SVOPME: A scalable virtual organization privileges management environment
Grids enable uniform access to resources by implementing standard interfaces to resource gateways. In the Open Science Grid (OSG), privileges are granted on the basis of the user's membership to a Virtual Organization (VO). However, Grid sites are solely responsible to determine and control access privileges to resources using users identity and personal attributes, which are available through Grid credentials. While this guarantees full control on access rights to the sites, it makes VO privileges heterogeneous throughout the Grid and hardly fits with the Grid paradigm of uniform access to resources. To address these challenges, we are developing the Scalable Virtual Organization Privileges Management Environment (SVOPME), which provides tools for VOs to define and publish desired privileges and assists sites to provide the appropriate access policies. Moreover, SVOPME provides tools for Grid sites to analyze site access policies for various resources, verify compliance with preferred VO policies, and generate directives for site administrators on how the local access policies can be amended to achieve such compliance without taking control of local configurations away from site administrators. This paper discusses what access policies are of interest to the OSG community and how SVOPME implements privilege management for OSG.
- Research Organization:
- Fermi National Accelerator Lab. (FNAL), Batavia, IL (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC02-07CH11359
- OSTI ID:
- 957071
- Report Number(s):
- FERMILAB-PUB-09-233-CD; TRN: US201002%%935
- Journal Information:
- Submitted to Journal of Phys. Conf.Ser., Journal Name: Submitted to Journal of Phys. Conf.Ser.
- Country of Publication:
- United States
- Language:
- English
Similar Records
XACML profile and implementation for authorization interoperability between OSG and EGEE
VOMS/VOMRS utilization patterns and convergence plan