Using virtual organizations membership system with EDG's grid security and database access

We describe the European data grid's (EDGs) Java security system and spitfire database access system giving special emphasis on the virtual organization technologies. These technologies create a feasible framework for authentication and authorization in distributed grid applications. A virtual...

Full description

Saved in:
Bibliographic Details
Published in:Proceedings. 15th International Workshop on Database and Expert Systems Applications, 2004 pp. 517 - 522
Main Authors: Niinimaki, M., White, J., de Cerff, W.S., Hahkala, J., Niemi, T., Pitkanen, M.
Format: Conference Proceeding
Language:English
Published: IEEE 2004
Subjects:
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We describe the European data grid's (EDGs) Java security system and spitfire database access system giving special emphasis on the virtual organization technologies. These technologies create a feasible framework for authentication and authorization in distributed grid applications. A virtual organization (VO) is a collection of people in the same administrative domain. A user can belong to many virtual organizations and have a different role (user, client, administrator, ..). in each of them. An authorization of a user to different services within a VO is based on the user's identity and a service called a virtual organization membership service (VOMS) that maps these identities with roles. The user proves his identity over the Internet using authentication process. The user normally authenticates using his credentials, which comprise of a certificate chain and a private key. In grid systems, the user usually authenticates using proxy credentials that are derived from the actual credentials. The proxy credentials comprise of the user's certificate chain added with a proxy certificate and a proxy private key. In the proxy creation process, the user's VO information, including groups and roles, is included into the proxy certificate. In order to use these proxy certificates with VO information we have created an authorization system and to demonstrate the usage we have extended the functionality spitfire, a relational database front end. This involves assigning the user a database role (read, write, update..). based on the VO information in his certificate. There is also a GUI for configuring the authorization service. The earth observation team's database access for ozone profile validation is used here as an example of an application.
ISBN:9780769521954
0769521959
ISSN:1529-4188
2378-3915
DOI:10.1109/DEXA.2004.1333527