Abstract
Many potential users hesitate to use HPC resources due to sometimes complex procedures that are necessary to get access. Furthermore, HPC providers need up-to-date identity information to make correct access control decisions. Federated identity management addresses both issues by enforcing access control based on the users’ familiar accounts at their home organizations. SAML-based federations consisting of home organizations and web-services are already established, but the integration of non web-based services such as HPC resources is not trivial due to the absence of a browser as a user client or missing trust between web-portals and HPC resources. In this paper, we propose a concept that enables non web-based services to join SAML-based federations. From the service’s point-of-view, our approach is transparent and appears to be a local LDAP directory. From the federations point-of-view, our approach can be integrated like an ordinary SAML service provider. Due to this separation of concerns, integration effort is considerably reduced. Furthermore, we will show how our approach can be extended to enable federated access to semi-trusted web-portals.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Köhler, J., Labitzke, S., Simon, M., Nussbaumer, M., Hartenstein, H.: Facius: An easy-to-deploy SAML-based approach to federate non webbased services. In: Proc. of the 11th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom (2012)
Barton, T., Basney, J., Freeman, T., Scavo, T., Siebenlist, F., Welch, V., Ananthakrishnan, R., Baker, B., Goode, M., Keahey, K.: Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, GridShib, and MyProxy. In: 5th Annual PKI R&D Workshop (2006)
Basney, J., Fleury, T., Welch, V.: Federated Login to TeraGrid. In: Proc. of the 9th Symposium on Identity and Trust on the Internet, IDTRUST (2010)
Spence, D., Geddes, N., Jensen, J., Richards, A., Viljoen, M., Martin, A., Dovey, M., Norman, M., Tang, K., Trefethen, A., Wallom, D., Allan, R., Meredith, D.: ShibGrid: Shibboleth Access for the UK National Grid Service. In: Proc. of the IEEE Int. Conf. on e-Science and Grid Computing, e-Science (2006)
Wang, X.D., Jones, M., Jensen, J., Richards, A., Wallom, D., Ma, T., Frank, R., Spence, D., Young, S., Devereux, C., Geddes, N.: Shibboleth Access for Resources on the National Grid Service (SARoNGS). In: Proc. of the Int. Conf. on Information Assurance and Security, IAS (2009)
Grimm, C., Groeper, R., Makedanz, S., Pfeiffenberger, H., Gietz, P., Haase, M., Schiffers, M., Ziegler, D.W.: Trust Issues in Shibboleth-Enabled Federated Grid Authentication and Authorization Infrastructures Supporting Multiple Grid Middleware. In: Proc. of the 3rd Int. Conf. on e-Science and Grid Computing, e-Science (2007)
Hughes, J., Cantor, S., Hodges, J., Hirsch, F., Mishra, P., Philpott, R., Maler, E.: Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Std. (2005)
Murri, R., Kunszt, P.Z., Maffioletti, S., Tschopp, V.: GridCertLib: A Single Sign-on Solution for Grid Web Applications and Portals. Journal of Grid Computing 9(4), 441–453 (2011)
Milinovic, M., Rauschenbach, J., Winter, S., Florio, L., Simonsen, D., Howlett, J.: Deliverable DS5.1.1: eduroam Service Definition and Implementation Plan. GÉANT2. Tech. Rep. (2008)
Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the Grid: MyProxy. In: Proc. of the 10th IEEE Int. Symp. on High Performance Distributed Computing, HPDC (2001)
Li, X., Palit, H., Foo, Y.S., Hung, T.: Building an HPC-as-a-Service Toolkit for User-interactive HPC services in the Cloud. In: Proc. of the IEEE Workshops of the Int. Conf. on Advanced Information Networking and Applications, WAINA (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Köhler, J., Simon, M., Nussbaumer, M., Hartenstein, H. (2013). Federating HPC Access via SAML: Towards a Plug-and-Play Solution. In: Kunkel, J.M., Ludwig, T., Meuer, H.W. (eds) Supercomputing. ISC 2013. Lecture Notes in Computer Science, vol 7905. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38750-0_35
Download citation
DOI: https://doi.org/10.1007/978-3-642-38750-0_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38749-4
Online ISBN: 978-3-642-38750-0
eBook Packages: Computer ScienceComputer Science (R0)