Securing Interoperable Grid Services in ARC Grid Middleware

Grid middleware provides a way to integrate computational and storage resouces for supporting large-scale applications that span across multiple domains. Implicitly, Grid middlware eliminates the interoperability obstacle between different resources. However, with the emerging of a bunch of Grid middlewares, to provide interoperability between Gridmiddlewares themselves is an important challenge in productionGrid infrasturtures. Web Service technologies (specifically, Simple Object Access Protocol) have been adopted in most of the Grid middlewares as the XML messaging protocol for the interoperability in the application layer. For other layers, standard protocols are also adopted for interoperability, e.g., HTTP is utilized as service transport protocol. On the other hand, security is a key issue that needs to be taken into account on each layer, for instance,WS-Security (Web Service Security) is considered as an augment on SOAP protocol for applying security to Web Services; GSI (Globus Security Infrastructure) is considered as an protocol for applying security to transport layer. We present the design consideration and implementation about how to provide flexible support for security protocols in the Advanced Resource Connector(ARC) Grid middleware, and this way clients or/and services developed in ARCmiddleware can easily interoperate with service/client developed in other middlewares, such as gLite and Globus Toolkit. Also, a flexible authorization framework is presented that can secure the Grid services with configurable authorization modules, as well as a variety of authorization policies.