article

A standards-based interoperable single sign-on framework in ARC Grid middleware

Authors:

Weizhong Qiang,

Aleksandr Konstantinov,

Deqing Zou,

Laurence T. YangAuthors Info & Claims

Journal of Network and Computer Applications, Volume 35, Issue 3

Pages 892 - 904

https://doi.org/10.1016/j.jnca.2011.03.006

Published: 01 May 2012 Publication History

Abstract

Security infrastructure is one of the most challenging tasks in the development, integration and deployment of Grid middlewares. Even though the Grid community addresses the security issue through public key infrastructures (PKI) to support mutual authentication using X.509 certificates, maintaining X.509 credentials is not that easy for non-IT-experts, and has proved to be an obstacle for a more wide deployment of Grid technologies. The identity federation is an increasingly popular technology that can facilitate cross-domain single sign-on without requiring the users to maintain any credentials additional to their own institutional accounts. We believe that utilizing identity federation for Grid middlewares is a promising path for the Grid technology to get more widely used. This paper describes a single sign-on infrastructure developed as a part of the NorduGrid ARC (Advanced Resource Connector) Grid middleware. It adopts the identity federation standard (SAML), as well as other Web Service standards. It focuses on a single sign-on solution at the middleware level for users to access Grids by only using their frequently used accounts, without being bothered to maintain X.509 credentials. Users can use their username/password only to access Grids developed in ARC middleware, as well as access Grids developed in other middlewares that requires users to provide X.509 certificates. Moreover, the single sign-on for workflow-like Grid applications (in which intermediate entities act on behalf of users) is also supported. As an important aspect of single sign-on, authorization is also considered by implementing an attribute-based authorization using SAML standard. In addition, the performance of single sign-on solution is measured. We identify performance limitations of security-related services inside this solution, and analyse the ways to avoid the limitations. To our knowledge, the work presented in this paper is the first evaluated implementation that utilizes identity federation for Grid usage on the middleware level.

References

[1]

Ahsant M, Basney J, Mulmo O. Grid delegation protocol, UK workshop on grid security experiences, Oxford, 2004.

Abstract

References

Cited By

Index Terms

Recommendations

The Design and Implementation of Standards-Based Grid Single Sign-On Using Federated Identity

The Interoperable Attribute-based Authorization in ARC Grid Middleware

A distributed workflow management model for grid middleware

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations