Abstract
This paper1 presents an architecture to meet the needs for authentication and authorization in Grid based component systems. While Grid Security Infrastructure (GSI) [1] is accepted as the standard for authentication on the Grid, distributed authorization is still an open problem being investigated by various groups [2],[3],[4]. Our design provides authentication and fine-grained authorization at the interface, method and parameter levels. We discuss the ways in which internal and external authorization services can be used in a component framework. The design is flexible to allow the use of various existing policy languages and authorization systems. Our prototype is based on XCAT, an implementation of the Common Component Architecture (CCA) specification.
This research was supported by NSF grant ASC 9619019, NCSA Alliance
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
I. Foster, C. Kesselman, G. Tsudik, S. Tuecke: A Security Architecture for Computational Grids ACM Conference on Computer and Communications Security Conference, pp. 83–92, 1998
W. Johnston, S. Mudumbai, M. Thompson: Authorization and Attribute Certificates for Widely Distributed Access Control Proceedings of the IEEE 7th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, WETICE’ 1998
L. Pearlman, V. Welch, I. Foster, C. Kesselman, S. Tuecke: A Community Authorization Service for Group Collaboration. Submitted to IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2001. http://www.globus.org/research/papers/CAS 2002 Submitted.pdf
A. Ferrari, F. Knabe, M. Humphrey, S. Chapin, A. Grimshaw: A Flexible Security System for Metacomputing Environments. TR CS-98-36. January 1998.
S. Tuecke, K. Czajkowski, I. Foster, J. Frey, S. Graham, C. Kesselman: Grid Service Specification. February 2002. http://www.globus.org/research/papers/gsspec.pdf
Christenser E., Curbera, F., Meredith, G. and Weerawarana., S.: Web Services Description Language (WSDL) 1.1 W3C, Note 15,2001, http://www.w3.org/TR/wsdl
Madhusudhan Govindaraju, Sriram Krishnan, Kenneth Chiu, Aleksander Slominski, Dennis Gannon, Randall Bramley: XCAT 2.0: Design and Implementation Technical Report 562. Department of Computer Science, Indiana University. June 2002.
R. Armstrong, D. Gannon, A. Geist, K. Keahey, S. Kohn, L. McInnes, S. Parker and B. Smolinski: Toward a Common Component Architecture for High-Performance Scientific Computing. In Proceedings of the 8th IEEE International Symposium on HighP erformance Distributed Computation, August 1999.
B. A. Allan, R. C. Armstrong, A. P. Wolfe, J. Ray, D. E. Bernholdt and J. A. Kohl: The CCA Core Speci.cation In a Distributed Memory SPMD Framework submitted to Concurrency: Practice and Experience.
R. Bramley, K. Chiu, S. Diwan, D. Gannon, M. Govindaraju, N. Mukhi, B. Temko, and M. Yechuri: A component based services architecture for building distributed applications In Proceedings of NinthIEEE International Symposium on HighP erformance Distributed Computing Conference, Pittsburgh, August 1–4 2000.
J. Villacis, M. Govindaraju, D. Stern, A. Whitaker, F. Breg, P. Deuskar, B. Temko, D. Gannon, R. Bramley: CAT: A HighP erformance, Distributed Component Architecture Toolkit for the Grid Proceedings of Eighth IEEE International Symposium on High Performance Distributed Computing Conference. August 3-6 1999.
D. Box, et al Simple Object Access Protocol (SOAP) 1.1. W3C Note. http://www.w3.org/TR/SOAP/
A. S. Grimshaw, W. A. Wulf, J. C. French, A. C. Weaver, P. F. Reynolds Jr. Legion: The Next Logical Step Toward a Nationwide Virtual Computer. Technical Report CS-94-21. August 1994.
P. Hallam-Baker: X-TASS: XML Trust Assertion Service Specification. 2001.
B. Atkinson, et al:Web Services Security (WS-Security). Version 1.0. April 5, 2002. http://msdn.microsoft.com/library/en-us/ dnglobspec/html/ws-security.asp
M. Bartel, J. Boyer, B. Fox, B. LaMacchia, E. Simon: XML-Signature Syntax and Processing. W3C Recommendation. http://www.w3.org/TR/xmldsig-core/.
W. Ford, P. Hallam-Baker, B. Fox, B. Dillaway, B. LaMacchia, J. Epstein, J. Lapp.: XML Key Management Specification (XKMS). 2001. http://www.w3.org/TR/xkms/
D. Platt: Oasis Security Services Use Cases and Requirements. Oasis SSTC. 30 May 2001. http://www.oasis-open.org/committees/security/docs/draft-sstc-saml-reqs-01.pdf
T. Bray et al: Extensible Markup Language (XML) 1.0 (Second Edition). W3C Recommendation. 6 October 2000. http://www.w3.org/TR/REC-xml
Xuhui Ao, Naftaly Minsky, Thu Nguyen, Victoria Ungureanu: Law-Governed Communities Over the Internet. In Proc. of Coordination’ 2000: Fourth International Conference on Coordination Models and Languages, Sept 2000
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ramakrishnan, L. et al. (2002). An Authorization Framework for a Grid Based Component Architecture. In: Parashar, M. (eds) Grid Computing — GRID 2002. GRID 2002. Lecture Notes in Computer Science, vol 2536. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36133-2_15
Download citation
DOI: https://doi.org/10.1007/3-540-36133-2_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00133-1
Online ISBN: 978-3-540-36133-6
eBook Packages: Springer Book Archive