Authorization Framework for Resource Sharing in Grid Environments

Jin, Jing; Ahn, Gail-Joon

doi:10.1007/978-3-642-10549-4_18

Jing Jin⁶ &
Gail-Joon Ahn⁷

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 63))

Included in the following conference series:

International Conference on Grid and Distributed Computing

525 Accesses
1 Citations

Abstract

Grid data sharing services provide a unified platform for dynamic discovery, access and sharing of distributed data in Grid environments. A common authorization system is needed to provide access control for both Grid data sharing services as well as the data resources that are being shared through these services, accommodating different security requirements from the service providers and the data providers. In this paper, we present a flexible policy-driven authorization system, called RamarsAuthZ, for secure data sharing services in Grid environments. RamarsAuthZ adopts a flexible role-based approach with trust-aware feature to advocate originator control and provide unified access control both at the service level and at the data level.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Globus: GT 4.0: Data Replication Service (DRS), http://www.globus.org/toolkit/docs/4.0/techpreview/datarep/
Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A Flexible Attribute Based Access Control Method for Grid Computing. Journal of Grid Computing 7(2) (2008)
Google Scholar
Cantor, S.: Shibboleth Architecture: Protocols and Profiles (2005), http://shibboleth.internet2.edu/docs/internet2-mace-shibboleth-arch-protocols-200509.pdf
Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., Lorentey, L., Spataro, F.: VOMS, an authorization system for virtual organizations. In: Proc. of 1st EuropeanAcross Grids Conferences (2003)
Google Scholar
Groeper, R., Grimm, C., Piger, S., Wiebelitz, J.: An Architecture for Authorization in Grids using Shibboleth and VOMS. In: Proc. of 33rd EUROMICRO Conference on Software Engineering and Advanced Applications, pp. 367–374 (2007)
Google Scholar
Thompson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate-based Access Control for Widely Distributed Resources. In: Proc. of 8th Usenix Security Symposium (1999)
Google Scholar
Chadwick, D.W., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. In: Proc.of the 7th ACM symposium on Access control models and technologies (SACMAT), pp. 135–140 (2002)
Google Scholar
Jin, J., Ahn, G.J.: Role-based Access Management for Ad-hoc Collaborative Sharing. In: Proc. of 11th Symposium on Access Control Models and Technologies (SACMAT), pp. 200–209 (2006)
Google Scholar
Jin, J., Ahn, G.J., Shehab, M., Hu, H.: Towards Trust-aware Access Management for Ad-hoc Collaborations. In: Proc. of 3rd IEEE International Conference on Collaborative Computing, pp. 41–48 (2007)
Google Scholar
OASIS: XACML 2.0 core: extensible access control markup language (XACML) version 2.0 (2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-ospdf
Welch, V., Ananthakrishnan, R., Siebenlist, F., Chadwick, D., Meder, S., Pearlman, L.: Use of SAML for OGSI authorization (2005), https://forge.gridforum.org/projects/ogsa-authz/document/draft-ogsi-authz-saml-aug15-05.pdf/en/1
Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile (2004), http://rfc.net/rfc3820.html
Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Pearlman, S.M.L., Tuecke, S.: Security for Grid Services. In: Proc. of 12th IEEE International Symposium on High Performance Distributed Computing, pp. 48–57 (2003)
Google Scholar

Download references

Author information

Authors and Affiliations

University of North Carolina at Charlotte,
Jing Jin
Arizona State University,
Gail-Joon Ahn

Authors

Jing Jin
View author publications
You can also search for this author in PubMed Google Scholar
Gail-Joon Ahn
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

University of Warsaw and Infobright Inc.,
Dominik Ślęzak
Hannam University, 306-791, Daejeon, South Korea
Tai-hoon Kim
Department of Computer Science and Engineering, Arizona State University, AZ 85287-8809, Tempe, USA
Stephen S. Yau
Department of Mathematics and Computer Science, University of Perugia, Via Vanvitelli, 1, 06123, Perugia, Italy
Osvaldo Gervasi
University of Tasmania,, 7001, Hobart, Australia
Byeong-Ho Kang

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Jin, J., Ahn, GJ. (2009). Authorization Framework for Resource Sharing in Grid Environments. In: Ślęzak, D., Kim, Th., Yau, S.S., Gervasi, O., Kang, BH. (eds) Grid and Distributed Computing. GDC 2009. Communications in Computer and Information Science, vol 63. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10549-4_18

Download citation

DOI: https://doi.org/10.1007/978-3-642-10549-4_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10548-7
Online ISBN: 978-3-642-10549-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics