Abstract
Grids enable uniform access to resources by implementing standard interfaces to resource gateways. In the Open Science Grid (OSG), privileges are granted on the basis of the user's membership to a Virtual Organization (VO). However, individual Grid sites are solely responsible to determine and control access privileges to resources. While this guarantees that the sites retain full control on access rights, it often leads to heterogeneous VO privileges throughout the Grid and hardly fits with the Grid paradigm of uniform access to resources. To address these challenges, we developed the Scalable Virtual Organization Privileges Management Environment (SVOPME), which provides tools for VOs to define, publish, and verify desired privileges. Moreover, SVOPME provides tools for grid sites to analyze site access policies for various resources, verify compliance with preferred VO policies, and generate directives for site administrators on how the local access policies can be amended to achieve such compliance without taking control of local configurations away from site administrators. This paper describes how SVOPME implements privilege management tools for the OSG and our experiences in deploying and running the tools in a test bed. Finally, we outline our plan to continue to improve SVOPME and have it included as part of the standard Grid software distributions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Foster I and Kasselman C 1997 Globus: A Metacomputing Infrastructure Toolkit International Journal of Supercomputer Applications, 11(2) 115-128
Ceccanti A, Ciaschini V, Dimou M, Garzoglio G, Levshina T, Traylen S, Venturi V 2009 VOMS/VOMRS Utilization patterns and convergence plan Proceedings of Computing in High Energy Physics and Nuclear Physics 2009, Prague, Czech Republic
Pordes R et al. 2007 The Open Science Grid Journal of Physics: Conference Series 78 15
Laure E et al. 2004 Middleware for the next generation Grid infrastructure Proceedings of Computing in High Energy Physics and Nuclear Physics 2004, Interlaken, Switzerland 826
Cesini D, Ciaschini V, Dongiovanni D, Ferraro A, Forti A, Ghiselli A, Italiano A, Salomoni D 2008 Enabling a priority-based fair share in the EGEE infrastructure Journal of Physics: Conference Series 119 062023 DOI:10.1088/1742-6596/119/6/062023
The EGEE Authorization Service:http://twiki.cern.ch/twiki/bin/view/EGEE/AuthorizationFrameworkAccessed on May 13, 2009
Garzoglio G et al. 2009 Definition and Implementation of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware in OSG and EGEE Journal of Grid Computing DOI: 10.1007/s10723-009-9117-4
Garzoglio G et al. 2009 An XACML profile and implementation for Authorization Interoperability between OSG and EGEE Proceedings of Computing in High Energy Physics and Nuclear Physics 2009, Prague, Czech Republic
Garzoglio G et al. 2008 An XACML Attribute and Obligation Profile for Authorization Interoperability in Grids Fremilab White Paper CD-doc-2952-v2
Lorch M, Kafura D, Fisk I, Keahey K, Carcassi G, Freeman T, Peremutov T, Rana A S 2005 Authorization and account management in the Open Science Grid The 6th IEEE/ACM International Workshop on Grid Computing, 2005
Moses T et al. 2005 Extensible access control markup language (xacml) version 2.0 Oasis Standard
Cantor S, Kemp J, Philpott R, Maler R 2005 Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2. 0 OASIS SSTC
Alfieri R et al. 2004 VOMS, an authorization system for virtual organizations Proceedings of European across Grids conference No1, Santiago De Compostela, Spain 2970 33-40
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this paper
Cite this paper
Wang, N., Garzoglio, G., Ananthan, B., Timm, S., Levshina, T. (2011). Toward SVOPME, a Scalable Virtual Organization Privileges Management Environment. In: Lin, S., Yen, E. (eds) Data Driven e-Science. Springer, New York, NY. https://doi.org/10.1007/978-1-4419-8014-4_17
Download citation
DOI: https://doi.org/10.1007/978-1-4419-8014-4_17
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4419-8013-7
Online ISBN: 978-1-4419-8014-4
eBook Packages: Computer ScienceComputer Science (R0)