Abstract
This paper introduces security requirements and solutions present in the ViroLab Virtual Laboratory. Our approach is to use a federated Single Sign-On mechanism based on the Shibboleth framework that enables multiple partners to authenticate against their local identity systems and use resources provided by all other partners. Since the basic Shibboleth capabilities do not meet our specific requirements related to supporting non-web-based services, we created a set of custom tools that allow us to develop a homogeneous, Shibboleth-based security solution for both Web and non-web-based software components. This paper describes these tools in detail, together with other services of the virtual laboratory which have been integrated with the security infrastructure. A decentralized, attribute-based approach facilitating the creation and management of virtual organizations is the key achievement of our work.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bubak, M., Gubala, T., Malawski, M., Balis, B., Funika, W., Bartynski, T., Ciepiela, E., Harezlak, D., Kasztelnik, M., Kocot, J., Krol, D., Nowakowski, P., Pelczar, M., Wach, J., Assel, M., Tirado-Ramos, A.: Virtual laboratory for development and execution of biomedical collaborative applications. In: Proceedings of the Twenty-First IEEE International Symposium on Computer-Based Medical Systems, Jyväskylä, Finland, June 17-19, pp. 373–378. IEEE Computer Society, Los Alamitos (2008)
ViroLab team at CYFRONET: The ViroLab Virtual Laboratory Website (2009), http://virolab.cyfronet.pl
Sloot, P.M.A., Tirado-Ramos, A., Altintas, I., Bubak, M., Boucher, C.: From molecule to man: Decision support in individualized e-health. Computer 39(11), 40–46 (2006)
Funika, W., Harezlak, D., Krol, D., Bubak, M.: Environment for collaborative development and execution of virtual laboratory applications. In: Bubak, M., van Albada, G.D., Dongarra, J., Sloot, P.M.A. (eds.) ICCS 2008, Part III. LNCS, vol. 5103, pp. 446–458. Springer, Heidelberg (2008)
Malawski, M., Gubala, T., Kasztelnik, M., Bartynski, T., Bubak, M., Baude, F., Henrio, L.: High-level scripting approach for building component-based applications on the grid. In: Danelutto, M., Fragopoulou, P., Getov, V. (eds.) Making Grids Work: CoreGRID Workshop on Grid Programming Model Grid and P2P Systems Architecture Grid Systems, Tools and Environments, Heraklion, Crete, pp. 307–320. Springer, Heidelberg (2008)
Ciepiela, E., Kocot, J., Gubala, T., Malawski, M., Kasztelnik, M., Bubak, M.: Gridspace engine of the virolab virtual laboratory. In: Proceedings of Cracow Grid Workshop 2007, ACC CYFRONET AGH, pp. 53–58 (2008)
Bartynski, T., Malawski, M., Gubala, T., Bubak, M.: Universal grid client: Grid operation invoker. In: Wyrzykowski, R., Dongarra, J., Karczewski, K., Wasniewski, J. (eds.) PPAM 2007. LNCS, vol. 4967, pp. 1068–1077. Springer, Heidelberg (2008)
Malawski, M., Bubak, M., Placek, M., Kurzyniec, D., Sunderam, V.: Experiments with distributed component computing across grid boundaries. In: Proceedings of HPC-GECO/COMPFRAME Workshop in Conjunction with HPDC 2006, pp. 109–116 (2006)
Assel, M., Nowakowski, P., Bubak, M.: Integrating and accessing medical data resources within the ViroLab virtual laboratory. In: Bubak, M., van Albada, G.D., Dongarra, J., Sloot, P.M.A. (eds.) ICCS 2008, Part III. LNCS, vol. 5103, pp. 90–99. Springer, Heidelberg (2008)
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: Enabling scalable virtual organizations. Int. J. High Perform. Comput. Appl. 15(3), 200–222 (2001)
Internet 2 Project: Shibboleth (2008), http://shibboleth.internet2.edu/
Foster, I.T., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational grids. In: ACM Conference on Computer and Communications Security, pp. 83–92 (1998)
Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, Á., Lörentey, K., Spataro, F.: From gridmap-file to voms: managing authorization in a grid environment. Future Generation Comp. Syst. 21(4), 549–558 (2005)
Internet 2 Consortium: Shibboleth system, http://shibboleth.internet2.edu/
OASIS: Security assertion markup language, http://saml.xml.org/saml-specifications
Alticore, Inc.: Josso: Java open single sign-on (2009), http://www.josso.org/
OpenID Foundation: OpenID specifications, http://openid.net/specs/
Scavo, T., Welch, V.: A grid authorization model for science gateways. Concurrency and Computation: Practice and Experience (2008) (to appear)
Spence, D., et al.: Shibgrid: Shibboleth access for the uk national grid service. In: E-SCIENCE 2006: Proceedings of the Second IEEE International Conference on e-Science and Grid Computing, p. 75. IEEE Computer Society, Washington (2006)
OASIS: Web services security: Username token profile v1.0 http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
Globus Alliance: The WS-resource framework toolkit/ (2007), http://www.globus.org/
Assel, M., Kalyoncu, O.: Dynamic access control management for distributed biomedical data resources. In: Cunningham, P., Cunningham, M. (eds.) eChallenges e-2008 Conference, Collaboration and the Knowledge Economy: Issues, Applications, Case Studies, pp. 1593–1599. IOS Press, Amsterdam (2008)
Moses, T.: eXtensible Access Control Markup Language TC v2.0 (XACML) (February 2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
Kurzyniec, D., et al.: Towards Self-Organizing Distributed Computing Frameworks: The H2O Approach. Parallel Processing Lett. 13(2), 273–290 (2003)
de Oliveira, T., Deforche, K., Cassol, S., Salminen, M., Paraskevis, D., Seebregts, C., Snoeck, J., van Rensburg, E.J.J., Wensing, A.M.J., van de Vijver, D.A., Boucher, C.A., Camacho, R., Vandamme, A.M.: An automated genotyping system for analysis of hiv-1 and other microbial sequences. Bioinformatics 21(19), 3797–3800 (2005)
Balis, B., Bubak, M., Pelczar, M., Wach, J.: Provenance tracking and querying in the virolab virtual laboratory. In: 8th IEEE International Symposium on Cluster Computing and the Grid (CCGrid 2008), Lyon, France, May 19-22, pp. 675–680. IEEE Computer Society Press, Los Alamitos (2008)
Brylinski, M., Jurkowski, W., Konieczny, L., Roterman, I.: Limited conformational space for early-stage protein folding simulation. Bioinformatics 20(2), 199–205 (2004)
ViroLab team at GridwiseTech: GridwiseTech in the ViroLab Project (2009), http://www.gridwisetech.com/virolab
The EUGridPMA: Coordinating grid authentication in e-science, http://www.eugridpma.org/
ViroLab Project Consortium: ViroLab (2009), http://virolab.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Meizner, J. et al. (2009). ViroLab Security and Virtual Organization Infrastructure. In: Dou, Y., Gruber, R., Joller, J.M. (eds) Advanced Parallel Processing Technologies. APPT 2009. Lecture Notes in Computer Science, vol 5737. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03644-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-03644-6_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03643-9
Online ISBN: 978-3-642-03644-6
eBook Packages: Computer ScienceComputer Science (R0)