Dynamic Trust Federation in Grids

  • Mehran Ahsant
  • Mike Surridge
  • Thomas Leonard
  • Ananth Krishna
  • Olle Mulmo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3986)


Grids are becoming economically viable and productive tools. They provide a way of utilizing a vast array of linked resources such as computing systems, databases and services online within Virtual Organizations (VO). However, today’s Grid architectures are not capable of supporting dynamic, agile federation across multiple administrative domains and the main barrier, which hinders dynamic federation over short time scales is security. Federating security and trust is one of the most significant architectural issues in Grids. Existing relevant standards and specifications can be used to federate security services, but do not directly address the dynamic extension of business trust relationships into the digital domain. In this paper we describe an experiment which highlights those challenging architectural issues and forms the basis of an approach that combines a dynamic trust federation and a dynamic authorization mechanism for addressing dynamic security trust federation in Grids. The experiment made with the prototype described in this paper is used in the NextGRID project to define the requirements of next generation Grid architectures adapted to business application needs.


Trust Relationship Grid Resource Access Control Policy Target Service Grid Architecture 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    The Open Grid Services Architecture. V1.0 (July 2004) (February 2005), http://www.gridforum.org
  2. 2.
    EC IST Project 511563: The Next Generation Grid (September 2004), http://www.nextgrid.org
  3. 3.
    The NextGRID Architecture Straw Man (September 2004), http://www.nextgrid.org
  4. 4.
    Brashear, D.J., Hornstein, K., Ihren, J., et al.: Heimdal Kerberos (February 5, 2005), http://www.pdc.kth.se/heimdal/heimdal.html
  5. 5.
    Kaler, C., et al.: Web Services Security X.509 Certificate Token Profile (March 1, 2004) (February 2005), http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf
  6. 6.
    EC Project IST-2001-33240 Grid Resources for Industrial Applications (April 2005), http://www.gria.org/forthecurrentGRIAmiddlewareversion
  7. 7.
    Surridge, M., Taylor, S.J., Marvin, D.J.: Grid Resources for Industrial Applications. In: Proceedings of 2004 IEEE International Conference on Web Services, San Diego, USA, pp. 402–409 (2004)Google Scholar
  8. 8.
    Surridge, M., Taylor, S.J., De Roure, D., Zaluska, E.J.: Experiences with GRIA - Industrial applications on a web services Grid. In: Proceedings of 1st IEEE Conference on e-Science and Grid Computing, Melbourne, Australia (December 2005)Google Scholar
  9. 9.
  10. 10.
    Kaler, C.: Web Services Security (WS-Security) v1.0 (April 2002) (April 2005), http://www-106.ibm.com/developerworks/webservices/library/ws-secure/
  11. 11.
    Anderson, S., Bohren, J., et al.: Web Services Trust Language (WS-Trust) v1.1 (May 2004) (April 2005), http://www-106.ibm.com/developerworks/webservices/library/ws-trust
  12. 12.
    Kaler, C., Nadalin, A.: Web Services Federation Language (WS-Federation) (July 2003) (April 2005), http://www-106.ibm.com/developerworks/webservices/library/ws-fed/
  13. 13.
    Cohen, F.: Debunking SAML myths and misunderstandings, IBM developerWorks (July 08, 2003) (April 2005), http://www-106.ibm.com/developerworks/xml/library/x-samlmyth.html
  14. 14.
    The IETF has published generic AAA specifications as RFC2903 (architecture) and RFC2904 (framework) (April 2005), http://www.ietf.org/rfc/rfc2903.txt http://www.ietf.org/rfc/rfc2904.txt
  15. 15.
  16. 16.
    GEMSS project (April 2005), http://www.gemss.de
  17. 17.
    Comb-e-Chem project (April 2005), http://www.comb-e-chem.org
  18. 18.
    De Roure D., et al.: The semantic Grid: a future e-Science infrastructure (2002) (April 2005), http://www.semanticgrid.org/documents/semgrid-journal/semgrid-journal.pdf
  19. 19.
    The Global Grid Forum (April 2005), http://www.gridforum.org
  20. 20.
    Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations (April 2005), http://www.globus.org/research/papers/anatomy.pdf
  21. 21.
    Brooke, J., Garwood, K., Goble, C.: Interoperability of Grid Resource Descriptions: A Semantic Approach (April 2005), http://www.semanticgrid.org/GGF/ggf9/john/
  22. 22.
    TERENA Task Force on Authentication, Authorisation Coordination for Europe (February 2005), http://www.terena.nl/tech/task-forces/tf-aace/
  23. 23.
    Welch, V.: Globus Toolkit Firewall Requirements (April 2005), http://www.globus.org/security/v2.0/firewalls.html
  24. 24.
    Cantor, S., Carmody, S., Erdos, M., et al.: Shibboleth v 1.2.1 (February 2005), http://shibboleth.internet2.edu/shibboleth-documents.html
  25. 25.
    Moses, T.: eXtensible Access Control Markup Language (XACML) Version 2.0 draft 04 (December 2004) (April 2005), http://www.oasis-open.org/committees/xacml

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Mehran Ahsant
    • 1
  • Mike Surridge
    • 2
  • Thomas Leonard
    • 2
  • Ananth Krishna
    • 2
  • Olle Mulmo
    • 1
  1. 1.Center for Parallel ComputersRoyal Institute of TechnologyStockholmSweden
  2. 2.IT-Innovation CenterUniversity of SouthamptonSouthamptonUK

Personalised recommendations