|
1. |
Authorization and account management in the Open Science Grid
Lorch, M.; Kafura, D.; Fisk, I.; Keahey, K.; Carcassi, G.; Freeman, T.; Peremutov, T.; Rana, A.S.;
Grid Computing, 2005. The 6th IEEE/ACM International Workshop on
13-14 Nov. 2005
Page(s):8 pp.
Abstract:
An attribute-based authorization infrastructure developed for the Open Science Grid is presented. The infrastructure integrates existing identity-mapping and group-membership service using concepts prototyped in the PRIMA system. Authorization scenarios for requests to compute and data resources are detailed. A new SAML obligated authorization decision statement is introduced that attaches an XACML obligation to the authorization decision. The use of obligations enables site-centralized, service-independent policy management. Authorization decisions are enforced via a Workspace Service that creates constrained execution environments configured in accordance with the obligations and other attribute-based information. Finally, an experimental PRIMA authorization service that extends and simplifies the infrastructure is described.
|
Cart
