Using SAML-Based VOMS for Authorization within Web Services-Based UNICORE Grids

  • Valerio Venturi
  • Morris Riedel
  • Shiraz Memon
  • Shahbaz Memon
  • Federico Stagni
  • Bernd Schuller
  • Daniel Mallmann
  • Bastian Tweddell
  • Alberto Gianoli
  • Sven van den Berghe
  • David Snelling
  • Achim Streit
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4854)

Abstract

In recent years, the Virtual Organization Membership Service (VOMS) emerged within Grid infrastructures providing dynamic, fine-grained, access control needed to enable resource sharing across Virtual Organization (VOs). VOMS allows to manage authorization information in a VO scope to enforce agreements established between VOs and resource owners. VOMS is used for authorization in the EGEE and OSG infrastructures and is a core component of the respective middleware stacks gLite and VDT. While a module for supporting VOMS is also available as part of the authorization service of the Globus Toolkit, there is currently no support for VO-level authorization within the new Web services-based UNICORE 6. This paper describes the evolution of VOMS towards an open standard compliant service based on the Security Assertion Markup Language (SAML), which in turn provides mechanisms to fill the VO-level authorization service gap within Web service-based UNICORE Grids. In addition, the SAML-based VOMS allows for cross middleware VO management through open standards.

Keywords

Simple Object Access Protocol Grid Infrastructure Policy Decision Point Resource Owner Globus Toolkit 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. International J. Supercomputer Applications 15(3) (2001)Google Scholar
  2. 2.
    Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, Á., Lörentey, K., Spataro, F.: From gridmap-file to voms: managing authorization in a grid environment. Future Generation Comp. Syst. 21(4), 549–558 (2005)CrossRefGoogle Scholar
  3. 3.
    Enabling Grid for E-sciencE, http://www.eu-egee.org/
  4. 4.
  5. 5.
    The Globus Toolkit, http://www.globus.org/toolkit
  6. 6.
    Streit, A., Erwin, D., Lippert, T., Mallmann, D., Menday, R., Rambadt, M., Riedel, M., Romberg, M., Schuller, B., Wieder, P.: UNICORE - From Project Results to Production Grids. In: Grandinetti, L. (ed.) Grid Comp. and New Frontiers of High Performance Proc., pp. 357–376. Elsevier, Amsterdam (2005)CrossRefGoogle Scholar
  7. 7.
    DEISA - Distributed European Infrastructure for Supercomputing Applications, http://www.deisa.org
  8. 8.
    The Open Middleware Infrastructure Institute for Europe, http://omii-europe.org/OMII-Europe/
  9. 9.
    OASIS Security Services (SAML) TC, http://www.oasis-open.org/committees/security
  10. 10.
    OASIS eXtensible Access Control Markup Language (XACML) TC, http://www.oasis-open.org/committees/xacml
  11. 11.
    S.Farrell, R.: An Internet Attribute Certificate Profile for Authorization (2002), http://www.ietf.org/rfc/rfc3281.txt
  12. 12.
    OGSA Basic Execution Services WG, http://forge.gridforum.org/projects/ogsa-bes-wg
  13. 13.
    Database Access and Integration Services (DAIS), https://forge.gridforum.org/sf/go/proj1070
  14. 14.
    Cantor, S., et al.: Assertions and Protocols for the Security Assertion Markup Language (SAML) Vol 2, (2005) http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
  15. 15.
    Cantor, S., et al.: Bindings for the Security Assertion markup Language (SAML), vol. 2 (2005), http://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf
  16. 16.
    Riedel, M., Mallmann, D.: Standardization Processes of the UNICORE Grid System. In: Proceedings of 1st Austrian Grid Symposium 2005, pp. 191–203. Austrian Computer Society, Schloss Hagenberg, Austria (2005)Google Scholar
  17. 17.
    Riedel, M., Eickermann, T., Frings, W., Dominiczak, S., Mallmann, D., Dssel, T., Streit, A., Gibbon, P., Wolf, F., Schiffmann, W., Lippert, T.: Design and evaluation of a collaborative online visualization and steering framework implementation for computational grids. In: Proc. of the 8th IEEE/ACM International Conference on Grid Computing (Grid 2007), Austin, Texas (to appear)Google Scholar
  18. 18.
    Interoperability and Integration of VO-Management Technologies in D-Grid, http://www.d-grid.de/index.php?id=314&L=1
  19. 19.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Valerio Venturi
    • 1
  • Morris Riedel
    • 2
  • Shiraz Memon
    • 2
  • Shahbaz Memon
    • 2
  • Federico Stagni
    • 1
  • Bernd Schuller
    • 2
  • Daniel Mallmann
    • 2
  • Bastian Tweddell
    • 2
  • Alberto Gianoli
    • 1
  • Sven van den Berghe
    • 3
  • David Snelling
    • 3
  • Achim Streit
    • 2
  1. 1.National Institute of Nuclear Physics (INFN)BolognaItaly
  2. 2.Forschungszentrum Juelich (FZJ)JuelichGermany
  3. 3.Fujitsu Laboratories of Europe (FLE)LondonUK

Personalised recommendations