Authorization and account management in the Open Science Grid
Lorch, M.
Kafura, D.
Fisk, I.
Keahey, K.
Carcassi, G.
Freeman, T.
Peremutov, T.
Rana, A.S.
Dept. of Comput. Sci., Virginia Tech, Blacksburg, VA, USA;
This paper appears in: Grid Computing, 2005. The 6th IEEE/ACM International Workshop on
Publication Date: 13-14 Nov. 2005
On page(s): 8 pp.-
ISSN:
ISBN: 0-7803-9492-5
INSPEC Accession Number: 8885471
Digital Object Identifier: 10.1109/GRID.2005.1542719
Current Version Published: 2005-12-05
Abstract
An attribute-based authorization infrastructure developed for the Open Science Grid is presented. The infrastructure integrates existing identity-mapping and group-membership service using concepts prototyped in the PRIMA system. Authorization scenarios for requests to compute and data resources are detailed. A new SAML obligated authorization decision statement is introduced that attaches an XACML obligation to the authorization decision. The use of obligations enables site-centralized, service-independent policy management. Authorization decisions are enforced via a Workspace Service that creates constrained execution environments configured in accordance with the obligations and other attribute-based information. Finally, an experimental PRIMA authorization service that extends and simplifies the infrastructure is described.
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
