Author :
Yamamoto, Naotaka ; Kojima, Isao ; Tanaka, Yoshio ; Sekiguchi, Satoshi
Author_Institution :
Inf. Technol. Res. Inst., Nat. Inst. of Adv. Ind. Sci. & Technol., Tsukuba, Japan
Abstract :
The authors have been leading the GEO Grid project since 2005. This project is primarily aiming at providing an e-Science infrastructure for the worldwide Earth Sciences community. The GEO Grid is designed to virtually integrate all relevant data as a VO-enabled service based on Grid technology, and as such, is accessible as a set of services. This kind of infrastructure is demanded not only by geoscience, but also by biology, high-energy physics, and astronomy. In particular, an integration of existing application-driven service specifications is needed by the application community. However, the specifications in the geoscience community, which are discussed in the open geospatial consortium (OGC), are usually implemented in GET and POST operations under HTTP. Thus, it is difficult to enforce the security framework of Grid technology to OGC services, because the Grid security framework require SOAP-based application protocols. Hence, we consider the architecture and an implementation method for enabling them. In this paper, we design a security framework of the GEO grid services based on the requirements from an example application scenario. These services comply with standardized specifications from both grid technologies and the geoscience community thereby achieving service harmonization. In order to achieve this framework, we implement a credential broker, called OGCProxy, which provides an access method that the user connect VO-enabled OGC services without any modifications of existing applications. We also implement a credential delegation for OGC services, which is impossible so far, to achieve complex chaining, such as cascading services, third party data transfer, applying high performance computing behind processing services, etc. As a result of this security framework, an application that uses a complex chaining of VO-enabled OGC services is available without any modifications.
Keywords :
authorisation; formal specification; geographic information systems; geophysics computing; grid computing; protocols; GEO grid; Global Earth Observation; OGCProxy credential broker; SOAP-based application protocol; access control; application-driven service specification; geoscience community; grid security framework; open geospatial consortium; virtual organization-enabled service harmonization; Astronomy; Data security; Earth; Geoscience; High performance computing; Information technology; Physics; Protocols; Satellites; Space technology; GSI; Grid Security Infrastructure; VO; Virtual Organization;