GridCertLib: A Single Sign-on Solution for Grid Web Applications and Portals

This paper describes the design and implementation of GridCertLib, a Java library leveraging a Shibboleth-based authentication infrastructure and the SLCS online certificate signing service, to provide short-lived X.509 certificates and Grid proxies. The main use case envisioned for GridCertLib, is to provide seamless and secure access to Grid X.509 certificates and proxies in web applications and portals: when a user logs in to the portal using SAML-based Shibboleth authentication, GridCertLib uses the SAML assertion to obtain a Grid X.509 certificate from the SLCS service and generate a VOMS proxy from it. We give an overview of the architecture of GridCertLib and briefly describe its programming model. Its application to some deployment scenarios is outlined, as well as a report on practical experience integrating GridCertLib into portals for Bioinformatics and Computational Chemistry applications, based on the popular P-GRADE and Django softwares.

[1]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[2]  Kwang S. Kim,et al.  Theory and applications of computational chemistry : the first forty years , 2005 .

[3]  Péter Kacsuk,et al.  Multi-Grid, Multi-User Workflows in the P-GRADE Grid Portal , 2005, Journal of Grid Computing.

[4]  P. Kacsuk,et al.  WS-PGRADE: Supporting parameter sweep applications in workflows , 2008, 2008 Third Workshop on Workflows in Support of Large-Scale Science.

[5]  Tanya Levshina,et al.  Definition and Implementation of a SAML-XACML Profile for Authorization Interoperability Across Grid Middleware in OSG and EGEE , 2009, Journal of Grid Computing.

[6]  Péter Kacsuk,et al.  P‐GRADE portal family for grid infrastructures , 2011, Concurr. Comput. Pract. Exp..

[7]  Péter Kacsuk,et al.  P-GRADE Portal: A generic workflow system to support user communities , 2011, Future Gener. Comput. Syst..

[8]  Ákos Frohner,et al.  From gridmap-file to VOMS: managing authorization in a Grid environment , 2005, Future Gener. Comput. Syst..

[9]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[10]  Giacinto Donvito,et al.  The GENIUS Grid Portal and robot certificates: a new tool for e-Science , 2009, BMC Bioinformatics.

[11]  Mark S. Gordon,et al.  General atomic and molecular electronic structure system , 1993, J. Comput. Chem..

[12]  Dennis G. Kafura,et al.  The PRIMA Grid Authorization System , 2004, Journal of Grid Computing.

[13]  Jim Basney,et al.  Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, Grid , 2006 .

[14]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[15]  Mark S. Gordon,et al.  Chapter 41 – Advances in electronic structure theory: GAMESS a decade later , 2005 .

[16]  Andrew Sinclair,et al.  Licence Profile: Apache License, Version 2.0 , 2010 .

[17]  Jim Basney,et al.  A credential renewal service for long-running jobs , 2005, The 6th IEEE/ACM International Workshop on Grid Computing, 2005..

[18]  Michael Kommenda,et al.  Improved homology-driven computational validation of protein-protein interactions motivated by the evolutionary gene duplication and divergence hypothesis , 2009, BMC Bioinformatics.

[19]  Mary R. Thompson,et al.  ROAM: An Authorization Manager for Grids , 2006, Journal of Grid Computing.