Title :
Authorization of data access in distributed storage systems
Author :
Feichtinger, Derek ; Peters, Andreas J.
Author_Institution :
CERN, Geneva, Switzerland
Abstract :
This paper describes an efficient method for access authorization in distributed (grid) storage systems. Client applications obtain "access tokens" from an organization\´s file catalogue upon execution of a file name resolution request. Whenever a client application tries to access the requested files, the token is transparently passed to the target storage system. Thus the storage service can decide on the authorization of a request without itself having to contact the authorization service. The token is protected from access and modification by external parties using public key infrastructure. A prototype using the AliEn grid file catalogue and xrootd as a data server has been implemented. A detailed description of the prototype implementation is presented.
Keywords :
authorisation; grid computing; information retrieval; information storage; message authentication; public key cryptography; AliEn grid file catalogue; access tokens; data access authorization; data server; distributed storage systems; file access; file name resolution request; grid storage systems; public key infrastructure; request authorization; storage service; xrootd; Authentication; Authorization; Data security; Delay; Information security; Permission; Protection; Prototypes; Public key; Secure storage;
Conference_Titel :
Grid Computing, 2005. The 6th IEEE/ACM International Workshop on
Print_ISBN :
0-7803-9492-5
DOI :
10.1109/GRID.2005.1542739
