Abstract
The paper presents the Authorisation (AuthZ) infrastructure for combined multidomain on-demand Grid and network resource provisioning which we refer to as the Complex Resource Provisioning (CRP). The proposed CRP model provides a common abstraction of the resource provisioning process and is used as a basis for defining the major AuthZ mechanisms and components that extend the generic AAA AuthZ framework to support CRP (GAAA-CRP), in particular using XML-based AuthZ tickets and tokens to support access control and signalling during different CRP stages. The proposed GAAA-CRP framework is implemented as the GAAA Toolkit pluggable library and allows integration with the Grid and network service and control plane middleware. The proposed authorisation infrastructure allows using in-band binary tokens to extend network access control granularity to data plane and support binding applications to dataflows. The paper discusses the use of the ForCES network management model to achieve interoperability with the network control plane and define the GAAA-NRP interfaces to network control plane. This research was conducted as a part of the EU Phosphorus project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Demchenko, Y., Wan, A., Cristea, M., de Laat, C.: Authorisation Infrastructure for On-Demand Network Resource Provisioning. In: Proceedings The 9th IEEE/ACM International Conference on Grid Computing (Grid 2008), Tsukuba, Japan, September 29 - October 1, pp. 95–103 (2008) IEEE Catalog Number CFP08GRI-CDR, ISBN 978-1-4244-2579-2
Hafid, A., Maach, A., Drissi, J.: A distributed advance reservation system for interconnected slotted optical networks: Design and simulations. Computer Communications 30(5), 1142–1151 (2007)
MSS Viola Meta Scheduling Service Project, http://packcs-e0.scai.fhg.de/viola-project/
Yuanming, C., Wendong, W., Xiangyang, G., Xirong, Q.: Initiator-Domain-Based SLA Negotiation for Inter-domain QoS-Service Provisioning. In: Proc. 4th Int. Networking and Services, March 16-21, pp. 165–169 (2008)
Vollbrecht, J., Calhoun, P., Farrell, S., Gommans, L., Gross, G., de Bruijn, B., de Laat, C., Holdrege, M., Spence, D.: AAA Authorization Framework. Informational RFC 2904, Internet Engineering Task Force (August 2000), ftp://ftp.isi.edu/in-notes/rfc2904.txt
Demchenko, Y., de Laat, C., Koeroo, O., Sagehaug, H.: Extending XACML Authorisation Model to Support Policy Obligations Handling in Distributed Applications. In: Proceedings of the 6th International Workshop on Middleware for Grid Computing (MGC 2008), Leuven, Belgium, December 1 (2008) ISBN:978-1-60558-365-5, http://portal.acm.org/citation.cfm?id=1462704.1462709
An XACML Attribute and Obligation Profile for Authorization Interoperability in Grids, Joint EGEE, OSG, and Globus document, https://edms.cern.ch/document/929867/1
Demchenko, Y., Cristea, C.M., de Laat: XACML Policy profile for multidomain Network Resource Provisioning and supporting Authorisation Infrastructure. In: IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2009), London, UK, July 20-22 (2009) (accepted paper)
Gommans, L., Xu, L., Demchenko, Y., Wan, A., Cristea, M., Meijer, R., de Laat, C.: Multi-Domain Lightpath Authorization using Tokens. Future Generations Computer Systems 25(2), 153–160 (2009)
Demchenko, Y., de Laat, C., Denys, T., Toinard, C.: Authorisation Session Management in On-Demand Resource Provisioning in Collaborative Applications. In: COLSEC 2009 Workshop, The 2009 International Symposium on Collaborative Technologies and Systems (CTS 2009), Baltimore, Maryland, USA, May 18-22 (2009)
Cristea, M.-L., Gommans, L., Xu, L., Bos, H.: The Token Based Switch: Per-Packet Access Authorisation to Optical Shortcuts. In: Proceedings of IFIP Networking, Atlanta, GA, USA (May 2007)
ForCES Token Based Switch Design and Implementation, Phosphorus Project Deliverable D4.3.2 (September 30, 2008), http://www.ist-phosphorus.eu/files/deliverables/Phosphorus-deliverable-D4.3.2.pdf
Alkassar, A., Stuble, C.: Security Framework for Integrated Networks. In: Proc. Military Communications Conference (MILCOM 2003), October 13-16, vol. 2, pp. 802–807 (2003) ISBN: 0-7803-8140-8
Yang, L., Dantu, R., Anderson, T.: Forwarding and Control Element Separation (ForCES) Framework. RFC 3746 (April 2004)
Dong, L., Doria, A., Gopal, R.: ForCES Protocol Specification (work in progress) (March 2009), http://www.ietf.org/id/draft-ietf-forces-protocol-22.txt
Salim, J., Ogawa, K.: SCTP based TML (Transport Mapping Layer) for ForCES protocol (work in progress) (July 2009), http://www.ietf.org/internet-drafts/draft-ietf-forces-sctptml-04.txt
Haleplidis, E., Haas, R., Denazis, S., Koufopavlou, O.: A Web Service- and ForCES-based Programmable Router Architecture. In: IWAN 2005, France (2005)
Phosphorus Project, http://www.ist-phosphorus.eu/
GAAA Toolkit pluggable components and XACML policy profile for ONRP, Phosphorus Project Deliverable D4.3.1 (September 30, 2008), http://www.ist-phosphorus.eu/files/deliverables/Phosphorus-deliverable-D4.3.1.pdf
Updated GAAA Toolkit library for ONRP (final project release), Phosphorus Project Deliverable D4.5 (March 30, 2009), http://www.ist-phosphorus.eu/files/deliverables/Phosphorus-deliverable-D4.5.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Demchenko, Y., Cristea, M., de Laat, C., Haleplidis, E. (2010). Authorisation Infrastructure for On-Demand Grid and Network Resource Provisioning. In: Doulamis, A., Mambretti, J., Tomkos, I., Varvarigou, T. (eds) Networks for Grid Applications. GridNets 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 25. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11733-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-11733-6_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11732-9
Online ISBN: 978-3-642-11733-6
eBook Packages: Computer ScienceComputer Science (R0)