1. Technical Field
The present invention relates to data processing and, in particular, to grid computing. Still more particularly, the present invention provides a method, apparatus, and program for grid mutual authorization through proxy certificate generation.
2. Description of Related Art
Grid computing is the sharing of central processing unit (CPU) resources across a network so that a plurality of machines function as one large supercomputer. Grid computing, also referred to as peer-to-peer computing or distributed computing, allows unused CPU capacity in any of the machines to be allocated to the total processing job required.
In a large enterprise, hundreds or thousands of desktop machines may be sitting idle at any given moment. A CPU may be considered idle even when a user is reading the screen and not interacting with the machine. Other computing resources may be idle at various times of the day. For example, a cluster of database servers, or a subset thereof, may be unused during non-business hours, for example during the middle of the night. Case in point, during peek business hours in New York City, most people are likely to be asleep in India. Therefore, at any time of the day there may be unused processing cycles that could be put to use on large computational problems.
A given user may run a computationally intensive job using grid technology. For example, the user may have a biotechnology project, such as a human genome research project. A job may be any program that may run for two days or may simply ask the resource machine for the time of day. However, grid computing is typically used for very computationally intensive jobs. A user may send a job to a resource machine and go home for the night or the weekend. A resource machine will then process the job and return the results to the user.
The user may select a particular machine in a grid to run the job. The user may know of a specific machine that the user trusts. For example, the user may know of a machine with unused capacity that has updated security patches, a secure operating system, etc. Alternatively, a user may submit a job to a grid scheduler that selects a host (resource) to process the job. If a user sends a job to a grid scheduler, the user is presumed to trust the scheduler to send the job to the right host.
Of course, grid computing may bring up security problems. For instance, a resource machine may become overburdened. In this case, the primary resource machine may offload work to a secondary resource machine. The user that submitted the job may not necessarily trust the secondary resource or host. The IP of the job, the program being run, input data, output data, etc. are all available to the secondary untrusted host. This represents an unauthorized risk or cost to the user in terms of security. However, once the job is submitted to a primary resource, the user has no control over which machine in the grid ultimately processes the job. Consequently, the secondary resource machine that processes the job may lack the desired, or even necessary, security levels. The machine may have an operating system that is vulnerable to virus attacks or spyware. Or the secondary resource may be malicious and steal the results or the Internet protocol (IP) address of the grid job.