Using Workflow for Dynamic Security Context Management in Grid-based Applications

Authors:
Yuri Demchenko;Leon Gommans;Cees Laat;Arie Taal;Alfred Wan;Olle Mulmo
Affiliations:
System and Network Engineering Group, University of Amsterdam, Kruislaan 403, 1098SJ, Amsterdam, The Netherlands. demch@science.uva.nl;System and Network Engineering Group, University of Amsterdam, Kruislaan 403, 1098SJ, Amsterdam, The Netherlands. lgommans@science.uva.nl;System and Network Engineering Group, University of Amsterdam, Kruislaan 403, 1098SJ, Amsterdam, The Netherlands. delaat@science.uva.nl;System and Network Engineering Group, University of Amsterdam, Kruislaan 403, 1098SJ, Amsterdam, The Netherlands. taal@science.uva.nl;System and Network Engineering Group, University of Amsterdam, Kruislaan 403, 1098SJ, Amsterdam, The Netherlands. wan@science.uva.nl;Center for Parallel Computers, Kungliga Tekniska h?ola, SE-100 44 Stockholm, Sweden. mulmo@pdc.kth.se
Venue:
GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
Year:
2006

Citing 4
Cited 3

Scientific workflow management: between generality and applicability

QSIC '05 Proceedings of the Fifth International Conference on Quality Software
VO-based Dynamic Security Associations in Collaborative Grid Environment

CTS '06 Proceedings of the International Symposium on Collaborative Technologies and Systems
Policy Based Access Control in Dynamic Grid-based Collaborative Environment

CTS '06 Proceedings of the International Symposium on Collaborative Technologies and Systems
Applications drive secure lightpath creation across heterogeneous domains

IEEE Communications Magazine

Dynamic security context management in Grid-based applications

Future Generation Computer Systems
Authorisation infrastructure for on-demand network resource provisioning

GRID '08 Proceedings of the 2008 9th IEEE/ACM International Conference on Grid Computing
An agent based network resource planner for workflow applications

Multiagent and Grid Systems - Agent Based Computing: From Model to Implementation

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents ongoing research and current results on the development of flexible access control infrastructures for complex resource provisioning in Grid-based collaborative applications and on-demand network services provisioning. We investigate the use of workflow concepts for the required orchestration of multiple Grid resources and/or services across multiple administrative and security domains. In particular, workflow execution and management tools can be used to track security context changes that are dependent on the application domain, execution stage defined policies, or user and/or service attributes. The paper discusses what specific functionality should be added to Grid-oriented authorization frameworks to handle such dynamic service-related security contexts. As an example, the paper explains how such functionality can be achieved in the GAAA Authorization framework and GAAA toolkit. Suggestions are given about integration with the Globus Toolkit's Authorization Framework. Additionally, the paper analyses what possibilities of expressing and handling dynamic security contexts are available in XACML and SAML, and how the VO concept can be used for managing dynamic security associations of users and resources. The paper is based on experiences gained from major Grid based and Grid oriented projects such as EGEE, NextGrid, Collaboratory. nl and GigaPort Research on Network.