The SDSC storage resource broker
CASCON '98 Proceedings of the 1998 conference of the Centre for Advanced Studies on Collaborative research
SSDBM '04 Proceedings of the 16th International Conference on Scientific and Statistical Database Management
The Anatomy of the Grid: Enabling Scalable Virtual Organizations
International Journal of High Performance Computing Applications
Cyberinfrastructure support for engineering virtual organization for cyberdesign
PPAM'11 Proceedings of the 9th international conference on Parallel Processing and Applied Mathematics - Volume Part II
| Hi-index | 0.00 |
This paper presents and discusses the design and implementation of authorization mechanisms for a data repository service for Grid environments that supports secure sharing of possibly confidential data by members of ad-hoc created groups. Such a system requires the separation of the repository into independent components thus adding to the complexity of the authorization mechanisms that protect both the storage service against unauthorized and possible malicious use, and intellectual property and confidentiality of the user's data. The solution proposed here extends the VOMS architecture, in favor of the other architectures for efficiency. The authorization is group-based with Group Membership Authorization Service responsible for maintaining the user roles in a virtual organization (i.e., the membership in a group). The user can now securely access data in a distributed repository by collecting SAML assertions from the component services and creating a complete assertion document that allows it to retrieve data from a data service.