A Generic Broker Portal Linking Authentication and Authorization Infrastructures and Resources

نویسنده

  • Marc-Alain Steinemann
چکیده

English Abstract Generating and maintaining user access to resources like e-learning courses is a time and money consuming process for both, users and resource providers. In authentication and authorization infrastructures such as Shibboleth, PAPI and Liberty Alliance, home organizations authenticate their own users and provide a set of user information attributes to the resources they access, depending on the attribute release policies of the user and the home organization. Resources decide by means of the received user information attributes if a user gets access or not. A disadvantage of these infrastructures is that resource interfaces have to be adapted to each of the infrastructures and kept up to date. We propose to fill the gap between authentication and authorization infrastructures and resources with a generic web portal that acts as a broker between authentication and authorization infrastructures and resources. All portalenabled resources profit from the implemented interfaces to authentication and authorization infrastructures and resources as well as from advanced user and resource management features. The proposed portal has been implemented and connected to the Internet2 middleware called Shibboleth and several types of resources. The software is open source and available for free. German Abstract Das Anlegen und Unterhalten einer Benutzerdatenbank für Ressourcen, beispielsweise e-learning Kursen, ist Zeitund Kostenintensiv für Ressourcen-Betreiber wie auch für Ressourcen-Benutzer. In Authentifizierungsund Autorisierungsinfrastrukturen wie beispielsweise Shibboleth, Liberty Alliance und PAPI, werden die Benutzer von ihren Heim-Organisationen authentifiziert und die Heim-Organisationen senden eine Anzahl Benutzer-Informations-Attribute zu den Ressource, welche die Benutzer betreten wollen. Der Transfer der Benutzer-Informations-Attribute unterliegt den Bestimmungen der Heim-Organisation und der Benutzer. Aufgrund der erhaltenen Benutzer-Informations-Attribute entscheiden die Ressourcen, ob sie einem Benutzer Zugang gewähren. Ein Nachteil solcher Infrastrukturen liegt in der Anpassung und dem ständigen Unterhalt der Schnittstellen zwischen Infrastruktur und Ressource. Wir schlagen deshalb vor, diese Lücke mit einem generischen Web Portal zu füllen. Dieses Portal ist ein Vermittler zwischen den Authentifizierungsund Autorisierungsarchitekturen und den Ressourcen. Alle an das Portal angepasste Ressourcen profitieren von den implementierten Adaptern und von einer fortschrittlichen Benutzerund Ressourcenverwaltung. Das vorgeschlagene Portal wurde implementiert und mit der Internet2 Middleware Shibboleth verbunden. Zudem wurden verschiedene Ressourcen-Adapter zu e-learning Kursen implementiert. Die Software ist Open Source und frei erhältlich.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Flexible services for the support of research.

Cloud computing has been increasingly adopted by users and providers to promote a flexible, scalable and tailored access to computing resources. Nonetheless, the consolidation of this paradigm has uncovered some of its limitations. Initially devised by corporations with direct control over large amounts of computational resources, cloud computing is now being endorsed by organizations with limi...

متن کامل

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

Currently federated authorization and authentication infrastructures are deployed to offer services to large groups of users while increasing the usability and scalability of the security architecture. Connection of domains using a variety of technologies brings new challenges and requires the utilization of standardized communication languages between these components. The presented architectu...

متن کامل

Authorization Strategies for Virtualized Environments in Grid Computing Systems

The development of adequate security solutions, and in particular of authentication and authorization techniques, for grid computing systems is a challenging task. Recent trends of service oriented architectures (SOA), where users access grids through a science gateway — a web service that serves as a portal between users of a virtual organizations (VO) and the various computation resources, fu...

متن کامل

Dynamic paths in multi-domain optical networks for grids

Many Grid applications require high bandwidth end-to-end connections between Grid resources in different domains. Fiber optic networks, owned by different providers, have to cooperate in a coordinated manner in order to provide an end-to-end connection. Currently, multi-domain optical network solutions require paper-based long-term contracts between administrative domains. This paper describes ...

متن کامل

Open Source Portal Framework for Job Submission

This paper describes the Open Source Portal Framework (OSPF) for job submission to grid, which is developed based on JSR168 Portlet standard, with GridSphere Portal Framework, Globus Middleware and Gridway Meta-Scheduler. OSPF is providing web portal interface for Open Source Grid Community with the ultimate aim of accessing the distributed computing resources. This portal framework provisions ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2010