By Topic

Using virtual organizations membership system with EDG's grid security and database access

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

6 Author(s)
Niinimaki, M. ; Helsinki Inst. of Phys., CERN, Geneva, Switzerland ; White, J. ; de Cerff, W.S. ; Hahkala, J.
more authors

We describe the European data grid's (EDGs) Java security system and spitfire database access system giving special emphasis on the virtual organization technologies. These technologies create a feasible framework for authentication and authorization in distributed grid applications. A virtual organization (VO) is a collection of people in the same administrative domain. A user can belong to many virtual organizations and have a different role (user, client, administrator, ..). in each of them. An authorization of a user to different services within a VO is based on the user's identity and a service called a virtual organization membership service (VOMS) that maps these identities with roles. The user proves his identity over the Internet using authentication process. The user normally authenticates using his credentials, which comprise of a certificate chain and a private key. In grid systems, the user usually authenticates using proxy credentials that are derived from the actual credentials. The proxy credentials comprise of the user's certificate chain added with a proxy certificate and a proxy private key. In the proxy creation process, the user's VO information, including groups and roles, is included into the proxy certificate. In order to use these proxy certificates with VO information we have created an authorization system and to demonstrate the usage we have extended the functionality spitfire, a relational database front end. This involves assigning the user a database role (read, write, update..). based on the VO information in his certificate. There is also a GUI for configuring the authorization service. The earth observation team's database access for ozone profile validation is used here as an example of an application.

Published in:

Database and Expert Systems Applications, 2004. Proceedings. 15th International Workshop on

Date of Conference:

30 Aug.-3 Sept. 2004