Authentication and authorization infrastructure for Grids—issues, technologies, trends and experiences

Authentication and authorization for Grids is a challenging security issue. In this paper, key issues for the establishment of Grid authentication and authorization infrastructures are discussed, and an overview of major Grid authentication and authorization technologies is presented. Related to this, recent developments in Grid authentication and authorization infrastructures suggest adoption of the Shibboleth technology which offers advantages in terms of usability, confidentiality, scalability and manageability. When combined with advanced authorization technologies, Shibboleth-based authentication and authorization infrastructures provide role-based, fine-grained authorization. We share our experience in constructing a Shibboleth-based authentication and authorization infrastructure and believe that such infrastructure provides a promising solution for the security of many application domains.

[1]  Gavin Lowe,et al.  Managing Dynamic User Communities in a Grid of Autonomous Resources , 2003, ArXiv.

[2]  Joel Weise-Sunps,et al.  Public Key Infrastructure Overview , 2001 .

[3]  E. F. Michiels,et al.  ISO/IEC 10181-4:1995 Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework , 1996 .

[4]  Richard O. Sinnott,et al.  GEODE - Sharing Occupational Data Through the Grid , 2006 .

[5]  Soon Myoung Chung,et al.  Semantic-Based Access Control for Grid Data Resources in Open Grid Services Architecture - Data Access and Integration (OGSA-DAI) , 2008, 2008 20th IEEE International Conference on Tools with Artificial Intelligence.

[6]  Chris Mitchell,et al.  Security defects in CCITT recommendation X.509: the directory authentication framework , 1990, CCRV.

[7]  Richard O. Sinnott,et al.  Development of a Grid Enabled Occupational Data Environment , 2006 .

[8]  David W. Chadwick,et al.  Development of a Flexible PERMIS Authorisation Module for Shibboleth and Apache Server , 2005, EuroPKI.

[9]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[10]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[11]  David W. Chadwick,et al.  Role-Based Access Control With X.509 Attribute Certificates , 2003, IEEE Internet Comput..

[12]  Jim Basney,et al.  The MyProxy online credential repository , 2005, Softw. Pract. Exp..

[13]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[14]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[15]  D. Richard Kuhn,et al.  SP 800-32. Introduction to Public Key Technology and the Federal PKI Infrastructure , 2001 .