Shibboleth and Community Authorization Services: Enabling Role-Based Grid Access
نویسندگان
چکیده
Classical authentication and authorization in grid environments can become a user management issue due to the flat nature of credentials based on X.509 certificates. While such credentials are able to identify user affiliations, such systems typically leave out a crucial aspect in user management and resource allocation: privilege levels. Shibboleth-based authentication mechanisms facilitate the secure communication of such user attributes within a trust federation. This paper describes a role-based access control framework that exploits Shibboleth attribute handling and CAS (Community Authorization Services) within a Grid environment. Users are able obtain appropriate access levels to resources outside of their domain on the basis of their native privileges and resource policies. This paper describes our framework and discusses issues of security and manageability.
منابع مشابه
Managing Identity and Authorization for Community Clouds
A community cloud operates to serve multiple organizations who have entered into sharing arrangements with one or more cloud providers. Members of the participating organizations may also collaborate on shared projects, which may lead them to exercise shared control over virtual machines or other cloud-hosted resource instances. Software running in the cloud instances may serve the community me...
متن کاملA Guanxi Shibboleth based Security Infrastructure for e-Social Science
An e-Social Science infrastructure generally has security requirements to protect their restricted resources or services. As a widely accepted authentication and authorization technology, Shibboleth supports the sharing of resources on interinstitutional federation. Guanxi is an open source implementation of the Shibboleth protocol and architecture. In this paper, we propose a security infrastr...
متن کاملGridShib and PERMIS Integration
This paper describes the results of our recent GridShibPERMIS project to provide policy driven role-based access control decision making to Grid jobs, in which the user’s attributes are provided by a Shibboleth Identity Provider (IdP). The goal of the project is to integrate the identity federation and attribute assignment functions of Shibboleth with the policy-based enforcement function offer...
متن کاملAnApproach for Shibboleth and Grid Integration
Grid environments involve complex scenarios where PKI-based authentication and authorization might have to be delegated across n-tier security domains. Shibboleth is an identity management system designed to exchange attributes across domains for the primary purpose of authorization and its architecture is highly dependent on PKI. Supported by a Registry Service, we propose a non-intrusive appr...
متن کاملShibboleth-based Access to Resource
Security underpins Grids and e-Research. Without a robust, reliable and simple Grid security infrastructure combined with commonly accepted security practices, large portions of the research community and wider industry will not engage. The predominant way in which security is currently addressed in the Grid community is through Public Key Infrastructures (PKI) based upon X.509 certificates to ...
متن کامل