Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

ROAM: An Authorization Manager for Grids

  • Published:
Journal of Grid Computing Aims and scope Submit manuscript

Abstract

The Resource Oriented Authorization Manager (ROAM) was created to provide a simple but flexible authorization system for the FusionGrid computational Grid. ROAM builds on and extends previous community efforts by both responding to access authorization requests and by providing a Web interface for resource management. ROAM works with the Globus Resource Allocation Manager (GRAM), and is general enough to be used by other virtual organizations that use Globus middleware or X.509/TLS authentication schemes to secure a Grid of distributed resources. In addition to describing ROAM, this paper discusses the basic design parameters of a Grid authorization system and the reasons for the choices made in the ROAM design.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Abbreviations

CAS:

Community Authorization Server

CGI:

Common Gateway Interface

DN:

Distinguished Name

DNS:

Domain Name System

FGM:

FusionGrid monitoring system

GRAM:

Globus Resource Allocation Manager

HTTP:

Hypertext Transfer Protocol

HTTPS:

secure HTTP

LBNL:

Lawrence Berkeley National Laboratory

MIT:

Massachusetts Institute of Technology

PHP:

PHP hypertext preprocessor

RBAC:

Role-based access control

RDF:

Resource Description Framework

ROAM:

Resource Oriented Authorization Manager

SAML:

Security Assertion Markup Language

SSL:

Secure Sockets Layer

TDI:

Tree Data Interface

VOMS:

Virtual Organization Membership Service

XACML:

eXtensible access control markup language

XML:

eXtensible markup language

References

  1. Schissel, D.P., et al.: Building the U.S. National Fusion Grid: Results from the National Fusion Collaboratory Project. Fusion Eng. Des. 71, 245–250 (2004)

    Article  Google Scholar 

  2. Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational Grids. In: Proc. 5th ACM Conf. on Computer and Communications Security, San Francisco, California, pp. 83–92, 2–5 November 1998

  3. Fredian, T.W., Stillerman, J.A.: MDSplus: Current developments and future directions. Fusion Eng. Des. 60, 229 (2002)

    Article  Google Scholar 

  4. Burruss, J.R., et al.: Remote computing using the National Fusion Grid. Fusion Eng. Des. 71, 251–255 (2004)

    Article  Google Scholar 

  5. Czajkowski, K., et al.: A resource management architecture for metacomputing systems. In: Proc. 4th Workshop on Job Scheduling Strategies for Parallel Processing in Conjunction with IPPS/SPDP '98, Orlando, Florida, p. 62, 30 March 1998

  6. Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based authorization policy in a PKI environment. ACM Trans. Inf. Syst. Secur. (TISSEC) 6(4), 566–588 (2003)

    Article  Google Scholar 

  7. Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration. In: Proc. IEEE 3rd Intl. Workshop on Policies for Distributed Systems and Networks, Monterey, California, 5–7 June 2002

  8. Alfieri, R., Cecchini, R., Ciaschini, V., dell 'Agnello, L., Frohner, A., Gianoli, A., Lorentey, K.L., Spataro, F.: VOMS: An authorization system for virtual organizations. In: The 1st European Across Grids Conf., Santiago de Compostela, Spain, 13–14 February 2003

  9. Housley, R., et al.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. RFC 2459, http://www.ietf.org/rfc/rfc3280.txt (2002)

  10. Britton, D., Clarke, P., Coles, J., Colling, D., Doyle, A., Fisher, S.M., Irving, A.C., Jensen, J., McNab, A., Newbold, D.: A Grid for particle physics – From testbed to production. Tech Report, University of Glasgow, GLAS-PPE/2004-05 http//:ppewww.ph.gla.ac.uk/preprints/2004/05/2004-05.doc

  11. Lupu, E.C., et al.: A policy based role framework for access control. In: Proc. 1st ACM Workshop on Role-Based Access Control (RBAC '95), Gaithersburg, Maryland, 30 November–2 December 1995

  12. Lampson, B.W.: Protection. In: Proc. 5th Princeton Symp. on Information Sciences and Systems, March 1971 [reprinted in Operating Systems Review 8(1), 18–24 (1974)]

