Skip to main content
SpringerLink
Log in

Federating HPC Access via SAML: Towards a Plug-and-Play Solution

  • Conference paper
Supercomputing (ISC 2013)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7905))

Included in the following conference series:

Abstract

Many potential users hesitate to use HPC resources due to sometimes complex procedures that are necessary to get access. Furthermore, HPC providers need up-to-date identity information to make correct access control decisions. Federated identity management addresses both issues by enforcing access control based on the users’ familiar accounts at their home organizations. SAML-based federations consisting of home organizations and web-services are already established, but the integration of non web-based services such as HPC resources is not trivial due to the absence of a browser as a user client or missing trust between web-portals and HPC resources. In this paper, we propose a concept that enables non web-based services to join SAML-based federations. From the service’s point-of-view, our approach is transparent and appears to be a local LDAP directory. From the federations point-of-view, our approach can be integrated like an ordinary SAML service provider. Due to this separation of concerns, integration effort is considerably reduced. Furthermore, we will show how our approach can be extended to enable federated access to semi-trusted web-portals.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Köhler, J., Labitzke, S., Simon, M., Nussbaumer, M., Hartenstein, H.: Facius: An easy-to-deploy SAML-based approach to federate non webbased services. In: Proc. of the 11th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom (2012)

    Google Scholar 

  2. Barton, T., Basney, J., Freeman, T., Scavo, T., Siebenlist, F., Welch, V., Ananthakrishnan, R., Baker, B., Goode, M., Keahey, K.: Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, GridShib, and MyProxy. In: 5th Annual PKI R&D Workshop (2006)

    Google Scholar 

  3. Basney, J., Fleury, T., Welch, V.: Federated Login to TeraGrid. In: Proc. of the 9th Symposium on Identity and Trust on the Internet, IDTRUST (2010)

    Google Scholar 

  4. Spence, D., Geddes, N., Jensen, J., Richards, A., Viljoen, M., Martin, A., Dovey, M., Norman, M., Tang, K., Trefethen, A., Wallom, D., Allan, R., Meredith, D.: ShibGrid: Shibboleth Access for the UK National Grid Service. In: Proc. of the IEEE Int. Conf. on e-Science and Grid Computing, e-Science (2006)

    Google Scholar 

  5. Wang, X.D., Jones, M., Jensen, J., Richards, A., Wallom, D., Ma, T., Frank, R., Spence, D., Young, S., Devereux, C., Geddes, N.: Shibboleth Access for Resources on the National Grid Service (SARoNGS). In: Proc. of the Int. Conf. on Information Assurance and Security, IAS (2009)

    Google Scholar 

  6. Grimm, C., Groeper, R., Makedanz, S., Pfeiffenberger, H., Gietz, P., Haase, M., Schiffers, M., Ziegler, D.W.: Trust Issues in Shibboleth-Enabled Federated Grid Authentication and Authorization Infrastructures Supporting Multiple Grid Middleware. In: Proc. of the 3rd Int. Conf. on e-Science and Grid Computing, e-Science (2007)

    Google Scholar 

  7. Hughes, J., Cantor, S., Hodges, J., Hirsch, F., Mishra, P., Philpott, R., Maler, E.: Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Std. (2005)

    Google Scholar 

  8. Murri, R., Kunszt, P.Z., Maffioletti, S., Tschopp, V.: GridCertLib: A Single Sign-on Solution for Grid Web Applications and Portals. Journal of Grid Computing 9(4), 441–453 (2011)

    Article  Google Scholar 

  9. Milinovic, M., Rauschenbach, J., Winter, S., Florio, L., Simonsen, D., Howlett, J.: Deliverable DS5.1.1: eduroam Service Definition and Implementation Plan. GÉANT2. Tech. Rep. (2008)

    Google Scholar 

  10. Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the Grid: MyProxy. In: Proc. of the 10th IEEE Int. Symp. on High Performance Distributed Computing, HPDC (2001)

    Google Scholar 

  11. Li, X., Palit, H., Foo, Y.S., Hung, T.: Building an HPC-as-a-Service Toolkit for User-interactive HPC services in the Cloud. In: Proc. of the IEEE Workshops of the Int. Conf. on Advanced Information Networking and Applications, WAINA (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Karlsruhe Institute of Technology (KIT), Steinbuch Centre for Computing (SCC), Karlsruhe, Germany

    Jens Köhler, Michael Simon, Martin Nussbaumer & Hannes Hartenstein

Authors
  1. Jens Köhler
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Simon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martin Nussbaumer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hannes Hartenstein
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Hamburg, Department of Informatics, Bundestraße 45a, 20146, Hamburg, Germany

    Julian Martin Kunkel

  2. Deutsches Klimarechenzentrum, Bundestraße 45a, 20146, Hamburg, Germany

    Thomas Ludwig

  3. Germany and Prometeus GmbH, University of Mannheim, Fliederstraße 2, 74915, Waibstadt, Germany

    Hans Werner Meuer

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Köhler, J., Simon, M., Nussbaumer, M., Hartenstein, H. (2013). Federating HPC Access via SAML: Towards a Plug-and-Play Solution. In: Kunkel, J.M., Ludwig, T., Meuer, H.W. (eds) Supercomputing. ISC 2013. Lecture Notes in Computer Science, vol 7905. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38750-0_35

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38750-0_35

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38749-4

  • Online ISBN: 978-3-642-38750-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation