Journal of Grid Computing

, 7:297 | Cite as

Definition and Implementation of a SAML-XACML Profile for Authorization Interoperability Across Grid Middleware in OSG and EGEE

  • Gabriele Garzoglio
  • Ian Alderman
  • Mine Altunay
  • Rachana Ananthakrishnan
  • Joe Bester
  • Keith Chadwick
  • Vincenzo Ciaschini
  • Yuri Demchenko
  • Andrea Ferraro
  • Alberto Forti
  • David Groep
  • Ted Hesselroth
  • John Hover
  • Oscar Koeroo
  • Chad La Joie
  • Tanya Levshina
  • Zach Miller
  • Jay Packard
  • Håkon Sagehaug
  • Valery Sergeev
  • Igor Sfiligoi
  • Neha Sharma
  • Frank Siebenlist
  • Valerio Venturi
  • John Weigand
Article

Abstract

In order to ensure interoperability between middleware and authorization infrastructures used in the Open Science Grid (OSG) and the Enabling Grids for E-science (EGEE) projects, an Authorization Interoperability activity was initiated in 2006. The interoperability goal was met in two phases: firstly, agreeing on a common authorization query interface and protocol with an associated profile that ensures standardized use of attributes and obligations; and secondly implementing, testing, and deploying on OSG and EGEE, middleware that supports the interoperability protocol and profile. The activity has involved people from OSG, EGEE, the Globus Toolkit project, and the Condor project. This paper presents a summary of the agreed-upon protocol, profile and the software components involved.

