13-17 February 2006
Tata Institute of Fundamental Research
Europe/Zurich timezone

An integrated framework for VO-oriented authorization, policy-based management and accounting.

15 Feb 2006, 09:00
9h 10m
Homi Bhabha Road Mumbai 400005 India
Mr Gian Luca Rubini (INFN-CNAF)


One of the most interesting challenges of the 'computing Grid' is how to administer grid resources allocation and data access, in order to obtain an effective and optimized computing usage and a secure data access. To reach this goal, a new entity has appeared, the Virtual Organization (VO), which represents a distributed community of users, accessing a distributed computing environment. This new concept has affected all the proposed models for administering authentication, authorization policies and accounting, and the VO name has already become an attribute of the user certificate traveling in the grid. This paper describes the architecture of an integrated framework, based on the Virtual Organization Membership Service (VOMS), the Grid-Policy Box (G-PBox) and the Distributed Grid Accounting System (DGAS), providing respectively authentication, policy-based authorization and credit-based accounting and how they are managed by the VOs. It shows how the VO can build groups, assign roles and associate policies and credits to each group and role, in a dynamic way, and implement the agreements with the resource owners, then a view on how these systems can be integrated into a real grid (gLite/LCG) and how they are used by the Workload Management System(WMS) operating in EGEE is described. This integrated framework shows a VO-based approach to authorization, policy and accounting as an effective and efficient use of the Grid. VO specific use-cases will be described.

Primary author

Mr Gian Luca Rubini (INFN-CNAF)


Mr Andrea Caltroni (INFN-PD) Mr Andrea Ferraro (INFN-CNAF) Mr Andrea Guarise (INFN-TO) Ms Antonia Ghiselli (INFN-CNAF) Mr Giuseppe Patania (INFN-TO) Mr Rosario M. Piro (INFN-TO) Mr Vincenzo Ciaschini (INFN-CNAF)

