Abstract
Grid technologies support collaborative e-Research typified by multiple institutions and resources seamlessly shared to tackle common research problems. The rules for collaboration and resource sharing are commonly achieved through establishment and management of virtual organizations (VOs) where policies on access and usage of resources by collaborators are defined and enforced by sites involved in the collaboration. The expression and enforcement of these rules is made through access control systems where roles/privileges are defined and associated with individuals as digitally signed attribute certificates which collaborating sites then use to authorize access to resources. Key to this approach is that the roles are assigned to the right individuals in the VO; the attribute certificates are only presented to the appropriate resources in the VO; it is transparent to the end user researchers, and finally that it is manageable for resource providers and administrators in the collaboration. In this paper, we present a security model and implementation improving the overall usability and security of resources used in Grid-based e-Research collaborations through exploitation of the Internet2 Shibboleth technology. This is explored in the context of a major new security focused project at the National e-Science Centre (NeSC) at the University of Glasgow in the nanoCMOS electronics domain.
Chapter PDF
Similar content being viewed by others
References
UK National Grid Service (NGS), http://www.grid-support.ac.uk/
Jensen, J.: The UK e-Science Certification Authority. In: Proceedings of the UK e-Science All-Hands Meeting, Nottingham, UK (September 2003)
UK Rutherford Appleton Laboratories (RAL), http://www.grid-support.ac.uk/content/view/23/55/
Sinnott, R.O., Jiang, J., Watt, J., Ajayi, O.: Shibboleth-based Access to and Usage of Grid Resources. In: Proceedings of IEEE International Conference on Grid Computing, Barcelona, Spain (September 2006)
Meetings the Design Challenges of nanoCMOS Electronics, http://www.nanocmos.ac.uk
Sinnott, R.O., Watt, J., Jiang, J., Stell, A.J., Ajayi, O.: Single Sign-on and Authorization for Dynamic Virtual Organizations. In: 7th IFIP Conference on Virtual Enterprises, PRO-VE 2006, Helsinki, Finland (September 2006)
Watt, J., Sinnott, R.O., Jiang, J., Ajayi, O., Koetsier, J.: A Shibboleth-Protected Privilege Management Infrastructure for e-Science Education. In: 6th International Symposium on Cluster Computing and the Grid CCGrid 2006, Singapore (May 2006)
Housley, R., Polk, T.: Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructures. Wiley Computer Publishing, Chichester (2001)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29, 38–47 (1996)
Ninghui, L., Mitchell, J.C., Winsborough, W.H.: Design of a Role-based Trust-management Framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (2002)
Chadwick, D.W., Otenko, A.: The PERMIS X.509 Role Based Privilege Management Infrastructure. In: Future Generation Computer Systems, vol. 936, pp. 1–13. Elsevier Science BV, Amsterdam (2002)
Virtual Organization Membership Service (VOMS), http://hep-project-grid-scg.web.cern.ch/hep-project-grid-scg/voms.html
Sinnott, R.O., Stell, A.J., Chadwick, D.W., Otenko, O.: Experiences of Applying Advanced Grid Authorisation Infrastructures. In: Sloot, P.M.A., Hoekstra, A.G., Priol, T., Reinefeld, A., Bubak, M. (eds.) EGC 2005. LNCS, vol. 3470, pp. 265–275. Springer, Heidelberg (2005)
Sinnott, R.O., Stell, A.J., Watt, J.: Comparison of Advanced Authorisation Infrastructures for Grid Computing. In: Proceedings of International Conference on High Performance Computing Systems and Applications, Guelph, Canada (May 2005)
Shibboleth, http://shibboleth.internet2.edu/
Shibboleth Architecture Technical Overview, http://shibboleth.internet2.edu/docs/draft-maceshibboleth-tech-oberview-latest.pdf
UK Access Management Federation, http://www.ukfederation.org.uk/
eduPerson Specification, http://www.educause.edu/eduperson/
Shibboleth Attribute Release Policy Editor, http://federation.org.au/twiki/bin/view/Federation/ShARPE
OMII SPAM-GP project, http://www.nesc.ac.uk/hub/projects/omii-sp
Delegation Issuing Service (DIS), http://sec.cs.kent.ac.uk/permis/downloads/Level3/DIS.shtml
Integrating VOMS and PERMIS for Superior Secure Grid Management (VPMan), http://sec.cs.kent.ac.uk/vpman/
Sinnott, R.O., Chadwick, D.W., Doherty, T., Martin, D., Stell, A., Stewart, G., Su, L., Watt, J.: Advanced Security for Virtual Organizations: Exploring the Pros and Cons of Centralized vs Decentralized Security Models. In: 8th IEEE International Symposium on Cluster Computing and the Grid (CCGrid 2008), Lyon, France (May 2008)
Sinnott, R.O., Watt, J., Chadwick, D.W., Koetsier, J., Otenko, O., Nguyen, T.A.: Supporting Decentralized, Security focused Dynamic Virtual Organizations across the Grid. In: 2nd IEEE International Conference on e-Science and Grid Computing, Amsterdam (December 2006)
Reid, D., Millar, C., Roy, G., Roy, S., Sinnott, R.O., Stewart, G., Asenov, A.: Supporting Statistical Semiconductor Device Analysis using EGEE and OMII-UK Middleware. In: 3rd EGEE User Conference, Clermont-Ferrand, France (February 2008)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sinnott, R.O., Doherty, T., Martin, D., Millar, C., Stewart, G., Watt, J. (2008). Supporting Security-Oriented, Collaborative nanoCMOS Electronics Research. In: Bubak, M., van Albada, G.D., Dongarra, J., Sloot, P.M.A. (eds) Computational Science – ICCS 2008. ICCS 2008. Lecture Notes in Computer Science, vol 5101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69384-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-69384-0_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69383-3
Online ISBN: 978-3-540-69384-0
eBook Packages: Computer ScienceComputer Science (R0)