Review of Security Models Applied to Distributed Data Access

  • Antonia Ghiselli
  • Federico Stagni
  • Riccardo Zappi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4375)


In this paper, we explore the technologies behind the security models applied to distributed data access in a Grid environment. Our goal is to study a security model allowing data integrity, confidentiality, authentication and authorization for VO users. We split the process for data access in three levels: Grid authentication, Grid authorization, local enforcement. For each level, we introduce at least one possible technological solution. Finally, we show our vision of a SOA oriented security framework.

This work is developed as part of the CoreGRID Network of Excellence, for the Institute on Knowledge and Data Management.


Grid data management security authentication authorization policy acl XACML SAML 


  1. 1.
    Gu, J., Shoshani, A., Sim, A.: Storage resource manager: Essential components for the grid (2003)Google Scholar
  2. 2.
    Chadwick, D.: An x.509 role-base privilege management infrastructure. Technical report (2002)Google Scholar
  3. 3.
    Chadwick, D.: Authorization in grid computing. Information Security Technical Report 10, 33–40 (2005)CrossRefGoogle Scholar
  4. 4.
    Corso, E., Cozzini, S., Donno, F., Ghiselli, A., Magnoni, L., Mazzucato, M., Murri, R., Ricci, P.P., Stockinger, H., Terpin, A., Vagnoni, V., Zappi, R.: Storm, an srm Implementation for lhc Analysis Farms, Computing in High Energy Physics. In: Proceedings of the International Conference on Computing in High Energy and Nuclear Physics (CHEP2006), Mumbai, India, Feb. (2006)Google Scholar
  5. 5.
    Gavrila, S., Kuhn, D.R., Chandramouli, R., Ferraiolo, D., Sandhu, R.: Proposed nist standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 3, 224–274 (2001)Google Scholar
  6. 6.
    Ferrari, E., Bertino, E., Bonatti, P.A.: Trbac: A temporal role-based access control model. ACM Transactions on Information and System Security (TISSEC) 4, 191–233 (2001)CrossRefGoogle Scholar
  7. 7.
    Caltroni, A., et al.: G-Pbox: a Policy Framework for Grid Environments. INFN Grid-itGoogle Scholar
  8. 8.
    Alfieri, et al.: Voms, an authorization system for virtual organizations. In: Proceedings of 1st European Across Grid ConferenceGoogle Scholar
  9. 9.
    Pearlman, L., et al.: The community authorization service: Status and future. In: Proceedings at CHEP03, La Jolla, California, March 24-28 (2003)Google Scholar
  10. 10.
    Nagaratman, et al.: Security architecture for open grid services. memo GWD-I, GGF OGSA Security Workgroup, 2002m revised (2003)Google Scholar
  11. 11.
    Demchenko, Y., et al.: Job-centric Security model for Open Collaborative Environment, pp. 69–77. IEEE Computer Society (2005)Google Scholar
  12. 12.
    Grunbacher, A.: Posix access control lists on linux. In: Submitted for publication at the USENIX ATC, San Antonio, Texas, June (2003)Google Scholar
  13. 13.
    Tuecke, S., Foster, I., Kesselman, C.: The anatomy of the grid: Enabling scalable virtual organizations. International J. Supercomputer Applications 15(3) (2001)Google Scholar
  14. 14.
    Frohner, A., Kunszt, P.: glite data management security model disussion (2005)Google Scholar
  15. 15.
    Housley, R., Farrel, S.: Rfc3281: An internet attribute certificate profile for authorization. Technical report (2002)Google Scholar
  16. 16.
    EGEE security JRA3. Global security architecture (2004)Google Scholar
  17. 17.
    The Globus security team. Gt 4.0 security (2005),
  18. 18.
    Steenbakkers, M.: Guide to lcmaps version 0.0.23 (2003),
  19. 19.
    OASIS SAML TC. Oasis security assertion markup language (saml) tc (2005),
  20. 20.
    OASIS XACML TC. Oasis extensible access control markup language (xacml) tc (2005),
  21. 21.
  22. 22.
    W3C WG. Web services architecture (2004),

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Antonia Ghiselli
    • 2
  • Federico Stagni
    • 1
  • Riccardo Zappi
    • 2
  1. 1.Istituto Nazionale di Fisica Nucleare sez. di Ferrara, via Saragat 1 - 44100 FerraraItaly
  2. 2.Istituto Nazionale di Fisica Nucleare CNAF, viale Berti Pichat, 6/2 - 40127 BolognaItaly

Personalised recommendations