CHEP09 Abstract - An XACML profile and implementation for Authorization Interoperability between OSG and EGEE

Document #:

CS-doc-2986-v1

Document type:

Conference

Submitted by:

Gabriele Garzoglio

Updated by:

Gabriele Garzoglio

Document Created:

12 Nov 2008, 09:13

Contents Revised:

19 May 2009, 10:30

Metadata Revised:

19 May 2009, 10:30

Abstract:

The Open Science Grid (OSG) and the Enabling Grids for E-sciencE (EGEE) have a common security model, based on Public Key Infrastructure. Grid resources grant access to users because of their membership in a Virtual Organization (VO), rather than on personal identity. Users push VO membership information to resources in the form of identity attributes, thus declaring that resources will be consumed on behalf of a specific group inside the organizational structure of the VO. Resources contact an access policies repository, centralized at each site, to grant the appropriate privileges for that VO group.

Despite the commonality of the model, OSG and EGEE use different protocols for the communication between resources and the policy repositories. Middleware developed for one Grid could not naturally be deployed on the other Grid, since the authorization module of the middleware would have to be enhanced to support the other Grid's communication protocol. In addition, maintenance and support for different authorization call-out protocols represents a duplication of effort for our relatively small community.

To address these issues, OSG and EGEE initiated a joint project on Authorization Interoperability. The project defined a common communication protocol and attribute identity profile for authorization call-out and provided implementation and integration with major Gird middleware. The activity had resonance with middleware development communities, such as the Globus Toolkit and Condor, who decided to join the collaboration and contribute requirements and software. In this paper, we discuss the main elements of the profile, its implementation, and deployment in EGEE and OSG.

Files in Document:

• Authorization Interoperability CHEP09 Paper (AuthZ-Interop-Chep09-Paper-v1.0.pdf, 563.9 kB)
• Authorization Interoperability CHEP09 Talk (CHEP09-AuthZ-Interop-talk-v1.0.ppt, 1.1 MB)

Topics:

• Shared Systems and Services:Grid

Authors:

• Mine Altunay
• Rachana Ananthakrishnan
• Keith Chadwick
• Vincenzo Ciaschini,
• Yuri Demchenko
• Alberto Forti
• Gabriele Garzoglio
• Ted Hesselroth
• John Hover
• Tanya Levshina
• Jay Packard
• Valery Sergeev
• Igor Sfiligoi
• Neha Sharma
• Frank Siebenlist
• Valerio Venturi
• John Weigand

Keywords:

CHEP09 abstracts OSG Group Authorization Interoperability

Associated with Events:

CHEP 2009 held from 21 Mar 2009 to 27 Mar 2009 in Prague, Czech Republic