Abstract
In this paper, we explore the technologies behind the security models applied to distributed data access in a Grid environment. Our goal is to study a security model allowing data integrity, confidentiality, authentication and authorization for VO users. We split the process for data access in three levels: Grid authentication, Grid authorization, local enforcement. For each level, we introduce at least one possible technological solution. Finally, we show our vision of a SOA oriented security framework.
This work is developed as part of the CoreGRID Network of Excellence, for the Institute on Knowledge and Data Management.
Chapter PDF
Similar content being viewed by others
References
Gu, J., Shoshani, A., Sim, A.: Storage resource manager: Essential components for the grid (2003)
Chadwick, D.: An x.509 role-base privilege management infrastructure. Technical report (2002)
Chadwick, D.: Authorization in grid computing. Information Security Technical Report 10, 33–40 (2005)
Corso, E., Cozzini, S., Donno, F., Ghiselli, A., Magnoni, L., Mazzucato, M., Murri, R., Ricci, P.P., Stockinger, H., Terpin, A., Vagnoni, V., Zappi, R.: Storm, an srm Implementation for lhc Analysis Farms, Computing in High Energy Physics. In: Proceedings of the International Conference on Computing in High Energy and Nuclear Physics (CHEP2006), Mumbai, India, Feb. (2006)
Gavrila, S., Kuhn, D.R., Chandramouli, R., Ferraiolo, D., Sandhu, R.: Proposed nist standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 3, 224–274 (2001)
Ferrari, E., Bertino, E., Bonatti, P.A.: Trbac: A temporal role-based access control model. ACM Transactions on Information and System Security (TISSEC) 4, 191–233 (2001)
Caltroni, A., et al.: G-Pbox: a Policy Framework for Grid Environments. INFN Grid-it
Alfieri, et al.: Voms, an authorization system for virtual organizations. In: Proceedings of 1st European Across Grid Conference
Pearlman, L., et al.: The community authorization service: Status and future. In: Proceedings at CHEP03, La Jolla, California, March 24-28 (2003)
Nagaratman, et al.: Security architecture for open grid services. memo GWD-I, GGF OGSA Security Workgroup, 2002m revised (2003)
Demchenko, Y., et al.: Job-centric Security model for Open Collaborative Environment, pp. 69–77. IEEE Computer Society (2005)
Grunbacher, A.: Posix access control lists on linux. In: Submitted for publication at the USENIX ATC, San Antonio, Texas, June (2003)
Tuecke, S., Foster, I., Kesselman, C.: The anatomy of the grid: Enabling scalable virtual organizations. International J. Supercomputer Applications 15(3) (2001)
Frohner, A., Kunszt, P.: glite data management security model disussion (2005)
Housley, R., Farrel, S.: Rfc3281: An internet attribute certificate profile for authorization. Technical report (2002)
EGEE security JRA3. Global security architecture (2004)
The Globus security team. Gt 4.0 security (2005), http://www.globus.org/toolkit/docs/4.0/security/
Steenbakkers, M.: Guide to lcmaps version 0.0.23 (2003), http://www.dutchGrid.nl/DataGrid/wp4/lcmaps/edg-lcmaps_gcc3_2_2-0.0.23/
OASIS SAML TC. Oasis security assertion markup language (saml) tc (2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
OASIS XACML TC. Oasis extensible access control markup language (xacml) tc (2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml#XACML20
OASIS XACML TC. Saml 2.0 profile of xacml v2.0. (2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-profile-spec-os_OnlinePDF.pdf
W3C WG. Web services architecture (2004), http://www.w3.org/TR/ws-arch/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Ghiselli, A., Stagni, F., Zappi, R. (2007). Review of Security Models Applied to Distributed Data Access. In: Lehner, W., Meyer, N., Streit, A., Stewart, C. (eds) Euro-Par 2006 Workshops: Parallel Processing. Euro-Par 2006. Lecture Notes in Computer Science, vol 4375. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72337-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-72337-0_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72226-7
Online ISBN: 978-3-540-72337-0
eBook Packages: Computer ScienceComputer Science (R0)