Towards cross-middleware authentication and single sign-on for ARC Grid middleware

Special Issue Paper

Abstract

When pursuing the task of making access to Grids as simple as possible, security is one of the most important challenges in production Grid infrastructures, especially when the Grid applications span multiple administrative domains as well as heterogeneous Grid middlewares. A typical example is wide scale e-Science applications which need to coordinate resources shared among a number of independent institutions with different Grid middlewares deployed on these resources. In this paper, we describe security implementation and considerations used in the upcoming version of the Advanced Resource Connector (ARC) middleware, where the heterogeneity issue has been addressed. The main goal of ARC implementation in terms of security is to let the middleware be capable of interoperating with other Grid middlewares by leveraging on standard specifications. The key aspect of the work is to enhance the current proxy certificate based authentication and single sign-on by utilizing and enhancing the standardized Web Service specifications such as Security Assertion Markup Languages (SAML), single sign-on (SSO) profile and Web Services Security in order to achieve cross-middleware authentication and single sign-on.

Keywords

Single sign-on  Delegation  Virtual organization  ARC middleware 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Foster I, Kesselman C, Tuecke S (2001) The anatomy of the Grid: Enabling scalable virtual organizations. Int J Supercomp Applic 15(3):200–222CrossRefGoogle Scholar
  2. 2.
    Foster I, Kesselman C, Tsudik G, Tuecke S 1998 A Security Architecture for Computational Grids, ACM Conference on Computers and Security, pp 83–91Google Scholar
  3. 3.
    Alfieri R, Cecchini R, Ciaschini V, dellAgnello L, Frohner A, Lorentey K, Spataro F (2005) From gridmap-file to voms: managing authorization in a Grid environment. Future Generat Comput Syst 21(4):549–558CrossRefGoogle Scholar
  4. 4.
    RFC 3821 – An Internet Attribute Certificate Profile for Authorization. http://www.faqs.org/rfcs/rfc3281.html. Accessed 11 April 2009
  5. 5.
    Globus Toolkit. http://www.globus.org/toolkit/. Accessed 11 April 2009
  6. 6.
    gLite: lightweight middleware for Grid computing. http://glite.web.cern.ch. Accessed 11 April 2009
  7. 7.
    Advanced Resource Connector. http://www.nordugrid.org/middleware/. Accessed 11 April 2009
  8. 8.
    OASIS Web Services Security. http://www.oasis-open.org/committees/wss/. Accessed 11 April 2009
  9. 9.
    OASIS Security Assertion Markup Languages (SAML). http://www.oasis-open.org/committees/security/. Accessed 11 April 2009
  10. 10.
    Ellert M et al (2007) Advanced resource connector middleware for lightweight computational grids. Future Generat Comput Syst 23(2):219–240CrossRefGoogle Scholar
  11. 11.
    KnowARC project. https://www.knowarc.eu/. Accessed 11 April 2009
  12. 12.
    Design document of new version ARC. https://www.knowarc.eu/documents/Knowarc_D1.1-1_07.pdf. Accessed 11 April 2009
  13. 13.
    The Shibboleth Project. http://shibboleth.internet2.edu/. Accessed 11 April 2009
  14. 14.
    eduPerson and eduOrg Object shema. http://middleware.internet2.edu/eduperson/. Accessed 11 April 2009
  15. 15.
    Welch V, Barton T, Keahey K, Siebenlist F (2005) Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration. 4th Annual PKI R&D WorkshopGoogle Scholar
  16. 16.
    Barton T et al (2006) Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, Gridshib, and MyProxy. 5th Annual PKI R&D WorkshopGoogle Scholar
  17. 17.
    SWITCH Short Lived Credential Service. http://www.switch.ch/Grid/slcs/. Accessed 11 April 2009
  18. 18.
    Welch et al V (2004) X.509 proxy certificate for dynamic delegation, Proceeding of the 3rd Annual KI R&D WorkshopGoogle Scholar
  19. 19.
    Ahsant M, Basney J, Mulmo O (2004) Grid Delegation Protocol, UK Workshop on Grid Security Experiences, OxfordGoogle Scholar
  20. 20.
    OASIS WS-Trust specification. http://docs.oasis-open.org/ws-sx/ws-trust/200512. Accessed 11 April 2009
  21. 21.
    Gridsite delegation service. http://www.gridsite.org/wiki/Delegation_protocol. Accessed 11 April 2009

Copyright information

© Springer-Verlag 2009

Authors and Affiliations

  1. 1.Department of PhysicsUniversity of OsloOsloNorway

Personalised recommendations