Abstract
This article discusses the authentication and the authorization aspects of security in grid environments spanning multiple administrative domains. Achievements in these areas are presented using the EU DataGrid project as an example implementation. It also gives an outlook on future directions of development.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
F. Gagliardi, B. Jones, M. Reale and S. Burke, “European DataGrid Project: Experiences of Deploying a Large Scale Testbed for E-Science Applications”, in Performance Evaluation of Complex Systems: Techniques and Tools, Performance 2002, Tutorial Lectures. Lecture Notes in Computer Science, Vol. 2459, Springer, 2002. http://www.edg.org
D. Kelsey and L. Cornwall, “DataGrid Security Requirements and Testbed-1 Security Implementation, D7.5”, The European DataGrid Project, 2002-05-28. https://edms.cern.ch/document/340234
R. Alfieri, R. Cecchini, V. Ciaschini, L. dell Agnello, A. Gianoli, F. Spataro, F. Bonnassieux, P. Broadfoot, G. Lowe, L. Cornwall, J. Jensen, D. Kelsey, A. Frohner, D.L. Groep, W. Som de Cerff, M. Steenbakkers, G. Venekamp, D. Kouril, A. McNab, O. Mulmo, M. Silander, J. Hahkala and K. Lorentey, “Managing Dynamic User Communities in a Grid of Autonomous Resources”, in Proceedings of Computing in High Energy Physics 2003, La Jolla – San Diego, March 24–28 2003.
A. Frohner et al., “DataGrid Security Design, D7.6”, The European DataGrid Project, 2003-03-28. https://edms.cern.ch/document/344562
I. Foster, C. Kesselman, G. Tsudik and S. Tuecke, “A Security Architecture for Computational Grids”, in Proceedings of the 5th ACM Conference on Computer and Communications Security, pp. 83–92, 1998. Describes techniques for authentication in wide area computing environments.
IETF, Public-Key Infrastructure (pkix) Charter.
C. Adams and S. Lloyd, Understanding PKI: Concepts, Standards, and Deployment Considerations, 2nd ed. Addison-Wesley, 2002.
S. Tuecke, V. Welch, D. Engert, L. Pearlman and M. Thompson, “Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile”, RFC3820, June 2004. http://www.rfc-editor.org/rfc/rfc3820.txt
S. Chokhani, W. Ford, R. Sabett, C. Merrill and S. Wu, “Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework”, RFC3647, November 2003. http://www.rfc-editor.org/rfc/rfc3647.txt
Policy of the TERENA Academic CA Repository, Version 1.0, 29 January 2004.
European Policy Management Authority for Grid Authentication in e-Science Charter, Version 1.0, 2004-04-01.
eInfrastructure Reflection Group, White Paper, Dublin, 2004-04-13.
Asia Pacific Grid Policy Management Authority Charter, Version 1.0, 2004-06-01.
International Grid Policy Management Authority. http://gridpma.org (2003-03-01).
J.A. Templon and D.A. Groep, “VO Server Information”, Documentation of the European DataGrid Project, 2004-10-23.
Research and Technological Development for a Data TransAtlantic Grid. http://www.datatag.org (2004-06-01).
R. Alfieri, R. Cecchini, V. Ciaschini, L. dell Agnello, Á. Frohner, A. Gianoli, K. Lőrentey and F. Spataro, “VOMS, an Authorization System for Virtual Organizations”, in Proceedings of the 1st European Across Grids Conference, Santiago de Compostela, February 13–14 2003.
S. Farrell and R. Housley, “An Internet Attribute Certificate Profile for Authorization”, RFC3281, April 2002. http://www.rfc-editor.org/rfc/rfc3281.txt
A. McNab, “Grid-Based Access Control and User Management for Unix Environments, Filesystems, Web Sites and Virtual Organisations”, in Proceedings of CHEP 2003, La Jolla, CA, March 2003.
M. Steenbakkers, “Guide to LCAS, Version 1.1.16”, 15 September 2003. Documentation of the European DataGrid Project.
M. Steenbakkers, “Guide to LCMAPS, Version 0.0.16”, 15 September 2003. Documentation of the European DataGrid Project.
D. Skow, I. Mandrichenko and V. Sehkri, “Site Authorization Service (SAZ)”, in Proceedings of CHEP 2003, La Jolla, CA, eConf C0303241, 2003, TUBT007 [arXiv:cs.dc/0306100].
J. Novotny, S. Tuecke and V. Welch, “An Online Credential Repository for the Grid: MyProxy”, in Proceedings of the 10th International Symposium on High Performance Distributed Computing (HPDC-10), IEEE Press, August 2001.
J. Hahkala, “Guide for EDG Security for Java 1.5.6”, 13 October 2003. Documentation of the European DataGrid Project.
A.T. Doyle, S.L. Lloyd and A. McNab, “GridSite, GACL and SlashGrid: Giving Grid Security to Web and File Applications”, in Proceedings of the UK e-Science All Hands Conference, Sheffield, September 2002.
D. Britton, P. Clarke, J. Coles, D. Colling, A. Doyle, S.M. Fisher, A.C. Irving, J. Jensen, A. McNab and D. Newbold, “A Grid for Particle Physics – from Testbed to Production”, in Proceedings of the UK e-Science All Hands Conference, Nottingham, September 2004.
eXtensible Access Control Markup Language (XACML), Version 1.0, OASIS Standard, 18 February 2003. http://www.oasis-open.org/specs/index.php#xacmlv1.0.
L. Cornwall et al., “DataGrid Security Implementation, D7.7”, European DataGrid Project, 2004-01-27. https://edms.cern.ch/document/414762
LHC Computing Grid Project. http://cern.ch/lcg (2004-06-01).
O. Kornievskaia, P. Honeyman, B. Doster and K. Coffman, “Kerberized Credential Translation: A Solution to Web Access Control”, February 2001, in Proceedings of USENIX Security Symposium, Washington, DC (August 2001).
A. Hanushevsky and R. Cowles, “Mechanisms to Secure x.509 Grid Certificates”, in Proceedings of CHEP 2003.
Security Assertion Markup Language (SAML), Version 1.1, OASIS Standard, 2 September 2003. http://www.oasis-open.org/specs/index.php#samlv1.1.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Cornwall, L.A., Jensen, J., Kelsey, D.P. et al. Authentication and Authorization Mechanisms for Multi-Domain Grid Environments. J Grid Computing 2, 301–311 (2004). https://doi.org/10.1007/s10723-004-8182-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10723-004-8182-y