Abstract
Reliable authentication and authorisation are crucial for both service providers and their customers, where the former want to protect their resources from unauthorised access and fraudulent use while their customers want to be sure unauthorised access to their data is prevented. In Grid environments Virtual Organisations (VO) have been adopted as a means to organise and control access to resources and data based on roles that are assigned to users. Moreover, attribute based authorisation has emerged providing a decentralised approach with better scalability. Up to now UNICORE authentication and authorisation is based on X.509 certificates only. In this paper we will present two approaches to integrate both role or attribute based authorisation using VOMS and attribute based authorisation using Shibboleth into UNICORE.
Chapter PDF
Similar content being viewed by others
Keywords
- Large Hadron Collider
- Virtual Organisation
- Identity Provider
- Security Assertion Markup Language
- Attribute Authority
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Alfieria, R., Cecchinib, R., Ciaschinic, V., dell’Agnello, L.: From gridmap-file to voms: managing authorization in a grid environment. Future Generation Computer Systems 21(4), 549–558 (2005), http://www.fis.unipr.it/lca/grid/doc/from-gridmap.pdf
DFN-AAI: Authentication and Authorisation Infrastructure in DFN (in German) (last visited June 15, 2007) website https://www.aai.dfn.de/der-dienst.html
D-grid initiative (last visited June 15, 2007), website http://www.d-grid.de/index.php?id=1&L=1
EGEE - Enabling Grids for E-sciencE (last visited June 15, 2007) website http://www.eu-egee.org/
Wieder, P., et al.: Grid interoperability project. Technical report, FZJ Jülich Germany (2002)
Alfieri, R., et al.: From gridmap-file to VOMS - managing authorization in a Grid environment. Technical report, INFN Parma and University of Parma (2004), http://grid-auth.info.it/docs/voms-FGCS.pdf
Flury, P., Tschopp, V., Lenggenhager, T., Witzig, C.: Shibboleth Interoperability with Attribute Retrieval through VOMS. Technical report, EGEE (2006), https://edms.cern.ch/file/807849/1/EGEE-II-MJRA1.5-807849-v0.95.pdf
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: Enabling scalable virtual organizations. Journal of High Performance Computing Applications 15(3), 200–222 (2001), www.globus.org/research/papers/anatomy.pdf
Interoperability und integration of vo-management technologies in d-grid (last visited June 15, 2007) website http://www.d-grid.de/index.php?id=314&L=1
LHC - The Large Hadron Collider (last visited June 15, 2007) website: http://lhc.web.cern.ch/lhc/
Nicole, D.A.: UNICORE and GRIP: Experiences of Grid Middleware Development. In: Proceedings of 2005 International Conference on Grid Computing and Applications. ECS, June 2005, pp. 11–17 (2005), Online at: http://eprints.ecs.soton.ac.uk/11889/01/gca_final.pdf
Open Middleware Infrastructure Institute Europe - OMII-Europe (last visited June 15, 2007) website: http://omii-europe.org/OMII-Europe/
Scavo, T., Cantor, S.: Shibboleth architecture, technical overview. Technical report (2005), http://shibboleth.internet2.edu/docs/draft-mace-shibboleth-tech-overview-latest.pdf
Snelling, D., van den Berghe, S., Li, V.: Explicit trust delegation: Security for dynamic grids. Technical report, FUJITSU Scientific and Technical Journal, 40(2), 282–294 (December 2004)
Short Lived Credential Service (SLCS) (last visited June 15, 2007), website http://www.switch.ch/grid/slcs/
VO Membership Registration Service (last visited June 15, 2007), website: http://www.uscms.org/SoftwareComputing/Grid/VO/
Welch, V., Barton, T., Keahey, K., Siebenlist, F.: Attributes, anonymity, and access - shibboleth and globus integration to facilitate grid collaboration (2005), Online: http://grid.ncsa.uiuc.edu/papers/gridshib-pki05-final.pdf
Wieder, Ph., Goss-Walter, T., Letz, R., Kentemich, T., Hoppe, H.-C.: An analysis of the unicore security model. Technical report, Global Grid Forum. Grid Forum Document - Informational 18 (GFD-I 18)
Shibboleth. Online: http://shibboleth.internet2.edu/
The Swiss Education and Research Network. Online: http://www.switch.ch/aai/demo/medium.html
Virtual Data Toolkit: VOMS-Documentation. Online: http://vdt.cs.wisc.edu/VOMS-documentation.html
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Faroughi, A., Faroughi, R., Wieder, P., Ziegler, W. (2008). Attributes and VOs: Extending the UNICORE Authorisation Capabilities. In: Bougé, L., et al. Euro-Par 2007 Workshops: Parallel Processing. Euro-Par 2007. Lecture Notes in Computer Science, vol 4854. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78474-6_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-78474-6_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78472-2
Online ISBN: 978-3-540-78474-6
eBook Packages: Computer ScienceComputer Science (R0)