Using workflow for dynamic security context management in Grid-based applications
2006 (English)In: Proc. IEEE ACM Int. Workshop Grid Comput., 2006, 72-79 p.Conference paper (Refereed)
This paper presents ongoing research and current results on the development of flexible access control infrastructures for complex resource provisioning in Grid-based collaborative applications and on-demand network services provisioning. We investigate the use of workflow concepts for the required orchestration of multiple Grid resources and/or services across multiple administrative and security domains. In particular, workflow execution and management tools can be used to track security context changes that are dependent on the application domain, execution stage defined policies, or user and/or service attributes. The paper discusses what specific functionality should be added to Grid-oriented authorization frameworks to handle such dynamic service-related security contexts. As an example, the paper explains how such functionality can be achieved in the GAAA Authorization framework and GAAA toolkit. Suggestions are given about integration with the Globus Toolkit's Authorization Framework. Additionally, the paper analyses what possibilities of expressing and handling dynamic security contexts are available in XACML and SAML, and how the VO concept can be used for managing dynamic security associations of users and resources. The paper is based on experiences gained from major Grid based and Grid oriented projects such as EGEE, NextGrid, Collaboratory.nl and GigaPort Research on Network.
Place, publisher, year, edition, pages
2006. 72-79 p.
, Proceedings - IEEE/ACM International Workshop on Grid Computing, ISSN 1550-5510
Access control, FORTRAN (programming language), Management, Research, Application domains, authorization frameworks, Complex resource provisioning, dynamic security, Globus Toolkit (GT), grid resources, Grid-based applications, Grid-based collaborative applications, international conferences, management tools, On-demand network services, Security context, security domains, Service attributes, workflow execution, Grid computing
IdentifiersURN: urn:nbn:se:kth:diva-155349DOI: 10.1109/ICGRID.2006.311000ISI: 000245376900010ScopusID: 2-s2.0-36248962630ISBN: 1424403448ISBN: 9781424403448OAI: oai:DiVA.org:kth-155349DiVA: diva2:763331
7th IEEE/ACM International Conference on Grid Computing, GRID 2006, 28-29 September 2006, Barcelona, Spain
QC 201411142014-11-142014-11-052014-11-14Bibliographically approved