A key feature of Grid environment is the sharing of computing and storage: users operate on resources not directly owned by them. Often users working on the same research project are grouped in a Virtual Organization (VO) to use a common authorization policy on this resources. Many international experiments, however, use different Grid middleware platforms with their own authorization framework. This leads to interoperability problems for scientists of the same experiment, using their national Grid infrastructure. Usually VOs and resource providers share contracts to regulate resource usage. The enforcement of such arrangements needs an agreed interoperable authorization mechanism based on policies that can be written by VOs and resources providers. This process can be applied using a flexible and distributed policy framework, where complex relationships can be enforced being able to manage both policies created by VOs and policies created by Grid sites. G-PBox policy framework, in conjunction with VOMS Attribute Authority, is our proposal to represent, manage and distribute such policies in a transparent way. G-PBox approach is based on a set of XACML policies databases belonging separately to VOs and resource providers, each containing at least policies regarding it own organization. In this paper we describe how VO oriented tools like VOMS and G-PBox can be deployed across different VOs and resource providers. It will show how VO managers and sites administrators can set up agreed policies for resource sharing optimization and experiment computing prioritization, making best use of their time and resources. It will underline also that adoption of assertion and policy Grid standard, as SAML and XACML, provides an effective advantage in order to allow an accepted authentication and authorization interoperability among services of different Grid domains based on different mechanisms

Distributed policy framework across multiple grid domains

GIANOLI, Alberto;LUPPI, Eleonora;STAGNI, Federico;TOMASSETTI, Luca
2007

Abstract

A key feature of Grid environment is the sharing of computing and storage: users operate on resources not directly owned by them. Often users working on the same research project are grouped in a Virtual Organization (VO) to use a common authorization policy on this resources. Many international experiments, however, use different Grid middleware platforms with their own authorization framework. This leads to interoperability problems for scientists of the same experiment, using their national Grid infrastructure. Usually VOs and resource providers share contracts to regulate resource usage. The enforcement of such arrangements needs an agreed interoperable authorization mechanism based on policies that can be written by VOs and resources providers. This process can be applied using a flexible and distributed policy framework, where complex relationships can be enforced being able to manage both policies created by VOs and policies created by Grid sites. G-PBox policy framework, in conjunction with VOMS Attribute Authority, is our proposal to represent, manage and distribute such policies in a transparent way. G-PBox approach is based on a set of XACML policies databases belonging separately to VOs and resource providers, each containing at least policies regarding it own organization. In this paper we describe how VO oriented tools like VOMS and G-PBox can be deployed across different VOs and resource providers. It will show how VO managers and sites administrators can set up agreed policies for resource sharing optimization and experiment computing prioritization, making best use of their time and resources. It will underline also that adoption of assertion and policy Grid standard, as SAML and XACML, provides an effective advantage in order to allow an accepted authentication and authorization interoperability among services of different Grid domains based on different mechanisms
2007
9781424409228
Grid; Distributed Systems; Accounting; Authorization; Authentication; Policies
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in SFERA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11392/525543
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 0
social impact