Using SAML-Based VOMS for Authorization within Web Services-Based UNICORE Grids
نویسندگان
چکیده
In recent years, the Virtual Organization Membership Service (VOMS) emerged within Grid infrastructures providing dynamic, fine-grained, access control needed to enable resource sharing across Virtual Organization (VOs). VOMS allows to manage authorization information in a VO scope to enforce agreements established between VOs and resource owners. VOMS is used for authorization in the EGEE and OSG infrastructures and is a core component of the respective middleware stacks gLite and VDT. While a module for supporting VOMS is also available as part of the authorization service of the Globus Toolkit, there is currently no support for VO-level authorization within the new Web services-based UNICORE 6. This paper describes the evolution of VOMS towards an open standard compliant service based on the Security Assertion Markup Language (SAML), which in turn provides mechanisms to fill the VO-level authorization service gap within Web service-based UNICORE Grids. In addition, the SAML-based VOMS allows for cross middleware VO management through open standards.
منابع مشابه
IMPROVING THE SECURITY PERFORMANCE IN COMPUTER GRIDS Architecture and Results
Security in computational Grids is mainly based on Grid Security Infrastructure (GSI) for authentication and Virtual Organization Membership Service for authorization. Although these mechanisms provide the required level of security, they lack in performance due to their dependence on public key cryptography. In our proposed security architecture we use a Kerberos-based approach (symmetric cryp...
متن کاملAttributes and VOs: Extending the UNICORE Authorisation Capabilities
Reliable authentication and authorisation are crucial for both service providers and their customers, where the former want to protect their resources from unauthorised access and fraudulent use while their customers want to be sure unauthorised access to their data is prevented. In Grid environments Virtual Organisations (VO) have been adopted as a means to organise and control access to resou...
متن کاملWeb Services Agreement Based Resource Negotiation in UNICORE
Service Level Agreements provide the foundation to negotiate for a distinct Quality of Service level between the provider and the consumer of a service. Since the Grid community is adopting concepts of Service-Oriented Architectures and Web Services are capturing their space within the Grid landscape, resource management within Grids increasingly evolves towards the management of resources repr...
متن کاملDesign and Implementaion of a Single Sign-On Library Supporting SAML (Security Assertion Markup Language) for Grid and Web Services Security
In recent years, the Grid development focus is transitioning from resources to services. A Grid Service is defined as a Web Service that provides a set of well-defined interfaces and follows specific conventions. SAML is an XML based Single sign-on (SSO) standard for Web Services, which enables the exchange of authentication, authorization, and profile information between different entities. Th...
متن کاملSecure Semantic Web Service Using SAML
The Semantic Web’s success will depend on the implementation and use of Web service, becoming preeminent in E-commerce, which will likely be agent-based in the future. Agents use the large amount of information available over the web, but it will allow agents more subtle attacks. Agents and supporting technologies need to be secure and reliable for safe Web service as they adopt more mission cr...
متن کامل