XACML profile and implementation for authorization interoperability between OSG and EGEE

Garzoglio, G; Alderman, I; Altunay, M; Ananthakrishnan, R; Bester, J; Chadwick, K; Ciaschini, V; Demchenko, Y; Ferraro, A; Forti, A; Groep, D

Title: XACML profile and implementation for authorization interoperability between OSG and EGEE

Journal Article · Fri May 01 00:00:00 EDT 2009 · Submitted to Journal of Physics Conf.Ser.

OSTI ID:957069

Garzoglio, G; Alderman, I; Altunay, M; Ananthakrishnan, R; Bester, J; Chadwick, K; Ciaschini, V; Demchenko, Y; Ferraro, A; Forti, A; Groep, D

The Open Science Grid (OSG) and the Enabling Grids for E-sciencE (EGEE) have a common security model, based on Public Key Infrastructure. Grid resources grant access to users because of their membership in a Virtual Organization (VO), rather than on personal identity. Users push VO membership information to resources in the form of identity attributes, thus declaring that resources will be consumed on behalf of a specific group inside the organizational structure of the VO. Resources contact an access policies repository, centralized at each site, to grant the appropriate privileges for that VO group. Before the work in this paper, despite the commonality of the model, OSG and EGEE used different protocols for the communication between resources and the policy repositories. Hence, middleware developed for one Grid could not naturally be deployed on the other Grid, since the authorization module of the middleware would have to be enhanced to support the other Grid's communication protocol. In addition, maintenance and support for different authorization call-out protocols represents a duplication of effort for our relatively small community. To address these issues, OSG and EGEE initiated a joint project on authorization interoperability. The project defined a common communication protocol and attribute identity profile for authorization call-out and provided implementation and integration with major Grid middleware. The activity had resonance with middleware development communities, such as the Globus Toolkit and Condor, who decided to join the collaboration and contribute requirements and software. In this paper, we discuss the main elements of the profile, its implementation, and deployment in EGEE and OSG. We focus in particular on the operations of the authorization infrastructures of both Grids.

View Journal Article

Cite

Export

Save

Research Organization:: Fermi National Accelerator Lab. (FNAL), Batavia, IL (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC02-07CH11359

OSTI ID:: 957069

Report Number(s):: FERMILAB-PUB-09-235-CD; TRN: US201002%%933

Journal Information:: Submitted to Journal of Physics Conf.Ser., Journal Name: Submitted to Journal of Physics Conf.Ser.

Country of Publication:: United States

Language:: English

Similar Records

Adoption of a SAML-XACML profile for authorization interoperability across grid middleware in OSG and EGEE

Conference · Sat Jan 01 00:00:00 EST 2011 · J.Phys.Conf.Ser. · OSTI ID:957069

Garzoglio, G.; Bester, J.; Chadwick, K.; +12 more

Definition and Implementation of a SAML-XAMCL Profile for Authorization Interoperability Across Grid Middleware in OSG and EGEE

Journal Article · Thu Apr 23 00:00:00 EDT 2009 · Journal of Grid Computing · OSTI ID:957069

Hover, J; Garzoglio, G; Alderman, I; +23 more

Definition and implementation of a SAML-XACML profile for authorization interoperability across Grid middleware implementations in OSG and EGEE.

Journal Article · Tue Sep 01 00:00:00 EDT 2009 · J. Grid Comput. · OSTI ID:957069

Alderman, I; Altunay, M; Ananthakrishnan, R; +28 more

Related Subjects

99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE
COMMUNICATIONS
COMMUNITIES
IMPLEMENTATION
MAINTENANCE
RESONANCE
SECURITY
Computing

Title: XACML profile and implementation for authorization interoperability between OSG and EGEE

Citation Formats

Similar Records

Related Subjects