Abstract
In order to ensure interoperability between middleware and authorization infrastructures used in the Open Science Grid (OSG) and the Enabling Grids for E-science (EGEE) projects, an Authorization Interoperability activity was initiated in 2006. The interoperability goal was met in two phases: firstly, agreeing on a common authorization query interface and protocol with an associated profile that ensures standardized use of attributes and obligations; and secondly implementing, testing, and deploying on OSG and EGEE, middleware that supports the interoperability protocol and profile. The activity has involved people from OSG, EGEE, the Globus Toolkit project, and the Condor project. This paper presents a summary of the agreed-upon protocol, profile and the software components involved.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Pordes, R., et al.: The open science Grid. In: Journal of Physics: Conference Series 78, Institute of Physics Publishing, 15 pp. (2007)
EGEE Home: http://www.eu-egee.org/. Accessed October 2008
Rana, A.S., et al.: Introducing advanced fine-grained security in dCache-SRM for PetaByte-scale Storage Systems on Global Data Grids: gPLAZMA Grid-aware PLuggable AuthoriZation MAnagement System. In: Nuclear Science Symposium Conference Record, IEEE, pp. 632–636 (2006). ISBN: 1-4244-0561-0
Sfiligoi, I., et al.: Addressing the pilot security problem with gLExec. In: Journal of Physics: Conference Series 119, Institute of Physics Publishing, 6 pp. (2008)
Groep, D., et al.: gLExec: gluing Grid computing to the Unix world. In: Journal of Physics: Conference Series 119, Institute of Physics Publishing, 11 pp. (2008)
ITU-T Recommendation X.509 (1997 E): Information Technology—Open Systems Interconnection—The Directory: Authentication Framework, June 1997
Tuecke, S., et al.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. RFC 3820, http://www.ietf.org/rfc/rfc3820.txt
Overview of the Grid Security Infrastructure: http://www.globus.org/security/overview.html. Accessed October 2008
Alfieri, R., et al.: From gridmap-file to VOMS: managing authorization in a Grid environment. Future Gener. Comput. Syst. 21(4), 549–558 (2005). doi:10.1016/j.future.2004.10.006
Alfieri, R., et al.: Managing dynamic user communities in a grid of autonomous resources. In: Proceedings of the Computing in High Energy and Nuclear Physics conference, La Jolla, California, USA, 24–28 March 2003 (TUBT005, ePrint cs.DC/0306004)
Röblitz, T., et al.: Autonomic management of large clusters and their integration into the grid. J. Grid Comput. 2, 247–260 (2004). doi:10.1007/s10723-004-7647-3
VO Services Project Home Page: http://www.fnal.gov/docs/products/voprivilege/. Accessed October 2008
Lorch, M., et al.: Authorization and account management in the open science Grid. In: Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, IEEE, 8 pp. (2005). ISBN: 0-7803-9492-5
Thain, D., Tannenbaum, T., Livny, M.: Distributed computing in practice: the condor experience. Concurr. Comput. Pract. Experience 17(2–4), 323–356 (2005). doi:10.1002/cpe.938
Foster, I., Kasselman, C.: Globus: a metacomputing infrastructure toolkit. Int. J. Supercomput. Appl. 11(2), 115–128 (1997)
SAML Specifications: http://saml.xml.org/saml-specifications. Accessed October 2008
OASIS XACML TC: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml. Accessed October 2008
Altunay, M., et al.: An XACML attribute and obligation profile for authorization interoperability in Grids. FNAL Doc DB 2685-v1, Fermilab, 40 pp. http://cd-docdb.fnal.gov/cgi-bin/ShowDocument?docid=2685 (2008)
Daigle, L., et al.: URN namespace definition mechanisms. RFC 2611, http://www.ietf.org/rfc/rfc2611.txt
Sfiligoi, I.: Making science in the grid world: using glideins to maximize scientific output. In: Nuclear Science Symposium Conference Record, 2007, NSS ’07, pp. 1107–1109. IEEE 2, Honolulu, HI, USA, (2007). ISBN 978-1-4244-0923-5
Maeno, T., et al.: PanDA: distributed production and distributed analysis system for ATLAS. J. Phys.: Conf. Ser. 119, 062036 (4pp) (2008). http://www.iop.org/EJ/abstract/1742-6596/119/6/062036
Tsaregorodtsev, A., Garonne, V., Stokes-Rees, I.: DIRAC: a scalable lightweight architecture for high throughput computing. In: Fifth IEEE/ACM International Workshop on Grid Computing (GRID’04), pp. 19–25 (2004)
Internet2/OpenSAML: http://opensaml.org. Accessed October 2008
The, O.G.F.: OGSA-Authorization Working Group: http://forge.gridforum.org/sf/projects/ogsa-authz. Accessed October 2008
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol - Version 1.2. RFC 5246, http://www.ietf.org/rfc/rfc5246.txt
Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A multi-policy authorization framework for grid security, pp. 269–272. In: Fifth IEEE International Symposium on Network Computing and Applications (NCA’06) (2006)
The Site Central Authorization Service information page: http://www.nikhef.nl/grid/lcaslcmaps/scas/. Accessed October 2008
Feller, M., Foster, I., Martin, S.: GT4 GRAM: a functionality and performance study. In: Proceedings of TeraGrid 2007 Conference, Madison, WI (2007)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Garzoglio, G., Alderman, I., Altunay, M. et al. Definition and Implementation of a SAML-XACML Profile for Authorization Interoperability Across Grid Middleware in OSG and EGEE. J Grid Computing 7, 297–307 (2009). https://doi.org/10.1007/s10723-009-9117-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10723-009-9117-4