XML Based X.509 Authorization in CERNET Grid
نویسندگان
چکیده
This paper presents an authorization solution for resource management and control developing as a part of the China Education and Research Network (CERNET) to perform fine-grained authorization of job and resource management requested in the Grid environment which meets the Fusion-Grid’s security needs in large scale networks such as CERNET. It integrates the GT2 job manager and X.509 authorization, and this model can be extended to other authorization decision functions. It allows the system to evaluate a user’s resource specification language request against authorization policies on resource usage. Furthermore, based on XML integrated authorization policies, it allows other virtual organization members to manage the users’ resources.
منابع مشابه
Addressing the Pilot security problem with gLExec
The Grid security mechanisms were designed under the assumption that users would submit their jobs directly to the Grid gatekeepers. Many groups are however starting to use pilot-based infrastructures, where users submit jobs to a centralized queue and are successively transferred to the Grid resources by the pilot infrastructure. While this approach greatly improves the user experience, it doe...
متن کاملA Heterogeneous Network Access Service Based on PERMIS and SAML
The expansion of inter-organizational scenarios based on different authorization schemes involves the development of integration solutions allowing different authorization domains to share, in some way, protected resources. This paper analyzes different emerging technologies. On the one hand, we have two XML-based standards, the SAML standard, which is being widely accepted as a language to exp...
متن کاملShibboleth and Community Authorization Services: Enabling Role-Based Grid Access
Classical authentication and authorization in grid environments can become a user management issue due to the flat nature of credentials based on X.509 certificates. While such credentials are able to identify user affiliations, such systems typically leave out a crucial aspect in user management and resource allocation: privilege levels. Shibboleth-based authentication mechanisms facilitate th...
متن کاملA Distributed Kerberized Access Architecture for Real Time Grids
Authentication, authorization and encryption in large scale distributed Grids are usually based on a Public Key Infrastructure (PKI) with asymmetric encryption and X.509 – Proxy certificates for user single sign-on to resources. This approach, however, introduces processing overhead, that may be undesirable in near real time Grid applications (e.g. Grids used for time critical instrument monito...
متن کاملShibboleth-based Access to Resource
Security underpins Grids and e-Research. Without a robust, reliable and simple Grid security infrastructure combined with commonly accepted security practices, large portions of the research community and wider industry will not engage. The predominant way in which security is currently addressed in the Grid community is through Public Key Infrastructures (PKI) based upon X.509 certificates to ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004