Abstract
To manage jobs in multi-institutional grid environments, an automation tool needs to know not only the characteristics of resources, but also whether a job’s credentials will be mapped to accounts on them. Credentials may be mapped to an existing dedicated or shared account on a resource, or a new account may be created. Existing information models provide little account policy information, even though the development of virtual organization and account management tools means that account policies may be increasingly dynamic. Without automation tools being able to understand account policies, projects are unable to take full advantage of modern virtual organization and account management systems. Using advertised account policies, automation tools could consider whether the account creation, access, expiry, and cleanup policies of a service provider make it a good candidate for running particular jobs. Additionally, account renewals could be managed automatically using information in an expiry policy model.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Foster, I., Kesselman, C. (eds.): The grid: blueprint for a new computing infrastructure. Morgan Kaufmann Publishers Inc., San Francisco (1999)
Distributed Management Task Force, Inc. CIM Schema version 2.20 (November 2008), http://www.dmtf.org/standards/cim
Andreozzi, S. (ed.): GLUE specification v2.0 (revision 4 after public comment) (February 2009), http://forge.ggf.org/sf/projects/glue-wg
Baker, R., Yu, D., Wlodek, T.: A model for grid user management. In: Computing in High Energy and Nuclear Physics (2003)
Welch, V., Barton, T., Keahey, K., Siebenlist, F.: Attributes, anonymity, and access: Shibboleth and globus integration to facilitate grid collaboration. In: 4th Annual PKI R&D Workshop (2005)
Hacker, T.J., Athey, B.D.: A methodology for account management in grid computing environments. In: Proceedings of the 2nd International Workshop on Grid Computing, pp. 133–144 (2001)
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational grids. In: Proceedings of the 5th ACM Conference on Computer and Communications Security, pp. 83–92 (1998)
gridmapdir (2002), http://www.gridsite.org/gridmapdir/
Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, A., Lorentey, K., Spataro, F.: From gridmap-file to VOMS: Managing authorization in a grid environment. Future Generation Computer Systems 21(4), 549–558 (2005)
Scavo, T., Cantor, S.: Shibboleth architecture technical overview (June 2005), http://shibboleth.internet2.edu/docs/draft-mace-shibboleth-tech-overview-latest.pdf
Gietz, P., Grimm, C., Groper, R., Haase, M., Makedanz, S., Pfeiffenberger, H., Schiffers, M.: IVOM work package 1: Evaluation of international Shibboleth-based VO management projects (v 1.2) (June 2007), http://www.d-grid.de/
Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration. In: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks, pp. 50–59 (2002)
Lorch, M., Adams, D.B., Kafura, D., Koneni, M.S.R., Rathi, A., Shah, S.: The PRIMA system for privilege management, authorization and enforcement in grid environments. In: Proceedings of the 4th International Workshop on Grid Computing, pp. 109–116 (2003)
Thompson, M., Essiari, A., Keahey, K., Welch, V., Lang, S., Liu, B.: Fine-Grained Authorization for Job and Resource Management Using Akenti and the Globus Toolkit. ArXiv Computer Science e-prints (June 2003)
Chadwick, D., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. Future Generation Computer Systems 19(23), 277–289 (2003)
Cantor, S., Kemp, J., Philpott, R., Maler, E. (eds.): Assertions and protocols for the oasis security assertion markup language. OASIS Standard (March 2005)
Moses, T. (ed.): eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard (2005)
Nordic Testbed for Wide Area Computing and Data Handling. Nordugrid information system (September 2002), http://www.nordugrid.org/documents/ng-infosys.pdf
Hitachi Ltd. NAREGI Resource Description Schema Specification and Relational Data Model (2007), http://forge.ogf.org/sf/docman/do/downloadDocument/projects.glue-wg/docman.root.background.specifications/doc14300
Kiddle, C., Kivi, D., Simmonds, R.: Model-driven automation in grid environments. In: Proceedings of the 4th International Symposium on Frontiers in Networking with Applications (2008)
Enterprise Grid Alliance. Reference Model and Use Cases v1.5 (2006), http://www.ogf.org/gf/docs/egadocs.php
Aikema, D.: VO-centric account management. M.Sc. thesis, University of Calgary (2007)
Aikema, D.: A model of account access control and lifecycle management. Technical Report 2007-885-37, Department of Computer Science, University of Calgary (December 2007)
Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the grid: MyProxy. In: Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing, pp. 104–111 (2001)
Srinivasan, L., Banks, T.: Web Services Resource Lifetime 1.2 (WS-ResourceLifetime) (January 2006), http://docs.oasis-open.org/wsrf/wsrf-ws_resource_lifetime-1.2-spec-os.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aikema, D., Kiddle, C., Simmonds, R. (2009). An Account Policy Model for Grid Environments. In: Abdennadher, N., Petcu, D. (eds) Advances in Grid and Pervasive Computing. GPC 2009. Lecture Notes in Computer Science, vol 5529. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01671-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-01671-4_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01670-7
Online ISBN: 978-3-642-01671-4
eBook Packages: Computer ScienceComputer Science (R0)