Security Credential Mapping in Grids

Federating security and trust is one of the most significant architectural requirements in grids. In this regard, one challenging issue is the cross-organizational authentication and identification. Organizations participated in Virtual Organizations (VOs) may use different security infrastructures that implement different authentication and identification protocols. Thus, arises an architectural need to provide a mechanism for a lightweight, rapid and interoperable translation of security credentials from an original format to a format understandable by recipients. In this paper, we describe the development and the implementation of an architecture for credential mapping in grids using off-the-shelf technologies and standard specifications. Our open-source implementation of this architecture provides support for an on-the-fly exchange for different types of security credentials used by diverse grid security infrastructures.

[1]  Mike Surridge,et al.  Dynamic Trust Federation in Grids , 2006, iTrust.

[2]  Marianne Winslett,et al.  Traust: a trust negotiation-based authorization service for open systems , 2006, SACMAT '06.

[3]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[4]  Ian T. Foster,et al.  Streamlining Grid Operations: Definition and Deployment of a Portal-based User Registration Service , 2006, Journal of Grid Computing.

[5]  Siddharth Bajaj,et al.  Web Services Federation Language (WS- Federation) , 2003 .

[6]  Jim Basney,et al.  CredEx: user-centric credential management for grid and Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[7]  Ian Foster,et al.  The Security Architecture for Open Grid Services , 2002 .

[8]  Burton S. Kaliski,et al.  PKCS #10: Certification Request Syntax Specification Version 1.7 , 2000, RFC.

[9]  Giovanni Della-Libera,et al.  Web Services Trust Language (WS-Trust) , 2002 .

[10]  Peter Honeyman,et al.  Kerberized Credential Translation: A Solution to Web Access Control , 2001, USENIX Security Symposium.

[11]  David De Roure,et al.  Experiences with GRIA - Industrial Applications on a Web Services Grid , 2005, e-Science.

[12]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[13]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[14]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.