Abstract
Grids enable uniform access to resources by implementing standard interfaces to resource gateways. In the Open Science Grid (OSG), privileges are granted on the basis of the user’s membership to a Virtual Organization (VO). However, Grid sites are solely responsible to determine and control access privileges to resources using users’ identity and personal attributes, which are available through Grid credentials. While this guarantees full control on access rights to the sites, it makes VO privileges heterogeneous throughout the Grid and hardly fits with the Grid paradigm of uniform access to resources. To address these challenges, we are developing the Scalable Virtual Organization Privileges Management Environment (SVOPME), which provides tools for VOs to define, publish, and verify desired privileges and assists sites to provide the appropriate access policies. Moreover, SVOPME provides tools for grid site to analyze site access policies for various resources, verify compliance with preferred VO policies, and generate directives for site administrators on how the local access policies can be amended to achieve such compliance without taking control of local configurations away from site administrators. This paper discusses what access policies are of interest to the OSG community and how SVOPME implements privilege management tools for the OSG.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Pordes R et al. 2007 The Open Science Grid Journal of Physics: Conference Series 7815
Laure E et al. 2004 Middleware for the next generation Grid infrastructure Proceedings of Computing in High Energy Physics and Nuclear Physics 2004, Interlaken, Switzerland 826
Garzoglio G et al. 2009 Definition and Implementation of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware in OSG and EGEE Journal of Grid Computing DOI: 10.1007/s10723-009-9117-4
Garzoglio G et al. 2009 An XACML profile and implementation for Authorization Interoperability between OSG and EGEE Proceedings of Computing in High Energy Physics and Nuclear Physics 2009, Prague, Czech Republic
Foster I and Kasselman C 1997 Globus: A Metacomputing Infrastructure Toolkit International Journal of Supercomputer Applications, 11(2) 115–128
Alfieri R et al. 2004 VOMS, an authorization system for virtual organizations Proceedings of European across Grids conference No1, Santiago De Compostela, Spain 2970 33–40
Ceccanti A, Ciaschini V, Dimou M, Garzoglio G, Levshina T, Traylen S, Venturi V 2009 VOMS/VOMRS Utilization patterns and convergence plan Proceedings of Computing in High Energy Physics and Nuclear Physics 2009, Prague, Czech Republic
Moses T et al. 2005 Extensible access control markup language (xacml) version 2.0 Oasis Standard
Cantor S, Kemp J, Philpott R, Maler R 2005 Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2. 0 OASIS SSTC
Garzoglio G et al. 2008 An XACML Attribute and Obligation Profile for Authorization Interoperability in Grids Fremilab White Paper CD-doc-2952-v2
Lorch M, Kafura D, Fisk I, Keahey K, Carcassi G, Freeman T, Peremutov T, Rana A S 2005 Authorization and account management in the Open Science Grid The 6th IEEE/ACM International Workshop on Grid Computing, 2005
The EGEE Authorization Service: http://twiki.cern.ch/twiki/bin/view/EGEE/AuthorizationFrameworkAccessed on May 13, 2009
Cesini D, Ciaschini V, Dongiovanni D, Ferraro A, Forti A, Ghiselli A, Italiano A, Salomoni D 2008 Enabling a priority-based fair share in the EGEE infrastructure Journal of Physics: Conference Series 119 062023 DOI:10.1088/1742-6596/119/6/062023
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this paper
Cite this paper
Garzoglio, G., Wang, N., Sfiligoi, I., Levshina, T., Ananthan, B. (2010). SVOPME: A Scalable Virtual Organization Privileges Management Environment. In: Lin, S., Yen, E. (eds) Managed Grids and Cloud Systems in the Asia-Pacific Research Community. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-6469-4_15
Download citation
DOI: https://doi.org/10.1007/978-1-4419-6469-4_15
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-6468-7
Online ISBN: 978-1-4419-6469-4
eBook Packages: Computer ScienceComputer Science (R0)