Your search keyword '"Hakon Sagehaug"' showing total 2 results

1. Definition and Implementation of a SAML-XACML Profile for Authorization Interoperability Across Grid Middleware in OSG and EGEE

Author

Mine Altunay, Ted Hesselroth, Chad La Joie, Igor Sfiligoi, David Groep, Tanya Levshina, Keith Chadwick, Joe Bester, Jay Packard, Rachana Ananthakrishnan, Yuri Demchenko, Ian D. Alderman, John Hover, Frank Siebenlist, Valery Sergeev, O Koeroo, A. Ferraro, Hakon Sagehaug, Zach Miller, Gabriele Garzoglio, John Weigand, Valerio Venturi, V. Ciaschini, N. Sharma, and Alberto Forti

Subjects

Grid middleware, Standardization, Computer Networks and Communications, Computer science, Interoperability, Authorization, XACML, computer.software_genre, Grid, Hardware and Architecture, Component-based software engineering, Operating system, computer, Software, Information Systems, computer.programming_language

Abstract

In order to ensure interoperability between middleware and authorization infrastructures used in the Open Science Grid (OSG) and the Enabling Grids for E-science (EGEE) projects, an Authorization Interoperability activity was initiated in 2006. The interoperability goal was met in two phases: firstly, agreeing on a common authorization query interface and protocol with an associated profile that ensures standardized use of attributes and obligations; and secondly implementing, testing, and deploying on OSG and EGEE, middleware that supports the interoperability protocol and profile. The activity has involved people from OSG, EGEE, the Globus Toolkit project, and the Condor project. This paper presents a summary of the agreed-upon protocol, profile and the software components involved.

Published

2009

2. XACML profile and implementation for authorization interoperability between OSG and EGEE

Author

N. Sharma, Mine Altunay, Steven Timm, V. Ciaschini, Rachana Ananthakrishnan, C La Joie, Frank Siebenlist, John Weigand, Valerio Venturi, A. Ferraro, John Hover, Gabriele Garzoglio, Ted Hesselroth, A.C. Forti, Joe Bester, Ian D. Alderman, O Koeroo, Hakon Sagehaug, Yuri Demchenko, Igor Sfiligoi, David Groep, Tanya Levshina, Keith Chadwick, Jay Packard, and Z Miller

Subjects

History, Computer science, Virtual organization, Interoperability, XACML, Public key infrastructure, Computer security model, computer.software_genre, Grid, Computer security, Computer Science Applications, Education, World Wide Web, Middleware (distributed applications), Communications protocol, computer, computer.programming_language

Abstract

The Open Science Grid (OSG) and the Enabling Grids for E-sciencE (EGEE) have a common security model, based on Public Key Infrastructure. Grid resources grant access to users because of their membership in a Virtual Organization (VO), rather than on personal identity. Users push VO membership information to resources in the form of identity attributes, thus declaring that resources will be consumed on behalf of a specific group inside the organizational structure of the VO. Resources contact an access policies repository, centralized at each site, to grant the appropriate privileges for that VO group. Before the work in this paper, despite the commonality of the model, OSG and EGEE used different protocols for the communication between resources and the policy repositories. Hence, middleware developed for one Grid could not naturally be deployed on the other Grid, since the authorization module of the middleware would have to be enhanced to support the other Grid's communication protocol. In addition, maintenance and support for different authorization call-out protocols represents a duplication of effort for our relatively small community. To address these issues, OSG and EGEE initiated a joint project on authorization interoperability. The project defined a common communication protocol and attribute identity profile for authorization call-out and provided implementation and integration with major Grid middleware. The activity had resonance with middleware development communities, such as the Globus Toolkit and Condor, who decided to join the collaboration and contribute requirements and software. In this paper, we discuss the main elements of the profile, its implementation, and deployment in EGEE and OSG. We focus in particular on the operations of the authorization infrastructures of both Grids.

Published

2010