Abstract
Grid data sharing services provide a unified platform for dynamic discovery, access and sharing of distributed data in Grid environments. A common authorization system is needed to provide access control for both Grid data sharing services as well as the data resources that are being shared through these services, accommodating different security requirements from the service providers and the data providers. In this paper, we present a flexible policy-driven authorization system, called RamarsAuthZ, for secure data sharing services in Grid environments. RamarsAuthZ adopts a flexible role-based approach with trust-aware feature to advocate originator control and provide unified access control both at the service level and at the data level.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Globus: GT 4.0: Data Replication Service (DRS), http://www.globus.org/toolkit/docs/4.0/techpreview/datarep/
Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A Flexible Attribute Based Access Control Method for Grid Computing. Journal of Grid Computing 7(2) (2008)
Cantor, S.: Shibboleth Architecture: Protocols and Profiles (2005), http://shibboleth.internet2.edu/docs/internet2-mace-shibboleth-arch-protocols-200509.pdf
Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., Lorentey, L., Spataro, F.: VOMS, an authorization system for virtual organizations. In: Proc. of 1st EuropeanAcross Grids Conferences (2003)
Groeper, R., Grimm, C., Piger, S., Wiebelitz, J.: An Architecture for Authorization in Grids using Shibboleth and VOMS. In: Proc. of 33rd EUROMICRO Conference on Software Engineering and Advanced Applications, pp. 367–374 (2007)
Thompson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate-based Access Control for Widely Distributed Resources. In: Proc. of 8th Usenix Security Symposium (1999)
Chadwick, D.W., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. In: Proc.of the 7th ACM symposium on Access control models and technologies (SACMAT), pp. 135–140 (2002)
Jin, J., Ahn, G.J.: Role-based Access Management for Ad-hoc Collaborative Sharing. In: Proc. of 11th Symposium on Access Control Models and Technologies (SACMAT), pp. 200–209 (2006)
Jin, J., Ahn, G.J., Shehab, M., Hu, H.: Towards Trust-aware Access Management for Ad-hoc Collaborations. In: Proc. of 3rd IEEE International Conference on Collaborative Computing, pp. 41–48 (2007)
OASIS: XACML 2.0 core: extensible access control markup language (XACML) version 2.0 (2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-ospdf
Welch, V., Ananthakrishnan, R., Siebenlist, F., Chadwick, D., Meder, S., Pearlman, L.: Use of SAML for OGSI authorization (2005), https://forge.gridforum.org/projects/ogsa-authz/document/draft-ogsi-authz-saml-aug15-05.pdf/en/1
Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile (2004), http://rfc.net/rfc3820.html
Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Pearlman, S.M.L., Tuecke, S.: Security for Grid Services. In: Proc. of 12th IEEE International Symposium on High Performance Distributed Computing, pp. 48–57 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jin, J., Ahn, GJ. (2009). Authorization Framework for Resource Sharing in Grid Environments. In: Ślęzak, D., Kim, Th., Yau, S.S., Gervasi, O., Kang, BH. (eds) Grid and Distributed Computing. GDC 2009. Communications in Computer and Information Science, vol 63. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10549-4_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-10549-4_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10548-7
Online ISBN: 978-3-642-10549-4
eBook Packages: Computer ScienceComputer Science (R0)