Title :
Using SAML and XACML for Complex Resource Provisioning in Grid Based Applications
Author :
Demchenko, Yuri ; Gommans, Leon ; de Laat, Cees
Author_Institution :
Univ. of Amsterdam, Amsterdam
Abstract :
This paper presents ongoing research and current results on the development of flexible access control infrastructure for complex resource provisioning (CRP) in Grid-based applications. The paper proposes a general CRP model and specifies major requirements to the Authorisation (AuthZ) service infrastructure to support multidomain CRP, focusing on two main issues - policy expression for complex resource models and AuthZ session support. The paper provides suggestions about using XACML and its special profiles to describe access control policies to complex resources and briefly describes proposed XML based AuthZ ticket format to support extended AuthZ session context. Additionally, the paper discusses what specific functionality can be added to the gLite Java Authorisation Framework (gJAF), to handle dynamic security context including AuthZ session support. The paper is based on experiences gained from major Grid based and Grid oriented projects such as EGEE, Phosphorus and GigaPort Research on Network.
Keywords :
Java; XML; authorisation; formal specification; grid computing; resource allocation; AuthZ session support; AuthZ ticket format; SAML; XACML; authorisation service infrastructure; complex resource provisioning; dynamic security; flexible access control infrastructure; gLite Java Authorisation Framework; grid based application; grid oriented project; policy expression; Access control; Authorization; Collaboration; Computer networks; Distributed computing; Grid computing; Java; Middleware; Resource management; Security;
Conference_Titel :
Policies for Distributed Systems and Networks, 2007. POLICY '07. Eighth IEEE International Workshop on
Conference_Location :
Bologna
Print_ISBN :
0-7695-2767-1
DOI :
10.1109/POLICY.2007.48
