Comparison of advanced authorisation infrastructures for grid computing

The widespread use of grid technology and distributed compute power, with all its inherent benefits, will only be established if the use of that technology can be guaranteed efficient and secure. The predominant method for currently enforcing security is through the use of public key infrastructures (PKI) to support authentication and the use of access control lists (ACL) to support authorisation. These systems alone do not provide enough fine-grained control over the restriction of user rights, necessary in a dynamic grid environment. This paper compares the implementation and experiences of using the current standard for grid authorisation with Globus - the grid security infrastructure (GSI) - with the role-based access control (RBAC) authorisation infrastructure PERMIS. The suitability of these security infrastructures for integration with regard to existing grid technology is presented based upon experiences within the JISC-funded DyVOSE project

Grid Metadata Lifetime Control in ActOn

In the Semantic Grid, metadata, as first class citizens, should be maintained up to-date in a cost-effective manner. This includes maxi missing the automation of different aspects of the metadata lifecycle, managing the evolution and change of metadata in distributed contexts, and synchronizing adequately the evolution of all these related entities. In this paper, we introduce a semantic model and its operations which is designed for supporting dynamic metadata management in Active Ontology (Act On), a semantic information integration approach for highly dynamic information sources. Finally, we illustrate the Act On-based metadata lifetime control by EGEE examples

EMI REGISTRY MANUAL

EMI REGISTRY MANUA

Active Ontology: An Information Integration Approach for Dynamic Information Sources

In this paper we describe an ontology-based information integration approach that is suitable for highly dynamic distributed information sources, such as those available in Grid systems. The main challenges addressed are: 1) information changes frequently and information requests have to be answered quickly in order to provide up-to-date information; and 2) the most suitable information sources have to be selected from a set of different distributed ones that can provide the information needed. To deal with the first challenge we use an information cache that works with an update-on-demand policy. To deal with the second we add an information source selection step to the usual architecture used for ontology-based information integration. To illustrate our approach, we have developed an information service that aggregates metadata available in hundreds of information services of the EGEE Grid infrastructure

SFDL: MVC Applied to Workflow Design

Process management based on workflow systems is a growing trend in collaborative environments. One of the most notorious areas of improvement is that of user interfaces, especially since business process definition languages do not address efficiently the point of contact between workflow engines and human interactions. With that in focus, we propose the MVC pattern design to workflow systems. To accomplish this, we have designed a new dynamic view definition language called SFDL, oriented towards the easy interoperability with the different workflow definition languages, while maintaining enough flexibility to be represented in different formats and being adaptable to several environments. To validate our approach, we have carried out an implementation in a real banking scenario, which has provided continuous feedback and enabled us to refine the proposal. The work is fully based on widely accepted and used web standards (XML, YAML, JSON, Atom and REST). Some guidelines are given to facilitate the adoption of our solution

Towards a Flexible Intra-Trustcenter Management Protocol

This paper proposes the Intra Trustcenter Protocol (ITP), a flexible and secure management protocol for communication between arbitrary trustcenter components. Unlike other existing protocols (like PKCS#7, CMP or XKMS) ITP focuses on the communication within a trustcenter. It is powerful enough for transferring complex messages which are machine and human readable and easy to understand. In addition it includes an extension mechanism to be prepared for future developments.Comment: 12 pages, 0 figures; in The Third International Workshop for Applied PKI (IWAP2004