Advertisement

Combining the X.509 and the SAML Federated Identity Management Systems

  • Marcus Hardt
  • Arsen Hayrapetyan
  • Paul Millar
  • Shiraz Memon
Part of the Communications in Computer and Information Science book series (CCIS, volume 420)

Abstract

Every distributed computing infrastructure requires authentication and authorisation infrastructures (AAI) to manage access to resources and content. Several of such so called AAI systems are in use within different groups of users. In the Large Scale Data Management and Analysis project we aim to support and bring together many user communities. We therefore need to harmonise the currently used AAI systems. The approach described is to translate between different authentication systems. We furthermore try to maintain the same trust level wherever possible, and to harmonise authorisation across the involved systems.

Keywords

Trust Third Party Identity Provider Security Assertion Markup Language Successful Authentication Authorisation Decision 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Unicore summit (2012), http://hdl.handle.net/2128/4705 (last visited August 26, 2013)
  2. 2.
    DFN. The German National Research Network Provider, http://dfn.de (last visited June 1, 2013)
  3. 3.
    Shibboleth. Project homepage, http://shibboleth.net
  4. 4.
    The OpenSSL Team. OpenSSL project homepage, https://www.openssl.org/ (last visited October 10, 2012)
  5. 5.
    Alfieri, R., Cecchini, R.L., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., Lõrentey, K., Spataro, F.: VOMS, an authorization system for virtual organizations. In: Fernández Rivera, F., Bubak, M., Gómez Tato, A., Doallo, R. (eds.) Across Grids 2003. LNCS, vol. 2970, pp. 33–40. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Benedyczak, K., Biala, P.: Next generation of virtual organizations in unicore. In: Unicore Summit 2012 Proceedings (2012)Google Scholar
  7. 7.
    Cantor, S., Josefsson, S.: SAML Enhanced Client SASL and GSS-API Mechanisms. IETF Draft Document (2013), https://datatracker.ietf.org/doc/draft-cantor-ietf-kitten-saml-ec/ (last visited November 13, 2013)
  8. 8.
    Cantor, S., Kemp, J., Philpott, R., Maler, E.: Assertions and protocols for the oasis security assertion markup language (SAML) v2.0 (2005)Google Scholar
  9. 9.
    eduGAIN. Project homepage, http://edugain.org
  10. 10.
    Erwin, D., Snelling, D.: UNICORE: a grid computing environment. In: Euro-Par 2001 Parallel Processing, pp. 825–834 (2001)Google Scholar
  11. 11.
    Farrell, S., Housley, R.: RFC 3281: An internet attribute certificate profile for authorization. IETF RFC, http://www.ietf.org/rfc/rfc3281.txt
  12. 12.
    Foster, I.: The anatomy of the grid: Enabling scalable virtual organizations. In: Sakellariou, R., Keane, J.A., Gurd, J.R., Freeman, L. (eds.) Euro-Par 2001. LNCS, vol. 2150, pp. 1–4. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Howlett, J., Hartman, S.: Application Bridging for Federated Access Beyond web (ABFAB). IETF Draft, http://datatracker.ietf.org/wg/abfab/
  14. 14.
    ITU-T Study Group 17: Security. In: Public-key and attribute certificate frameworks (October 2010), http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=X.509 (last visisted August 22, 2013)
  15. 15.
    Murri, R., Maffioletti, S., Kunszt, P., Tschopp, V.: Gridcertlib: a single sign-on solution for grid web applications and portals, http://arxiv.org/abs/1101.4116v3
  16. 16.
    The GridShib Project. Homepage, http://gridshib.globus.org (last visited August 26, 2013)
  17. 17.
    The International Grid Trust Federation, http://www.igtf.net (last visited June 12, 2013)
  18. 18.
    The Switch AAI. Homepage, http://www.switch.ch/aai/ (last visited August 26, 2013)
  19. 19.
    van Wezel, J., Streit, A., Jung, C., Stotzka, R., Halstenberg, S., Rigoll, F., Garcia, A., Heiss, A., Schwarz, K., Gasthuber, M., Giesler, A.: Data life cycle labs, a new concept to support data-intensive science. arXiv e-print 1212.5596 (December 2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Marcus Hardt
    • 1
  • Arsen Hayrapetyan
    • 1
  • Paul Millar
    • 2
  • Shiraz Memon
    • 3
  1. 1.Steinbuch Centre for ComputingKarlsruhe Institute of TechnologyGermany
  2. 2.Deutsches Elektronen SynchrotronGermany
  3. 3.Jülich Supercomputing CentreGermany

Personalised recommendations