Keywords

Authorization Interoperability SAML-XACML OSG EGEE 

References

  1. 1.
    Pordes, R., et al.: The open science Grid. In: Journal of Physics: Conference Series 78, Institute of Physics Publishing, 15 pp. (2007)Google Scholar
  2. 2.
    EGEE Home: http://www.eu-egee.org/. Accessed October 2008
  3. 3.
    Rana, A.S., et al.: Introducing advanced fine-grained security in dCache-SRM for PetaByte-scale Storage Systems on Global Data Grids: gPLAZMA Grid-aware PLuggable AuthoriZation MAnagement System. In: Nuclear Science Symposium Conference Record, IEEE, pp. 632–636 (2006). ISBN: 1-4244-0561-0Google Scholar
  4. 4.
    Sfiligoi, I., et al.: Addressing the pilot security problem with gLExec. In: Journal of Physics: Conference Series 119, Institute of Physics Publishing, 6 pp. (2008)Google Scholar
  5. 5.
    Groep, D., et al.: gLExec: gluing Grid computing to the Unix world. In: Journal of Physics: Conference Series 119, Institute of Physics Publishing, 11 pp. (2008)Google Scholar
  6. 6.
    ITU-T Recommendation X.509 (1997 E): Information Technology—Open Systems Interconnection—The Directory: Authentication Framework, June 1997Google Scholar
  7. 7.
    Tuecke, S., et al.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. RFC 3820, http://www.ietf.org/rfc/rfc3820.txt
  8. 8.
    Overview of the Grid Security Infrastructure: http://www.globus.org/security/overview.html. Accessed October 2008
  9. 9.
    Alfieri, R., et al.: From gridmap-file to VOMS: managing authorization in a Grid environment. Future Gener. Comput. Syst. 21(4), 549–558 (2005). doi: 10.1016/j.future.2004.10.006 CrossRefGoogle Scholar
  10. 10.
    Alfieri, R., et al.: Managing dynamic user communities in a grid of autonomous resources. In: Proceedings of the Computing in High Energy and Nuclear Physics conference, La Jolla, California, USA, 24–28 March 2003 (TUBT005, ePrint cs.DC/0306004)Google Scholar
  11. 11.
    Röblitz, T., et al.: Autonomic management of large clusters and their integration into the grid. J. Grid Comput. 2, 247–260 (2004). doi: 10.1007/s10723-004-7647-3 CrossRefGoogle Scholar
  12. 12.
    VO Services Project Home Page: http://www.fnal.gov/docs/products/voprivilege/. Accessed October 2008
  13. 13.
    Lorch, M., et al.: Authorization and account management in the open science Grid. In: Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, IEEE, 8 pp. (2005). ISBN: 0-7803-9492-5Google Scholar
  14. 14.
    Thain, D., Tannenbaum, T., Livny, M.: Distributed computing in practice: the condor experience. Concurr. Comput. Pract. Experience 17(2–4), 323–356 (2005). doi: 10.1002/cpe.938 CrossRefGoogle Scholar
  15. 15.
    Foster, I., Kasselman, C.: Globus: a metacomputing infrastructure toolkit. Int. J. Supercomput. Appl. 11(2), 115–128 (1997)CrossRefGoogle Scholar
  16. 16.
    SAML Specifications: http://saml.xml.org/saml-specifications. Accessed October 2008
  17. 17.
  18. 18.
    Altunay, M., et al.: An XACML attribute and obligation profile for authorization interoperability in Grids. FNAL Doc DB 2685-v1, Fermilab, 40 pp. http://cd-docdb.fnal.gov/cgi-bin/ShowDocument?docid=2685 (2008)
  19. 19.
    Daigle, L., et al.: URN namespace definition mechanisms. RFC 2611, http://www.ietf.org/rfc/rfc2611.txt
  20. 20.
    Sfiligoi, I.: Making science in the grid world: using glideins to maximize scientific output. In: Nuclear Science Symposium Conference Record, 2007, NSS ’07, pp. 1107–1109. IEEE 2, Honolulu, HI, USA, (2007). ISBN 978-1-4244-0923-5CrossRefGoogle Scholar
  21. 21.
    Maeno, T., et al.: PanDA: distributed production and distributed analysis system for ATLAS. J. Phys.: Conf. Ser. 119, 062036 (4pp) (2008). http://www.iop.org/EJ/abstract/1742-6596/119/6/062036 CrossRefGoogle Scholar
  22. 22.
    Tsaregorodtsev, A., Garonne, V., Stokes-Rees, I.: DIRAC: a scalable lightweight architecture for high throughput computing. In: Fifth IEEE/ACM International Workshop on Grid Computing (GRID’04), pp. 19–25 (2004)Google Scholar
  23. 23.
    Internet2/OpenSAML: http://opensaml.org. Accessed October 2008
  24. 24.
    The, O.G.F.: OGSA-Authorization Working Group: http://forge.gridforum.org/sf/projects/ogsa-authz. Accessed October 2008
  25. 25.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol - Version 1.2. RFC 5246, http://www.ietf.org/rfc/rfc5246.txt
  26. 26.
    Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A multi-policy authorization framework for grid security, pp. 269–272. In: Fifth IEEE International Symposium on Network Computing and Applications (NCA’06) (2006)Google Scholar
  27. 27.
    The Site Central Authorization Service information page: http://www.nikhef.nl/grid/lcaslcmaps/scas/. Accessed October 2008
  28. 28.
    Feller, M., Foster, I., Martin, S.: GT4 GRAM: a functionality and performance study. In: Proceedings of TeraGrid 2007 Conference, Madison, WI (2007)Google Scholar

Copyright information

© US Government 2009

Authors and Affiliations

  • Gabriele Garzoglio
    • 1
  • Ian Alderman
    • 2
  • Mine Altunay
    • 1
  • Rachana Ananthakrishnan
    • 3
  • Joe Bester
    • 3
  • Keith Chadwick
    • 1
  • Vincenzo Ciaschini
    • 4
  • Yuri Demchenko
    • 5
  • Andrea Ferraro
    • 4
  • Alberto Forti
    • 4
  • David Groep
    • 6
  • Ted Hesselroth
    • 1
  • John Hover
    • 7
  • Oscar Koeroo
    • 6
  • Chad La Joie
    • 8
  • Tanya Levshina
    • 1
  • Zach Miller
    • 2
  • Jay Packard
    • 7
  • Håkon Sagehaug
    • 9
  • Valery Sergeev
    • 1
  • Igor Sfiligoi
    • 1
  • Neha Sharma
    • 1
  • Frank Siebenlist
    • 3
  • Valerio Venturi
    • 4
  • John Weigand
    • 1
  1. 1.Fermi National Accelerator LaboratoryBataviaUSA
  2. 2.University of WisconsinMadisonUSA
  3. 3.Argonne National LaboratoryArgonneUSA
  4. 4.INFN CNAFBolognaItaly
  5. 5.University of AmsterdamAmsterdamThe Netherlands
  6. 6.NIKHEFAmsterdamThe Netherlands
  7. 7.BNLUptonUSA
  8. 8.SWITCHSwitzerland
  9. 9.BCCSBergenNorway

Personalised recommendations