Shibboleth and Community Authorization Services: Enabling Role-Based Grid Access

  • Fan Gao
  • Jefferson Tan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7017)


Classical authentication and authorization in grid environments can become a user management issue due to the flat nature of credentials based on X.509 certificates. While such credentials are able to identify user affiliations, such systems typically leave out a crucial aspect in user management and resource allocation: privilege levels. Shibboleth-based authentication mechanisms facilitate the secure communication of such user attributes within a trust federation. This paper describes a role-based access control framework that exploits Shibboleth attribute handling and CAS (Community Authorization Services) within a Grid environment. Users are able obtain appropriate access levels to resources outside of their domain on the basis of their native privileges and resource policies. This paper describes our framework and discusses issues of security and manageability.


grids resource allocation user management single sign-on 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chakrabarti, A.: Grid computing security. Springer, New York (2007)zbMATHGoogle Scholar
  2. 2.
    Gutmarm, P.: PKI: It’s not dead, just resting. Computer 35(8), 41–49 (2002)CrossRefGoogle Scholar
  3. 3.
    Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: Security architecture for computational grids. In: 5th ACM Conf. on Computer and Communications Security (CCS 1998), pp. 83–92. ACM, NY (1998)Google Scholar
  4. 4.
    Jie, W., Arshad, J., Ekin, P.: Authentication and authorization infrastructure for Grids—issues, technologies, trends and experiences. J. Supercomput. 52(1), 82–96 (2010)CrossRefGoogle Scholar
  5. 5.
    Sinnott, R.O., Jiang, J., Watt, J., Ajayi, O.: Shibboleth-based access to and usage of grid resources. In: Proc. 7th IEEE/ACM Int. Conf. Grid Computing (Grid 2006), pp. 136–143. IEEE Computer Society, Washington, DC (2006)CrossRefGoogle Scholar
  6. 6.
    Daswani, N., Kern, C., Kesavan, A.: Foundations of security: what every programmer needs to know. Apress Media LLC, New York (2007)Google Scholar
  7. 7.
    Pereira, A.L., Muppavarapu, V., Chung, S.M.: Role-based access control for grid database services using the community authorization service. IEEE Trans. Dependable and Secure Computing 3(2), 156–166 (2006)CrossRefGoogle Scholar
  8. 8.
    ITU-T Recommendation X.812 | ISO/IEC 10181-3:1996, Security Frameworks for open systems: Access control framework (1996) Google Scholar
  9. 9.
    Hemmes, J., Thain, D.: Cacheable decentralized groups for grid resource access control. In: 7th IEEE/ACM Int. Conf. Grid Computing (Grid 2006), pp. 192–199. IEEE Computer Society, Washington, DC (2006)CrossRefGoogle Scholar
  10. 10.
    Ni, X., Luo, J., Song, A.: A trust degree based access control for multi-domains in grid environment. In: 11th Int. Conf. Computer Supported Cooperative Work in Design (CSCWD 2007), pp. 864–869. IEEE, Piscataway (2007)Google Scholar
  11. 11.
    Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A multipolicy authorization framework for grid security. In: 5th IEEE Int. Symp. Network Computing and Applications (NCA 2006), pp. 269–272. IEEE, Los Alamitos (2006)CrossRefGoogle Scholar
  12. 12.
    Jensen, J., Spence, D., Viljoen, M.: Grid single sign-on in CCLRC. In: Proc. UK e-Science All Hands Meeting 2006, Nottingham, UK. National e- Science Centre, Edinburgh (2006)Google Scholar
  13. 13.
    Chadwick, D., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. Future Generation Computer Systems 19(2), 277–289 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Fan Gao
    • 1
  • Jefferson Tan
    • 1
  1. 1.Faculty of Information TechnologyMonash UniversityAustralia

Personalised recommendations