论文信息 - An Architecture for Authorization in Grids using Shibboleth and VOMS

An Architecture for Authorization in Grids using Shibboleth and VOMS

Shibboleth-based federations emerge in numerous countries, especially in the academic sector. Leveraging these federations for authentication and authorization purposes in Grid computing is one aim of current research. In this paper an architecture for delivering attributes managed by both, Shibboleth IdPs and VOMS, to Grid resources for authentication and authorization purposes is presented. Special focus lies on linking Web-based Shibboleth federations with the X.509 certificate-based grid security infrastructure by using a short lived certificate service as a trust-proxy between these worlds.

Christian Grimm | Ralf Gröper | Stefan Piger | Jan Wiebelitz

[1] Steven Tuecke,et al. Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[2] Von Welch. Globus toolkit version 4 grid security infras-tructur: A standards perspective , 2004 .

[3] David Cooper,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[4] P. Muller. 33rd Euromicro Conference on Software Engineering and Advanced Applications - Seaa 2007 , 2008 .

[5] Rudolf Schmid,et al. Organization for the advancement of structured information standards , 2002 .

[6] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[7] Jim Basney,et al. Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, Grid , 2006 .

[8] Ian T. Foster,et al. The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.