The widespread use of grid technology and distributed compute power, with all its inherent benefits, will only be established if the use of that technology can be guaranteed efficient and secure. The predominant method for currently enforcing security is through the use of public key infrastructures (PKI) to support authentication and the use of access control lists (ACL) to support authorisation. These systems alone do not provide enough fine-grained control over the restriction of user rights, necessary in a dynamic grid environment. This paper compares the implementation and experiences of using the current standard for grid authorisation with Globus - the grid security infrastructure (GSI) - with the role-based access control (RBAC) authorisation infrastructure PERMIS. The suitability of these security infrastructures for integration with regard to existing grid technology is presented based upon experiences within the JISC-funded DyVOSE project

Sinnott, R.O.

Stell, A.J.

Watt, J.P.

English

Enlighten

A Community Authorisation Service for Group Collaboration,

A Comparison of the Akenti and PERMIS Authorization Infrastructures,

Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML)

Authorisation and Accounting (AAA) Programme Technologies for Information Environment Security (TIES),

Authorization and Attribute Certificates for Widely Distributed Access Control,

Cardea: Dynamic Access Control in Distributed Systems,

Dynamic Virtual Organisations in e-Science Education project (DyVOSE),

E.Ball, Role-based Access Control with X.509 Attribute Certificates,

European Datagrid Authorization Working group,

Experiences using Bridge CAs for Grids,

Grid Security: An Evaluation of Authorisation Infrastructures for Grid Computing, MSc Dissertation,

ISO/IEC 10181-3:1996, Security Frameworks for open systems: Access control framework

ISO/IEC 9594-8. The Directory: Authentication Framework.

Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructures,

Research Informatics Delivered by Grid Enabled Services

Role Management Infrastructure Standards Validation project www.permis.org

The PERMIS X.509 Role Based Privilege Management Infrastructure,

UK e-Science Certification Authority,

Virtual Organisation Management, The London E-Science centre,

Virtual Organisations for Trials and Epidemiological Studies project (VOTES),

Comparison of advanced authorisation infrastructures for grid computing

© 2005 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.The widespread use of grid technology and distributed compute power, with all its inherent benefits, will only be established if the use of that technology can be guaranteed efficient and secure. The predominant method for currently enforcing security is through the use of public key infrastructures (PKI) to support authentication and the use of access control lists (ACL) to support authorisation. These systems alone do not provide enough fine-grained control over the restriction of user rights, necessary in a dynamic grid environment. This paper compares the implementation and experiences of using the current standard for grid authorisation with Globus - the grid security infrastructure (GSI) - with the role-based access control (RBAC) authorisation infrastructure PERMIS. The suitability of these security infrastructures for integration with regard to existing grid technology is presented based upon experiences within the JISC-funded DyVOSE project.15-18 May 200

Stell, A. J.

Sinnott, R. O.

Watt, J. P.

University of Melbourne Institutional Repository

Enlighten: Publications

http://minerva-access.unimelb.edu.au/bitstream/11343/28783/1/264035_sinnott_comparison%20of%20advanced.pdf

Comparison of advanced authorisation infrastructures for grid computing

Abstract

Similar works

Full text

Available Versions

Enlighten

University of Melbourne Institutional Repository

Enlighten: Publications