Fermilab Computing Division

CS Document 2952-v3

An XACML Attribute and Obligation Profile for Authorization Interoperability in Grids

Document #:
Document type:
Submitted by:
Marcia A Teckenbrock
Updated by:
Gabriele Garzoglio
Document Created:
14 Oct 2008, 13:36
Contents Revised:
22 Aug 2011, 17:12
Metadata Revised:
22 Aug 2011, 17:12
Viewable by:
  • Public document
Modifiable by:

Quick Links:
Latest Version

Other Versions:
14 Oct 2008, 14:22
Goal of the Authorization Interoperability activity is providing interoperability between middleware and authorization infrastructures. This is achieved by designing and implementing an authorization protocol common to OSG VO services, EGEE, Globus, and Condor. This protocol is based on the SAML profile of XACML v2.0.

The authorization protocol is used by Policy Enforcement Points (PEP), i.e. resource gateways, to interact with Policy Decision Points (PDP), i.e. repository of authorization policies. For each access request, the PDP informs the PEP on whether access is granted or denied and the conditions to be enforced if access if granted. These conditions are expressed in the form of XACML Obligations and are the mechanism to restrict privileges at Grid resources.

DocDB Home ]  [ Search ] [ Authors ] [ Events ] [ Topics ]

DocDB Version 8.8.10, contact Document Database Administrators