Title :
Authorization and account management in the Open Science Grid
Author :
Lorch, Markus ; Kafura, Dennis ; Fisk, Ian ; Keahey, Kate ; Carcassi, Gabriele ; Freeman, Tim ; Peremutov, Timur ; Rana, Abhishek Singh
Author_Institution :
Dept. of Comput. Sci., Virginia Tech, Blacksburg, VA, USA
Abstract :
An attribute-based authorization infrastructure developed for the Open Science Grid is presented. The infrastructure integrates existing identity-mapping and group-membership service using concepts prototyped in the PRIMA system. Authorization scenarios for requests to compute and data resources are detailed. A new SAML obligated authorization decision statement is introduced that attaches an XACML obligation to the authorization decision. The use of obligations enables site-centralized, service-independent policy management. Authorization decisions are enforced via a Workspace Service that creates constrained execution environments configured in accordance with the obligations and other attribute-based information. Finally, an experimental PRIMA authorization service that extends and simplifies the infrastructure is described.
Keywords :
authorisation; grid computing; natural sciences computing; open systems; Open Science Grid; PRIMA authorization service; SAML obligated authorization decision statement; Workspace Service; XACML obligation; account management; attribute-based authorization infrastructure; data resources; group membership; identity mapping; service-independent policy management; site-centralized policy management; Authorization; Collaborative work; Computer science; Grid computing; Information security; Large-scale systems; National security; Prototypes; Resource management;
Conference_Titel :
Grid Computing, 2005. The 6th IEEE/ACM International Workshop on
Print_ISBN :
0-7803-9492-5
DOI :
10.1109/GRID.2005.1542719
