data and ideas, as well as, providing a repository to store information. In many cases, the different nodes making up a network data processing system may be employed to process information. Individual nodes may have different tasks to perform. Additionally, it is becoming more common to have the different nodes work towards solving a common problem, such as a complex calculation. A set of nodes participating in a resource sharing scheme are also referred to as a “grid” or “grid network”. For example, nodes in a grid network may share processing resources to perform complex computations, such as deciphering keys.
The nodes in a grid network may be contained within a network data processing system, such as a local area network (LAN) or a wide area network (WAN). These nodes also may be located in different geographically diverse locations. For example, different computers connected to the Internet may provide processing resources to a grid network. By applying the use of thousands of individual computers, large problems can be solved quickly. Grids are used in many areas, such as cancer research, physics, and geosciences.
The setup and management of grids are facilitated through the use of software, such as that provided by the Globus Toolkit and the IBM Grid Toolkit. The Globus Toolkit is an open source toolkit used in building grids. This toolkit includes software services and libraries for resource monitoring, discovery, and management, plus security and file management. The toolkit was developed by the Globus Alliance, which is based at Argonne National Laboratory, the University of Southern California's Information Sciences Institute, the University of Chicago, the University of Edinburgh, and the Swedish Center for Parallel Computers. The IBM Grid Toolkit is available from International Business Machines Systems, Inc. (IBM) for use with its systems. Access to grid resources is provided through an authentication process that is executed when a user requests access to the resources. Authentication processes may involve entering a user name or a password. With most grid systems, a certificate is sent as part of the authentication process. In particular, X.509 certificates are used in many grids. These certificates, however, are vulnerable to theft. An unauthorized user may steal the certificate and place that tile on other data processing systems and masquerade as the user. In this manner, the thief may obtain access to resources on the grid and perform tasks without permission. With this type of theft, processing resources revenues may be lost to unauthorized use of grid resources.
Therefore, it would be advantageous to have an improved method, apparatus, and computer instructions for authenticating users requesting access to resources on a network data processing system, such as a grid.