skip to main content
10.1145/1111348.1111352acmotherconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

Ticket-based fine-grained authorization service in the dynamic VO environment

Published: 29 October 2004 Publication History

Abstract

Virtual Organization (VO) is a collection of users and distributed resources, in which resources are shared by users. Creating VOs is very important task in Grid computing. VOs are dynamically created for some goals and then disappear after the goals are achieved. Conventional authorization architectures for the Grid have been proposed in a single VO environment. However, in reality we often need to handle the situation of several dynamically created VOs. Hence, enough fine-grained authorization methods for all the Grid entities such as resource providers, VO manger, and users do not exist under the dynamic VO environment. In this paper, we propose a TAS architecture to support a fine-grained authorization service in a dynamic VO environment. In contrast to the conventional architecture, TAS architecture uses a ticket that is unforgeable and exchangeable among VO entities for resource control.

References

[1]
I. Foster, C. Kesselman, J. Nick, and S. Tuecke, "The Physioloby of the Grid: An Open Grid Services Architecture for Distributed Systems Integration," Open Grid Service Infrastructure WG (GGF), June 2002.]]
[2]
I. Foster, C. Kesselman, and S. Tuecke, "The Anatomy of the Grid: Enabling Scalable Virtual Organization," International Journal of Supercomputer Applications, pp.200--222, 2001.]]
[3]
I. Foster and C. Kesselman, "The Globus Project: A Status Report," Proceeding of the 7th Heterogeneous Computing Workshop, pp.4--19, March 1998.]]
[4]
L. Pearlman, V. Welch, I. Foster, and C. Kesselman, "A Community Authorization Service for Group Collaboration," Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.]]
[5]
M. Thompson, W. Johnston, S. Mudumbai, G. Hoo, K. Jackson, and A. Essiari, "Certificate-based Access Control for Widely Distributed Resources," Proceedings of the 8th USENIX Security Symposium, pp. 215--227, August 1999.]]
[6]
R. Alfieri, R. Cecchini, V. Ciaschini, L. dell'Agnello, Á. Frohner, A. Gianoli, K. Lõrentey and F. Spataro, "VOMS, an Authorization System for Virtual Organizations," European Across Grids Conference, pp. 33--40, 2003.]]
[7]
D. W. Chadwick and A. Otenko, "The PERMIS X.509 role based privilege management infrastructure," Future Generation Comp. Syst. 19(2), pp. 277--289, 2003.]]
[8]
Y. Fu, J. S. Chase, B. N. Chun, S. Schwab and A. Vahdat, "SHARP: an architecture for secure resource peering," SOSP, pp. 133--148, 2003.]]
[9]
K. Keahey and V. Welch, "Fine-Grain Authorization for Resource Management in the Grid Environment," GGF6, pp. 199--206, 2002.]]
[10]
The Globus Alliance, http://www.globus.org.]]
[11]
V. Welch, F. Siebenlist, I. Foster, J. Bresnahan, K. Czajkowski, J. Gawor, C. Kesselman, S. Meder, L. Pearlman, and S. Tuecke, "Security for Grid Services," HPDC-12, IEEE Press, June 2003.]]
[12]
XMS Signature, http://www.w3c.org/Signature.]]
[13]
I. Stoica, R. Morris, D. L. Nowell, D. R. Karger, M. F. Kaashoek, F. Dabek and H. Balakrishnan, "Chord: A Scalable Peer-to-peer Lookup Protocol for Internet Applications", IEEE/ACM Transactions on Networking, Vol. 11, No. 1, pp. 17--32, February 2003.]]
[14]
A. Rowstron and P. Druschel, "Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems," Proc. Of 18th IFIP/ACM International Conference on Distributed Systems Platforms, November 2001.]]
[15]
S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Shenker, "A Scalable Content-Addressable Network," ACM SIGCOMM '01, 2001.]]
[16]
B. Y. Zhao, J. D. Kubiatowicz, and A. D. Joseph, "Tapestry: An infrastructure for fault-tolerant wide-area location and routing," Univ. California, Berkeley, CA, Tech. Rep. CSD-01-1141, April, 2001.]]
[17]
XML Key Management Specification (XKMS), http://www.w3c.org/2001/XKMS/.]]
[18]
S. H. Kim, J. Kim, S. J. Hong, and S. W. Kim, "Workflow-based Authorization Service in Grid," 4th International Workshop on Grid Computing, pp. 94--100, 2003.]]
[19]
J. T. Kohl, B. C. Neuman, and T. Y. T'so, "The evolution of the Kerberos authentication system. In Distributed Open Systems," IEEE Computer Society Press, pp 78--94, 1994.]]

Cited By

View all
  • (2008)Mapping Virtual Organizations in Grids to Peer-to-Peer NetworksProceedings of the 2008 34th Euromicro Conference Software Engineering and Advanced Applications10.1109/SEAA.2008.72(127-134)Online publication date: 3-Sep-2008
  • (2005)Ticket-Based grid services architecture for dynamic virtual organizationsProceedings of the 2005 European conference on Advances in Grid Computing10.1007/11508380_41(394-403)Online publication date: 14-Feb-2005

Index Terms

  1. Ticket-based fine-grained authorization service in the dynamic VO environment

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      SWS '04: Proceedings of the 2004 workshop on Secure web service
      October 2004
      109 pages
      ISBN:158113973X
      DOI:10.1145/1111348
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 29 October 2004

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. VO
      2. XML security
      3. fine-grained authorization
      4. grid
      5. virtual organization

      Qualifiers

      • Article

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)1
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 25 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2008)Mapping Virtual Organizations in Grids to Peer-to-Peer NetworksProceedings of the 2008 34th Euromicro Conference Software Engineering and Advanced Applications10.1109/SEAA.2008.72(127-134)Online publication date: 3-Sep-2008
      • (2005)Ticket-Based grid services architecture for dynamic virtual organizationsProceedings of the 2005 European conference on Advances in Grid Computing10.1007/11508380_41(394-403)Online publication date: 14-Feb-2005

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media