  13. Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext Transfer Protocol – HTTP/1.1, RFC 2616, http://www.ietf.org/rfc/rfc2616.txt (1999)

  14. Rescorla, E.: HTTP over TLS. RFC 2818, http://www.ietf.org/rfc/rfc2818.txt (2000)

  15. Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the Grid: MyProxy. In: Proc. 10th IEEE Intl. Symp. on High Performance Distributed Computing (HPDC-10 2001), San Francisco, California, pp. 104–111, 7–9 August 2001

  16. Momjian, B.: PostgreSQL: Introduction and Concepts. Addison-Wesley Longman Publishing Co., Inc., Boston, Massachusetts (2000)

    Google Scholar 

  17. The Common Gateway Interface, http://hoohoo.ncsa.uiuc.edu/cgi/overview.html, accessed December 5, 2005

  18. Achour, M., et al.: PHP Manual, http://www.php.net/manual/en/, November 25, 2005, accessed December 5, 2005

  19. Laurie, B., Laurie, P.: Apache: The Definitive Guide, 3rd edn. O'Reilly & Associates, Inc., Sebastopol, California (2002)

    Google Scholar 

  20. Thomas, M., et al.: The GridPort Toolkit Architecture for building Grid portals. In: Proc. 10th IEEE Intl. Symp. on High Performance Distributed Computing (HPDC-10 2001), San Francisco, California, 7–9 August 2001

  21. Freier, A.O.: SSL Protocol V. 3.0. http://wp.netscape.com/eng/ssl3/ssl-toc.html, March 1996, accessed December 5, 2005

  22. Mockapetris, M.: Domain names – Concepts and facilities, RFC 1034, http://www.ietf.org/rfc/rfc1034.txt (1987)

  23. Bernard, L.C., et al.: GATO: An MHD stability code for axisymmetric plasmas with internal separatrices. Comput. Phys. Commun. 24, 377 (1981)

    Article  Google Scholar 

  24. Mishra, P., et al.: Bindings and profiles for the OASIS Security Assertion Markup Language (SAML). http: //www.oasis-open.org / committees / security / docs/draft-sstc-bindings-model-07.pdf, December 2001, accessed December 5, 2005

  25. Godik, S., et al.: OASIS eXtensible Access Control Markup Language (XACML), http://lists.oasis-open.org/archives/wsia/200205/pdf00001.pdf, May 2002, accessed December 5, 2005

  26. Yergeau, F., et al.: Extensible Markup Language (XML) 1.0 (Third Edition), http://www.w3.org/TR/2004/REC-xml-20040204/, February 2004, accessed December 5, 2005

  27. Blaze, M., Feigenbaurm, J., Lacey, J.: Decentralized trust management. In: Proc. IEEE CS Symp. on Security and Privacy, Oakland, California, pp. 164–173, 6–8 May 1996

  28. RDF Primer. In: Manola, F., Miller, E. (eds.) W3C Recommendation, February 10, 2004, http://www.w3.org/TR/2004/REC-rdf-primer-20040210/

  29. Owl Web Ontology Language Reference. In: Dean, M., Schrieber, G. (eds.) W3C Recommendation, February 10, 2004, http://www.w3.org/TR/2004/REC- owl-ref-20040210/

  30. Flanagan, S., et al.: A general purpose data analysis monitoring system with case studies from the National Fusion Grid and the DIII-D MDSplus between pulse analysis system. Fusion Eng. Des. 71, 263–267 (2004)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. General Atomics, P.O. Box 85608, San Diego, CA, 92186-5608, USA

    J. R. Burruss

  2. Massachusetts Institute of Technology, Cambridge, MA, USA

    T. W. Fredian

  3. Lawrence Berkeley National Laboratory, Berkeley, CA, USA

    M. R. Thompson

Authors
  1. J. R. Burruss
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. T. W. Fredian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. R. Thompson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to J. R. Burruss.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Burruss, J.R., Fredian, T.W. & Thompson, M.R. ROAM: An Authorization Manager for Grids. J Grid Computing 4, 413–423 (2006). https://doi.org/10.1007/s10723-006-9050-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10723-006-9050-8

Key words

Search

Navigation