Title :
Single sign-on in In-VIGO: role-based access via delegation mechanisms using short-lived user identities
Author :
Adabala, Sumalatha ; Matsunaga, Andréa ; Tsugawa, Maurício ; Figueiredo, Renato ; Fortes, José A B
Author_Institution :
ACIS Lab., Florida Univ., Gainesville, FL, USA
Abstract :
Summary form only given. Single sign-on (SSO) is an essential desired feature of computational grids. Its implementation is challenging because resources cross administrative domains and are managed by heterogeneous access schemes. We present an approach for single sign-on in a deployed functioning grid called In-VIGO. The approach relies on decoupling grid user accounts from local user accounts and making use of role-based access control lists. Role-based accesses via delegation mechanisms using short-lived user identities enable In-VIGO to handle interactive applications and application-specific authentication mechanisms. This capability is not present in existing grid architectures. SSO implementations for usage scenarios in In-VIGO are described to highlight the applicability of the proposed approach. In particular, access to interactive applications with their own security mechanisms, such as VNC, and access to remote data can be achieved using proxies that delegate In-VIGO user access via short-lived user identities.
Keywords :
authorisation; grid computing; message authentication; In-VIGO deployed functioning grid; administrative domain; application-specific authentication mechanism; computational grid; delegation mechanism; heterogeneous access scheme; interactive application; role-based access control list; short-lived user identities; single sign-on feature; Access control; Authentication; Authorization; Data security; Distributed computing; Grid computing; Laboratories; Middleware; Permission; Resource management;
Conference_Titel :
Parallel and Distributed Processing Symposium, 2004. Proceedings. 18th International
Print_ISBN :
0-7695-2132-0
DOI :
10.1109/IPDPS.2004.1302930
