Authentication and authorization infrastructure for Grids—issues, technologies, trends and experiences
Tóm tắt
Authentication and authorization for Grids is a challenging security issue. In this paper, key issues for the establishment of Grid authentication and authorization infrastructures are discussed, and an overview of major Grid authentication and authorization technologies is presented. Related to this, recent developments in Grid authentication and authorization infrastructures suggest adoption of the Shibboleth technology which offers advantages in terms of usability, confidentiality, scalability and manageability. When combined with advanced authorization technologies, Shibboleth-based authentication and authorization infrastructures provide role-based, fine-grained authorization. We share our experience in constructing a Shibboleth-based authentication and authorization infrastructure and believe that such infrastructure provides a promising solution for the security of many application domains.
Tài liệu tham khảo
Foster I, Kesselman C (2001) The anatomy of the grid: enabling scalable virtual organizations. Int J High Perform Comput Appl 15:200–222
Foster I et al (1998) A security architecture for computational grids. In: ACM conference on computers and security, 1998
Globus Toolkit (2009) http://www.globus.org
Weise J (2008) Public key infrastructure overview. http://www.sun.com/blueprints/0801/publickey.pdf
Kuhn DR et al (2001) Introduction to public key technology and the federal PKI infrastructure. National Institute of Standards and Technology
C.C.I.T.T. (1988) Recommendation X.509. The directory—authentication framework
Tuecke S et al (2001) Internet X. 509 public key infrastructure proxy certificate profile. IETF
Athens for Education (2008) http://www.athens.ac.uk
Shibboleth Project (2008) http://shibboleth,internet2.edu
OASIS Security Services Technical Committee (2003) Security Assertion Markup Language (SAML) v1.1. OASIS Standard 200308. http://www.oasisopen.org/specs/index.php#samlv1.1
Pearlman L et al (2002) A community authorization service for group collaboration. In: IEEE 3rd international workshop on policies for distributed systems and networks, 2002
Alfieri R (2003) Managing dynamic user communities in a grid of autonomous resources. In: Conference for computing in high energy and nuclear physics, 2003
Chadwick DW, Otenko A, Ball E (2003) Role-based access control with X.509 attribute certificates. IEEE Internet Comput 62–69
ITU-T (1995) Rec X. 812|ISO/IEC 10181-3:1996. Security frameworks for 475, open systems: access control framework
Xu W, Chadwick D, Otenko S (2005) Development of a flexible PERMIS authorization module for Shibboleth and Apache server. In: 2nd EuroPKIWorkshop, 2005
GridShib Project (2008) http://gridshib.globus.org
ShibGrid Project (2008) http://www.oesc.ox.ac.uk/activities/projects/index.xml?ID=ShibGrid
Basney J, Humphrey M, Welch V (2005) The MyProxy online credential repository. Softw Pract Exp 35(9):801–816
UK National Grid Service (2008) http://www.grid-support.ac.uk/
GridShibPERMIS Project (2008) http://www.jisc.ac.uk/uploaded_documents/GRIDShibPermis.pdf
Tan L et al (2006) GEODE—sharing occupational data through the grid. In: 5th UK eScience all hands meeting, Nottingham, UK, 2006
Lambert P et al (2006) Development of a grid enabled occupational data environment. In: 2nd international conference on eSocial science, Manchester, UK, 2006
OGSA-DAI (2008) Open grid service architecture—data access and integration. http://www.ogsadai.org.uk
Sakai Project (2008) http://www.sakaiproject.org