A Shibboleth-protected privilege management infrastructure for e-science education

Citations
Altmetric
Author
Watt, J.; Ajayi, O.; Jiang, J.; Koetsier, J.; Sinnott, R. O.Date
2006Source Title
Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID)Publisher
IEEE Computer SocietyUniversity of Melbourne Author/s
Sinnott, RichardMetadata
Show full item recordDocument Type
Conference PaperCitations
Watt, J., Ajayi, O., Jiang, J., Koetsier, J., & Sinnott, R. O. (2006). A Shibboleth-protected privilege management infrastructure for e-science education. In Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID), Singapore.Access Status
Open AccessDescription
© 2006 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Abstract
Simplifying access to and usage of large scale compute resources via the grid is of critical importance to encourage the uptake of e-research. Security is one aspect that needs to be made as simple as possible for end users. The ESP-Grid and DyVOSE projects at the National e-Science Centre (NeSC) at the University of Glasgow are investigating security technologies which will make the end-user experience of using the grid easier and more secure. In this paper, we outline how simplified (from the user experience) authentication and authorization of users are achieved through single usernames and passwords at users' home institutions. This infrastructure, which will be applied in the second year of the grid computing module part of the advanced MSc in Computing Science at the University of Glasgow, combines grid portal technology, the Internet2 Shibboleth Federated Access Control infrastructure, and the PERMS role-based access control technology. Through this infrastructure inter-institutional teaching can be supported where secure access to federated resources is made possible between sites. A key aspect of the work we describe here is the ability to support dynamic delegation of authority whereby local/remote administrators are able to dynamically assign meaningful privileges to remote/local users respectively in a trusted manner thus allowing for the dynamic establishment of virtual organizations with fine grained security at their heart.
Export Reference in RIS Format
Endnote
- Click on "Export Reference in RIS Format" and choose "open with... Endnote".
Refworks
- Click on "Export Reference in RIS Format". Login to Refworks, go to References => Import References