A review of grid authentication and authorization technologies and support for federated access control

Grid computing facilitates resource sharing typically to support distributed virtual organizations (VO). The multi-institutional nature of a grid environment introduces challenging security issues, especially with regard to authentication and authorization. This article presents a state-of-the-art review of major grid authentication and authorization technologies. In particular we focus upon the Internet2 Shibboleth technologies and their use to support federated authentication and authorization to support interinstitutional sharing of remote grid resources that are subject to access control. We outline the architecture, features, advantages, limitations, projects, and applications of Shibboleth in a grid environment. The evidence suggests that Shibboleth meets many of the demands of the research community in accessing and using grid resources.

[1]  Alex Voss,et al.  Developing an e-infrastructure for social science , 2007 .

[2]  D. Richard Kuhn,et al.  SP 800-32. Introduction to Public Key Technology and the Federal PKI Infrastructure , 2001 .

[3]  David W. Chadwick,et al.  GridShib and PERMIS integration , 2006 .

[4]  David W. Chadwick,et al.  A Comparison of the Akenti and PERMIS Authorization Infrastructures , 2003 .

[5]  Cclrc The National Grid Service , 2005 .

[6]  Ken Klingenstein,et al.  Federated Security: The Shibboleth Approach , 2004 .

[7]  M Surridge,et al.  A Rough Guide to Grid Security , 2002 .

[8]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[9]  Joel Weise-Sunps,et al.  Public Key Infrastructure Overview , 2001 .

[10]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[11]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[12]  Ákos Frohner,et al.  From gridmap-file to VOMS: managing authorization in a Grid environment , 2005, Future Gener. Comput. Syst..

[13]  Rolf Oppliger,et al.  Authentication and authorization infrastructures (AAIs): a comparative survey , 2004, Comput. Secur..

[14]  Cynthia J. Bannon,et al.  The Perseus project , 1991 .

[15]  Soon Myoung Chung,et al.  Managing Role-Based Access Control Policies for Grid Databases in OGSA-DAI Using CAS , 2007, Journal of Grid Computing.

[16]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2010, RFC.

[17]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure Impersonation Certificate Profile , 2001 .

[18]  Gavin Lowe,et al.  Managing Dynamic User Communities in a Grid of Autonomous Resources , 2003, ArXiv.

[19]  JieWei,et al.  A review of grid authentication and authorization technologies and support for federated access control , 2011 .

[20]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[21]  Chris Mitchell,et al.  Security defects in CCITT recommendation X.509: the directory authentication framework , 1990, CCRV.

[22]  Richard O. Sinnott,et al.  Advanced Security for Virtual Organizations: The Pros and Cons of Centralized vs Decentralized Security Models , 2008, 2008 Eighth IEEE International Symposium on Cluster Computing and the Grid (CCGRID).

[23]  David W. Chadwick,et al.  Role-Based Access Control With X.509 Attribute Certificates , 2003, IEEE Internet Comput..

[24]  Jim Basney,et al.  The MyProxy online credential repository , 2005, Softw. Pract. Exp..

[25]  Richard O. Sinnott,et al.  Shibboleth-based Access to and Usage of Grid Resources , 2006, 2006 7th IEEE/ACM International Conference on Grid Computing.

[26]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[27]  Andrew Martin,et al.  A Critical Survey of Grid Security Requirements and Technologies , 2003 .

[28]  Ian Foster,et al.  The Globus toolkit , 1998 .

[29]  共立出版株式会社 コンピュータ・サイエンス : ACM computing surveys , 1978 .