Shibboleth and community authorization services: enabling role-based grid access

Authors:
Fan Gao;Jefferson Tan
Affiliations:
Faculty of Information Technology, Monash University, VIC, Australia;Faculty of Information Technology, Monash University, VIC, Australia
Venue:
ICA3PP'11 Proceedings of the 11th international conference on Algorithms and architectures for parallel processing - Volume Part II
Year:
2011

Citing 10
Cited 1

A security architecture for computational grids

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
PKI: It's Not Dead, Just Resting

Computer
The PERMIS X.509 role based privilege management infrastructure

Future Generation Computer Systems - Special section: Selected papers from the TERENA networking conference 2002
Role-Based Access Control for Grid Database Services Using the Community Authorization Service

IEEE Transactions on Dependable and Secure Computing
A Multipolicy Authorization Framework for Grid Security

NCA '06 Proceedings of the Fifth IEEE International Symposium on Network Computing and Applications
Grid Computing Security

Grid Computing Security
Foundations of Security: What Every Programmer Needs to Know

Foundations of Security: What Every Programmer Needs to Know
Shibboleth-based Access to and Usage of Grid Resources

GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
Cacheable Decentralized Groups for Grid Resource Access Control

GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
Authentication and authorization infrastructure for Grids--issues, technologies, trends and experiences

The Journal of Supercomputing

RETENTION: A reactive trust-based mechanism to detect and punish malicious nodes in ad hoc grid environments

Journal of Network and Computer Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Classical authentication and authorization in grid environments can become a user management issue due to the flat nature of credentials based on X.509 certificates. While such credentials are able to identify user affiliations, such systems typically leave out a crucial aspect in user management and resource allocation: privilege levels. Shibboleth-based authentication mechanisms facilitate the secure communication of such user attributes within a trust federation. This paper describes a role-based access control framework that exploits Shibboleth attribute handling and CAS (Community Authorization Services) within a Grid environment. Users are able obtain appropriate access levels to resources outside of their domain on the basis of their native privileges and resource policies. This paper describes our framework and discusses issues of security and manageability.