Help us make Indico better by taking this survey! Aidez-nous à améliorer Indico en répondant à ce sondage !

Mar 21 – 27, 2009
Prague
Europe/Prague timezone

An XACML profile and implementation for Authorization Interoperability between OSG and EGEE

Mar 26, 2009, 5:10 PM
20m
Club B (Prague)

Club B

Prague

Prague Congress Centre 5. května 65, 140 00 Prague 4, Czech Republic
oral Grid Middleware and Networking Technologies Grid Middleware and Networking Technologies

Speaker

Gabriele Garzoglio (FERMI NATIONAL ACCELERATOR LABORATORY)

Description

The Open Science Grid (OSG) and the Enabling Grids for E-sciencE (EGEE) have a common security model, based on Public Key Infrastructure. Grid resources grant access to users because of their membership in a Virtual Organization (VO), rather than on personal identity. Users push VO membership information to resources in the form of identity attributes, thus declaring that resources will be consumed on behalf of a specific group inside the organizational structure of the VO. Resources contact an access policies repository, centralized at each site, to grant the appropriate privileges for that VO group. Despite the commonality of the model, OSG and EGEE use different protocols for the communication between resources and the policy repositories. Middleware developed for one Grid could not naturally be deployed on the other Grid, since the authorization module of the middleware would have to be enhanced to support the other Grid's communication protocol. In addition, maintenance and support for different authorization call-out protocols represents a duplication of effort for our relatively small community. To address these issues, OSG and EGEE initiated a joint project on Authorization Interoperability. The project defined a common communication protocol and attribute identity profile for authorization call-out and provided implementation and integration with major Grid middleware. The activity had resonance with middleware development communities, such as the Globus Toolkit and Condor, who decided to join the collaboration and contribute requirements and software. In this paper, we discuss the main elements of the profile, its implementation, and deployment in EGEE and OSG.

Primary author

Gabriele Garzoglio (FERMI NATIONAL ACCELERATOR LABORATORY)

Co-authors

Alberto Forti (INFN CNAF, Bologna, Italy) Andrea Ferraro (INFN CNAF, Bologna, Italy) Chad La Joie (SWITCH, Zürich, Switzerland) David Groep (NIKHEF, Amsterdam, The Netherlands) Frank Siebenlist (Argonne National Laboratory, Argonne, IL, USA) Håkon Sagehaug (BCCS, Bergen, Norway) Ian Alderman (University of Wisconsin, Madison, WI, USA) Igor Sfiligoi (FERMI NATIONAL ACCELERATOR LABORATORY) Jay Packard (Brookhaven National Laboratory, Upton, NY, USA) Joe Bester (Argonne National Laboratory, Argonne, IL, USA) John Hover (Brookhaven National Laboratory, Upton, NY, USA) John Weigand (FERMI NATIONAL ACCELERATOR LABORATORY) Keith Chadwick (FERMI NATIONAL ACCELERATOR LABORATORY) Mine Altunay (FERMI NATIONAL ACCELERATOR LABORATORY) Neha Sharma (FERMI NATIONAL ACCELERATOR LABORATORY) Oscar Koeroo (NIKHEF, Amsterdam, The Netherlands) Rachana Ananthakrishnan (Argonne National Laboratory, Argonne, IL, USA) Tanya Levshina (FERMI NATIONAL ACCELERATOR LABORATORY) Ted Hesselroth (FERMI NATIONAL ACCELERATOR LABORATORY) Valerio Venturi (INFN CNAF, Bologna, Italy) Valery Sergeev (FERMI NATIONAL ACCELERATOR LABORATORY) Vincenzo Ciaschini (INFN CNAF, Bologna, Italy) Yuri Demchenko (University of Amsterdam, Amsterdam, The Netherlands) Zach Miller (University of Wisconsin, Madison, WI, USA)

Presentation materials