10,521 research outputs found
GridCertLib: a Single Sign-on Solution for Grid Web Applications and Portals
This paper describes the design and implementation of GridCertLib, a Java
library leveraging a Shibboleth-based authentication infrastructure and the
SLCS online certificate signing service, to provide short-lived X.509
certificates and Grid proxies. The main use case envisioned for GridCertLib, is
to provide seamless and secure access to Grid/X.509 certificates and proxies in
web applications and portals: when a user logs in to the portal using
Shibboleth authentication, GridCertLib can automatically obtain a Grid/X.509
certificate from the SLCS service and generate a VOMS proxy from it. We give an
overview of the architecture of GridCertLib and briefly describe its
programming model. Its application to some deployment scenarios is outlined, as
well as a report on practical experience integrating GridCertLib into portals
for Bioinformatics and Computational Chemistry applications, based on the
popular P-GRADE and Django softwares.Comment: 18 pages, 1 figure; final manuscript accepted for publication by the
"Journal of Grid Computing
Enhanced security architecture for support of credential repository in grid computing.
Grid Computing involves heterogeneous computers and resources, multiple administrative domains and the mechanisms and techniques for establishing and maintaining effective and secure communications between devices and systems. Both authentication and authorization are required. Current authorization models in each domain vary from one system to another, which makes it difficult for users to obtain authorization across multiple domains at one time. We propose an enhanced security architecture to provide support for decentralized authorization based on attribute certificates which may be accessed via the Internet. This allows the administration of privileges to be widely distributed over the Internet in support of autonomy for resource owners and providers. In addition, it provides a uniform approach for authorization which may be used by resource providers from various domains. We combine authentication with the authorization mechanism by using both MyProxy online credential repository and LDAP directory server. In our architecture, we use MyProxy server to store identity certificates for authentication, and utilize an LDAP server-based architecture to store attribute certificates for authorization. Using a standard web browser, a user may connect to a grid portal and allow the portal to retrieve those certificates in order to access grid resources on behalf of the user. Thus, our approach can make use of the online credential repository to integrate authentication, delegation and attribute based access control together to provide enhanced, flexible security for grid system. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2004 .C54. Source: Masters Abstracts International, Volume: 43-01, page: 0231. Adviser: R. D. Kent. Thesis (M.Sc.)--University of Windsor (Canada), 2004
ARC Computing Element System Administrator Guide
The ARC Computing Element (CE) is an EMI product allowing submission and management of applications running on DCI computational resourc
Security architecture for law enforcement agencies
In order to carry out their duty to serve and protect, law enforcement agencies
(LEAs) must deploy new tools and applications to keep up with the pace of evolving
technologies. However, police information and communication technology (ICT) systems
have stringent security requirements that may delay the deployment of these new applications,
since necessary security measures must be implemented first. This paper presents an integrated
security architecture for LEAs that is able to provide common security services to novel and
legacy ICT applications, while fulfilling the high security requirements of police forces. By
reusing the security services provided by this architecture, new systems do not have to
implement custom security mechanisms themselves, and can be easily integrated into existing
police ICT infrastructures. The proposed LEA security architecture features state-of-the-art
technologies, such as encrypted communications at network and application levels, or multifactor
authentication based on certificates stored in smart cards.Web of Science7517107321070
- …