Virtual Organization Management Across Middleware Boundaries

One of the most important challenges in production grids is to achieve interoperation across several heterogeneous grid middleware platforms: escience applications need a coordinated resource sharing among dynamic collections of individuals/institutions, independently from whatever middleware the resources are running. For this reason, there is a great effort going on to define standard interfaces, in order to implement common services that can be used to achieve cross-middlewares interoperability. In this paper, we present our modifications to the virtual organization management service (VOMS), a widely-known and used tool that acts as an attribute authority. We enhanced VOMS to expose the standardized interface of the Security Assertion Markup Language (SAML), and therefore to release SAML assertions. This way we want VOMS to be available on the larger possible number of grid middleware platforms.

[1]  Ian T. Foster,et al.  A Multipolicy Authorization Framework for Grid Security , 2006, Fifth IEEE International Symposium on Network Computing and Applications (NCA'06).

[2]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[3]  Robert Piro,et al.  Cream: a Simple, Grid-accessible, Job Management System for Local Computational Resources , 2006 .

[4]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[5]  Ákos Frohner,et al.  From gridmap-file to VOMS: managing authorization in a Grid environment , 2005, Future Gener. Comput. Syst..

[6]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[7]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2002, RFC.

[8]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[9]  David W. Chadwick,et al.  Implementing Role Based Access Controls using X.509 Privilege Management - the PERMIS Authorisation Infrastructure , 2004 .

[10]  Jim Melton,et al.  XML schema , 2003, SGMD.

[11]  Ian T. Foster,et al.  The Community Authorization Service: Status and Future , 2003, ArXiv.

[12]  Jim Basney,et al.  Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, Grid , 2006 .

[13]  Francine Berman,et al.  Grid Computing: Making the Global Infrastructure a Reality , 2003 .

[14]  Francine Berman,et al.  Overview of the Book: Grid Computing – Making the Global Infrastructure a Reality , 2003 .

[15]  David W. Chadwick,et al.  Building a Modular Authorization Infrastructure , 2006 .