Multiparty Joint Authentication: Extending the Semantics of Single Sign-On for Grids

This paper regards Single Sign-On as an accumulation of a series of two-party authentication, multiparty authentication and authorization. Such a comprehension brings new semantics for Single Sign-On in grids: authentication service and authorization service are separable and could communicate with each other through SAML assertions; Single Sign-On could support both two-party and multiparty authentication. Multiparty Joint Authentication (MJA) is designed to simplify multiparty authentication in some security context. This paper describes MJA with graph theory model and proposes its definition formally. The internal sequence diagram of MJA, possible assertion format of MJA, and MJA’s interactions with other OGSA services are also illustrated to reveal a systematic view of this paradigm.

[1]  A. Volchkov Revisiting single sign-on: a pragmatic approach in a new context , 2001 .

[2]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[3]  Ibm Redbooks Introduction to Grid Computing With Globus , 2003 .

[4]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[5]  Mike Surridge,et al.  Grid security: lessons for peer-to-peer systems , 2003, Proceedings Third International Conference on Peer-to-Peer Computing (P2P2003).

[6]  Rolf Oppliger Microsoft .NET Passport: A Security Analysis , 2003, Computer.

[7]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.