Authorization of data access in distributed storage systems

Author

Feichtinger, Derek ; Peters, Andreas J.

Author_Institution

CERN, Geneva, Switzerland

fYear

2005

fDate

13-14 Nov. 2005

Abstract

This paper describes an efficient method for access authorization in distributed (grid) storage systems. Client applications obtain "access tokens" from an organization\´s file catalogue upon execution of a file name resolution request. Whenever a client application tries to access the requested files, the token is transparently passed to the target storage system. Thus the storage service can decide on the authorization of a request without itself having to contact the authorization service. The token is protected from access and modification by external parties using public key infrastructure. A prototype using the AliEn grid file catalogue and xrootd as a data server has been implemented. A detailed description of the prototype implementation is presented.

Keywords

authorisation; grid computing; information retrieval; information storage; message authentication; public key cryptography; AliEn grid file catalogue; access tokens; data access authorization; data server; distributed storage systems; file access; file name resolution request; grid storage systems; public key infrastructure; request authorization; storage service; xrootd; Authentication; Authorization; Data security; Delay; Information security; Permission; Protection; Prototypes; Public key; Secure storage;

fLanguage

English

Publisher

ieee

Conference_Titel

Grid Computing, 2005. The 6th IEEE/ACM International Workshop on

Print_ISBN

0-7803-9492-5

Type

conf

DOI

10.1109/GRID.2005.1542739

Filename

1542739