Authorisation and identity mapping services for the Open Science Grid - Citegraph

Paper Info

Title
Authorisation and identity mapping services for the Open Science Grid

Abstract
An attribute-based authorisation infrastructure developed for the Open Science Grid (OSG) is presented. The infrastructure integrates existing identity-mapping and group-membership services using concepts prototyped in the PRIMA system. Authorisation scenarios for requests to compute and data resources are detailed. A new SAML obligated authorisation decision statement is introduced that attaches an XACML obligation to the authorisation decision. The use of obligations enables site-centralised, service-independent policy management. Authorisation decisions are enforced via a Workspace Service that creates constrained execution environments configured in accordance with the obligations and other attribute-based information. Finally, an experimental PRIMA authorisation service that extends and simplifies the infrastructure is described.

Year	DOI	Venue
2008	10.1504/IJHPCN.2008.020859	IJHPCN
Keywords	Field	DocType
attribute-based authorisation infrastructure,attribute-based information,prima system,authorisation decision statement,workspace service,open science grid,experimental prima authorisation service,identity mapping service,authorisation scenario,authorisation decision,xacml obligation,grid computing,authorisation	Obligation,Grid computing,Computer science,Computer security,Workspace,Authorization,XACML,Open science,Access control,Grid	Journal
Volume	Issue	Citations
5	3	1
PageRank	References	Authors
0.36	5	7

Authors (7 rows)

Cited by (1 rows)

References (5 rows)

Name	Order	Citations	PageRank
Markus Lorch	1	189	14.93
Dennis Kafura	2	294	58.98
Ian Fisk	3	5	1.43
Kate Keahey	4	798	59.49
T. Freeman	5	786	74.19
Abhishek Singh Rana	6	1	0.36
Frank W&#252/rthwein	7	1	0.36

1