1,046 research outputs found
Shibboleth-based access to and usage of grid resources
Security underpins grids and e-research. Without a robust, reliable and simple grid security infrastructure combined with commonly accepted security practices, large portions of the research community and wider industry will not engage. The predominant way in which security is currently addressed in the grid community is through public key infrastructures (PKI) based upon X.509 certificates to support authentication. Whilst PKIs address user identity issues, authentication does not provide fine grained control over what users are allowed to do on remote resources (authorization). In this paper we outline how we have successfully combined Shibboleth and advanced authorization technologies to provide simplified (from the user perspective) but fine grained security for access to and usage of grid resources. We demonstrate this approach through different security focused e-science projects being conducted at the National e-Science Centre (NeSC) at the University of Glasgow. We believe that this model is widely applicable and encourage the further uptake of e-science by non-IT specialists in the research communitie
Tool support for security-oriented virtual research collaborations
Collaboration is at the heart of e-Science and e-Research
more generally. Successful collaborations must address both
the needs of the end user researchers and the providers
that make resources available. Usability and security are
two fundamental requirements that are demanded by many
collaborations and both concerns must be considered from
both the researcher and resource provider perspective. In
this paper we outline tools and methods developed at the
National e-Science Centre (NeSC) that provide users with
seamless, secure access to distributed resources through
security-oriented research environments, whilst also allowing resource providers to define and enforce their own local access and usage policies through intuitive user interfaces. We describe these tools and illustrate their application in the ESRC-funded Data Management through e-Social Science (DAMES) and the JISC-funded SeeGEO projects
A Concept for Attribute-Based Authorization on D-Grid Resources
In Germany's D-Grid project numerous Grid communities are working together to provide a common overarching Grid infrastructure. The major aims of D-Grid are the integration of existing Grid deployments and their interoperability. The challenge lies in the heterogeneity of the current implementations: three Grid middleware stacks and different Virtual Organization management approaches have to be embraced to achieve the intended goals. In this article we focus oil the implementation of an attribute-based authorization infrastructure that not only leverages the well-known VO attributes but also campus attributes managed by a Shibboleth federation
Security oriented e-infrastructures supporting neurological research and clinical trials
The neurological and wider clinical domains stand to gain greatly from the vision of the grid in providing seamless yet secure access to distributed, heterogeneous computational resources and data sets. Whilst a wealth of clinical data exists within local, regional and national healthcare boundaries, access to and usage of these data sets demands that fine grained security is supported and subsequently enforced. This paper explores the security challenges of the e-health domain, focusing in particular on authorization. The context of these explorations is the MRC funded VOTES (Virtual Organisations for Trials and Epidemiological Studies) and the JISC funded GLASS (Glasgow early adoption of Shibboleth project) which are developing Grid infrastructures for clinical trials with case studies in the brain trauma domain
Secure data sharing and processing in heterogeneous clouds
The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors
Shibboleth and the challenge of authentication in multiple servers on a e-learning environment
L' objectiu d’aquest treball és l’estudi, implementació i prova d'un sistema de
autentificaciĂł compartida per a mĂşltiples servidors. Encara que des d'un principi es
sabia que es treballaria amb Shibboleth també s’han tingut en compte altres possibles
solucions. Shibboleth Ă©s un projecte desenvolupat per els membres de les universitats
que formen el consorci Internet2 amb l’ objectiu de desenvolupar un nou middleware
per a realitzar les funcions d’autentificació compartida en múltiples servidors i pensat
especĂficament per facilitar la col·laboraciĂł entre institucions i l’accĂ©s a continguts
digitals.
Shibboleth és una solució complerta ja que contempla des de l’autentificació ,
autoritzaciĂł i accounting, fins al sistema de login i els atributs a emprar. La qual cosa fa
que es converteixi en un entorn de treball molt segur però amb l’avantatge d’aportar
privacitat als usuaris.
El primer objectiu ha estat identificar les peculiaritats i requeriments dels entorns de elearning
distribuĂŻts, per això s’ha estudiat conceptes especĂfics de seguretat aixĂ com la
manera d’adaptar-los a l’entorn requerit. Desprès s’ha fet una comparativa de les
solucions existents al mercat amb una funcionalitat similar a Shibboleth, per tal de
presentar els avantatges i desavantatges de Shibboleth vers aquests.
Posteriorment, el treball ha consistit en entendre la estructura i els principis de
funcionament de Shibboleth, quin tipus de requeriments tenia, el funcionament i
objectius de cada part, estudiar els requeriments de l’entorn especĂfic per al qual ha
estat dissenyat (e-learning) i donar una idea general de com s’ hauria de fer la
implementació. També s’han estudiat totes les tecnologies i requeriments necessaris
per desenvolupar Shibboleth.
Una vegada estudiat Shibboleth i l'entorn especĂfic en el que s’hauria d’integrar, s’ha
muntat un escenari per a la posada en marxa i proves d’aquest, provant especĂficament
cada part i entenent amb les proves reals el funcionament. Amb l’escenari en
funcionament, la idea era integrar Shibboleth amb Sakai i Blackboard, els CMS (Course
Management System) utilitzats a on-campus, el campus virtual de la Fachhochschule
LĂĽbeck.
Per a finalitzar i a mode de conclusions s'ha fet una petita explicaciĂł dels resultats
obtinguts, una valoraciĂł de com Shibboleth resoldria les necessitats plantejades i
algunes propostes de millora
- …