Skip to main content
SpringerLink
Log in

Authorisation Infrastructure for On-Demand Grid and Network Resource Provisioning

  • Conference paper
Networks for Grid Applications (GridNets 2009)

Included in the following conference series:

Abstract

The paper presents the Authorisation (AuthZ) infrastructure for combined multidomain on-demand Grid and network resource provisioning which we refer to as the Complex Resource Provisioning (CRP). The proposed CRP model provides a common abstraction of the resource provisioning process and is used as a basis for defining the major AuthZ mechanisms and components that extend the generic AAA AuthZ framework to support CRP (GAAA-CRP), in particular using XML-based AuthZ tickets and tokens to support access control and signalling during different CRP stages. The proposed GAAA-CRP framework is implemented as the GAAA Toolkit pluggable library and allows integration with the Grid and network service and control plane middleware. The proposed authorisation infrastructure allows using in-band binary tokens to extend network access control granularity to data plane and support binding applications to dataflows. The paper discusses the use of the ForCES network management model to achieve interoperability with the network control plane and define the GAAA-NRP interfaces to network control plane. This research was conducted as a part of the EU Phosphorus project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Demchenko, Y., Wan, A., Cristea, M., de Laat, C.: Authorisation Infrastructure for On-Demand Network Resource Provisioning. In: Proceedings The 9th IEEE/ACM International Conference on Grid Computing (Grid 2008), Tsukuba, Japan, September 29 - October 1, pp. 95–103 (2008) IEEE Catalog Number CFP08GRI-CDR, ISBN 978-1-4244-2579-2

    Google Scholar 

  2. Hafid, A., Maach, A., Drissi, J.: A distributed advance reservation system for interconnected slotted optical networks: Design and simulations. Computer Communications 30(5), 1142–1151 (2007)

    Article  Google Scholar 

  3. MSS Viola Meta Scheduling Service Project, http://packcs-e0.scai.fhg.de/viola-project/

  4. Yuanming, C., Wendong, W., Xiangyang, G., Xirong, Q.: Initiator-Domain-Based SLA Negotiation for Inter-domain QoS-Service Provisioning. In: Proc. 4th Int. Networking and Services, March 16-21, pp. 165–169 (2008)

    Google Scholar 

  5. Vollbrecht, J., Calhoun, P., Farrell, S., Gommans, L., Gross, G., de Bruijn, B., de Laat, C., Holdrege, M., Spence, D.: AAA Authorization Framework. Informational RFC 2904, Internet Engineering Task Force (August 2000), ftp://ftp.isi.edu/in-notes/rfc2904.txt

  6. Demchenko, Y., de Laat, C., Koeroo, O., Sagehaug, H.: Extending XACML Authorisation Model to Support Policy Obligations Handling in Distributed Applications. In: Proceedings of the 6th International Workshop on Middleware for Grid Computing (MGC 2008), Leuven, Belgium, December 1 (2008) ISBN:978-1-60558-365-5, http://portal.acm.org/citation.cfm?id=1462704.1462709

  7. An XACML Attribute and Obligation Profile for Authorization Interoperability in Grids, Joint EGEE, OSG, and Globus document, https://edms.cern.ch/document/929867/1

  8. Demchenko, Y., Cristea, C.M., de Laat: XACML Policy profile for multidomain Network Resource Provisioning and supporting Authorisation Infrastructure. In: IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2009), London, UK, July 20-22 (2009) (accepted paper)

    Google Scholar 

  9. Gommans, L., Xu, L., Demchenko, Y., Wan, A., Cristea, M., Meijer, R., de Laat, C.: Multi-Domain Lightpath Authorization using Tokens. Future Generations Computer Systems 25(2), 153–160 (2009)

    Article  Google Scholar 

  10. Demchenko, Y., de Laat, C., Denys, T., Toinard, C.: Authorisation Session Management in On-Demand Resource Provisioning in Collaborative Applications. In: COLSEC 2009 Workshop, The 2009 International Symposium on Collaborative Technologies and Systems (CTS 2009), Baltimore, Maryland, USA, May 18-22 (2009)

    Google Scholar 

  11. Cristea, M.-L., Gommans, L., Xu, L., Bos, H.: The Token Based Switch: Per-Packet Access Authorisation to Optical Shortcuts. In: Proceedings of IFIP Networking, Atlanta, GA, USA (May 2007)

    Google Scholar 

  12. ForCES Token Based Switch Design and Implementation, Phosphorus Project Deliverable D4.3.2 (September 30, 2008), http://www.ist-phosphorus.eu/files/deliverables/Phosphorus-deliverable-D4.3.2.pdf

  13. Alkassar, A., Stuble, C.: Security Framework for Integrated Networks. In: Proc. Military Communications Conference (MILCOM 2003), October 13-16, vol. 2, pp. 802–807 (2003) ISBN: 0-7803-8140-8

    Google Scholar 

  14. Yang, L., Dantu, R., Anderson, T.: Forwarding and Control Element Separation (ForCES) Framework. RFC 3746 (April 2004)

    Google Scholar 

  15. Dong, L., Doria, A., Gopal, R.: ForCES Protocol Specification (work in progress) (March 2009), http://www.ietf.org/id/draft-ietf-forces-protocol-22.txt

  16. Salim, J., Ogawa, K.: SCTP based TML (Transport Mapping Layer) for ForCES protocol (work in progress) (July 2009), http://www.ietf.org/internet-drafts/draft-ietf-forces-sctptml-04.txt

  17. Haleplidis, E., Haas, R., Denazis, S., Koufopavlou, O.: A Web Service- and ForCES-based Programmable Router Architecture. In: IWAN 2005, France (2005)

    Google Scholar 

  18. Phosphorus Project, http://www.ist-phosphorus.eu/

  19. GAAA Toolkit pluggable components and XACML policy profile for ONRP, Phosphorus Project Deliverable D4.3.1 (September 30, 2008), http://www.ist-phosphorus.eu/files/deliverables/Phosphorus-deliverable-D4.3.1.pdf

  20. Updated GAAA Toolkit library for ONRP (final project release), Phosphorus Project Deliverable D4.5 (March 30, 2009), http://www.ist-phosphorus.eu/files/deliverables/Phosphorus-deliverable-D4.5.pdf

Download references

Author information

Authors and Affiliations

  1. System and Network Engineering Group, University of Amsterdam, Netherlands

    Yuri Demchenko, Mihai Cristea & Cees de Laat

  2. University of Patras, Greece

    Evangelos Haleplidis

Authors
  1. Yuri Demchenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mihai Cristea
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cees de Laat
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Evangelos Haleplidis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Technical University of Crete, Kounoupidiana, 73132, Chania Crete, Greece

    Anastasios Doulamis

  2. International Center for Advanced Internet Research, Northwestern University, 750 North Lake Shore Drive, Suite 600, IL 60611, Chicago, USA

    Joe Mambretti

  3. Athens Information Technology Centre, Peania, PO Box 68, 19002, Athens, Greece

    Ioannis Tomkos

  4. ICCS, National Technical University of Athens, Heroon Polytechniou, 9 str, 157 73 Athens, Athens, Greece

    Theodora Varvarigou

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Demchenko, Y., Cristea, M., de Laat, C., Haleplidis, E. (2010). Authorisation Infrastructure for On-Demand Grid and Network Resource Provisioning. In: Doulamis, A., Mambretti, J., Tomkos, I., Varvarigou, T. (eds) Networks for Grid Applications. GridNets 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 25. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11733-6_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11733-6_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11732-9

  • Online ISBN: 978-3-642-11733-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation