Towards More Flexible and Increased Security and Privacy in Grids

  • Willy Weisz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4375)


The development of UNICORE started as a Grid-enabling middleware with a monolithic security policy that restricted Grid activities to a set of users whose credentials (X.509 certificates) are pre-recorded in a UNICORE User Database (UUDB), and to a task distribution completely defined at job-submission time because the sub-jobs have to be signed by the user with his private key. Later on projects aiming at allowing a restricted interoperability with other Grid middleware lead to the adoption of more flexible approaches like the the Explicit Trust Delegation (ETD). ETD involves implicitly a more general concept: That of an attribute or role which is attached to an identified and authenticated entity and which defines the extent of the authorisations granted to that entity by the target resource. Extending this concept to other authorisation-related aspects of Grid computing is today an area of intensive research, that should also be taken up by the UNICORE developers in order to enable the creation of Virtual Organisations (VOs) that are able to take security as seriously as necessary, and to opt for flexibility as much as possible.


Virtual Organisation Policy Decision Point UNICORE Security Globus Toolkit Security Assertion Markup Language 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Goss-Walter, T., Letz, R., Kentemich, T., Hoppe, H.-C., Wieder, P.: An Analysis of the UNICORE Security Model, Global Grid Forum, Grid Forum Document - Informational 18 (GFD-I 18) (2003),
  2. 2.
    Erwin, D. (ed.): UNICORE Plus Final Report (2003),
  3. 3.
    Grimm, C., Pattloch, M. (coord.): Analyse von AA-Infrastrukturen in Grid-Middleware, Version 1.1 (March 2006),
  4. 4.
    Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure — Certificate and Certificate Revocation List (CRL) Profile, IETF RFC 3280 (April 2002),
  5. 5.
  6. 6.
  7. 7.
  8. 8.
    Alfieri, R., et al.: From gridmap-file to VOMS: managing authorization in a GRID environment (April 2004),
  9. 9.
    Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile, IETF RFC 3820 (June 2004),
  10. 10.
    Snelling, D., van den Berghe, S., Li, V.Q.: Explicit Trust Delegation: Security for Dynamic Grids. Fujitsu Sci. Tech. J. 40(2), 282–294 (2004), Google Scholar
  11. 11.
    Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization, IETF RFC 3281 (April 2002),
  12. 12.
    CCITT Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1) (1988)Google Scholar
  13. 13.
    Security Assertion Markup Language (SAML) v2.0, OASIS Standard (2005),
  14. 14.
    eXtensible Access Control Markup Language (XACML) 21.0, OASIS Standard (2005),
  15. 15.
  16. 16.
  17. 17.
  18. 18.
    Chadwick, D.W., Novikov, A., Otenko, O.: GridShib and PERMIS Integration. In: Terena Networking Conference 2006, Catania (Sicily), Italy, 15-16 May (2006),

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Willy Weisz
    • 1
  1. 1.University of Vienna, Institute for Scientific Computing, VCPCAustria

Personalised recommendations