Shibboleth and Community Authorization Services: Enabling Role-Based Grid Access

Gao, Fan; Tan, Jefferson

doi:10.1007/978-3-642-24669-2_13

Shibboleth and Community Authorization Services: Enabling Role-Based Grid Access

Fan Gao¹⁹ &
Jefferson Tan¹⁹

Conference paper

1210 Accesses
3 Citations

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7017))

Abstract

Classical authentication and authorization in grid environments can become a user management issue due to the flat nature of credentials based on X.509 certificates. While such credentials are able to identify user affiliations, such systems typically leave out a crucial aspect in user management and resource allocation: privilege levels. Shibboleth-based authentication mechanisms facilitate the secure communication of such user attributes within a trust federation. This paper describes a role-based access control framework that exploits Shibboleth attribute handling and CAS (Community Authorization Services) within a Grid environment. Users are able obtain appropriate access levels to resources outside of their domain on the basis of their native privileges and resource policies. This paper describes our framework and discusses issues of security and manageability.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Chakrabarti, A.: Grid computing security. Springer, New York (2007)
MATH Google Scholar
Gutmarm, P.: PKI: It’s not dead, just resting. Computer 35(8), 41–49 (2002)
Article Google Scholar
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: Security architecture for computational grids. In: 5th ACM Conf. on Computer and Communications Security (CCS 1998), pp. 83–92. ACM, NY (1998)
Google Scholar
Jie, W., Arshad, J., Ekin, P.: Authentication and authorization infrastructure for Grids—issues, technologies, trends and experiences. J. Supercomput. 52(1), 82–96 (2010)
Article Google Scholar
Sinnott, R.O., Jiang, J., Watt, J., Ajayi, O.: Shibboleth-based access to and usage of grid resources. In: Proc. 7th IEEE/ACM Int. Conf. Grid Computing (Grid 2006), pp. 136–143. IEEE Computer Society, Washington, DC (2006)
Chapter Google Scholar
Daswani, N., Kern, C., Kesavan, A.: Foundations of security: what every programmer needs to know. Apress Media LLC, New York (2007)
Google Scholar
Pereira, A.L., Muppavarapu, V., Chung, S.M.: Role-based access control for grid database services using the community authorization service. IEEE Trans. Dependable and Secure Computing 3(2), 156–166 (2006)
Article Google Scholar
ITU-T Recommendation X.812 | ISO/IEC 10181-3:1996, Security Frameworks for open systems: Access control framework (1996)
Google Scholar
Hemmes, J., Thain, D.: Cacheable decentralized groups for grid resource access control. In: 7th IEEE/ACM Int. Conf. Grid Computing (Grid 2006), pp. 192–199. IEEE Computer Society, Washington, DC (2006)
Chapter Google Scholar
Ni, X., Luo, J., Song, A.: A trust degree based access control for multi-domains in grid environment. In: 11th Int. Conf. Computer Supported Cooperative Work in Design (CSCWD 2007), pp. 864–869. IEEE, Piscataway (2007)
Google Scholar
Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A multipolicy authorization framework for grid security. In: 5th IEEE Int. Symp. Network Computing and Applications (NCA 2006), pp. 269–272. IEEE, Los Alamitos (2006)
Chapter Google Scholar
Jensen, J., Spence, D., Viljoen, M.: Grid single sign-on in CCLRC. In: Proc. UK e-Science All Hands Meeting 2006, Nottingham, UK. National e- Science Centre, Edinburgh (2006)
Google Scholar
Chadwick, D., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. Future Generation Computer Systems 19(2), 277–289 (2003)
Article Google Scholar

Download references

Author information

Authors and Affiliations

Faculty of Information Technology, Monash University, VIC, 3800, Australia
Fan Gao & Jefferson Tan

Authors

Fan Gao
View author publications
You can also search for this author in PubMed Google Scholar
Jefferson Tan
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Information Technology, Deakin University, Melbourne Burwood Campus, 221 Burwood Highway, 3125, Burwood, VIC, Australia
Yang Xiang & Wanlei Zhou &
ICAR-CNR and University of Calabria, Via P. Bucci 41 C, 87036, Rende, CS, Italy
Alfredo Cuzzocrea
School of Information Technology, Deakin University, Geelong Waurn Ponds Campus, Pigdons Road, 3217, Geelong, VIC, Australia
Michael Hobbs

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Gao, F., Tan, J. (2011). Shibboleth and Community Authorization Services: Enabling Role-Based Grid Access. In: Xiang, Y., Cuzzocrea, A., Hobbs, M., Zhou, W. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2011. Lecture Notes in Computer Science, vol 7017. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24669-2_13

Download citation

DOI: https://doi.org/10.1007/978-3-642-24669-2_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24668-5
Online ISBN: 978-3-642-24669-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics