e-Science logo Nesc logo
About NeSC
e-Science Institute
e-Science Hub
e-Science Events
Presentations & Lectures
Technical Papers
Global Grid Links
UK e-Science Centres
UK e-Science Teams
Career Opportunities
Bibliographic Database


Paper ID: 2496

Demonstration of Shibboleth in Action across a Range of Security focused Grid Projects

Appeared in: SuperComputing 2006 (http://sc06.supercomputing.org/)
Page Numbers:
Year: 2006
Contributing Organisation(s):
Field of Science: e-Science

URL: http://www.nesc.ac.uk/papers/staff/sc06.pdf

Abstract: One of the critical factors to the success of Grid technologies is ease of use. To encourage wider uptake, the access to large scale computational and data resources such as the National Grid Service (NGS) (www.ngs.ac.uk) needs to be made as simple as possible for the end user. Currently, the end user experience of interacting with such resources typically begins with obtaining an UK e-Science X.509 certificate issued by the UK Certification Authority (CA) at Rutherford Appleton Laboratories (RAL) (www.grid-support.ac.uk/ca). This can often be an arduous process, especially for non-IT experienced researchers, requiring them to follow a detailed recipe for obtaining the certificates and converting them into appropriate formats before they are then able to access the resources. Experiences indicate that users are uncomfortable with certificates, their management and overall use to access and use Grid resources. It is also the case that these certificates are primarily used for authentication only whereas many domains require finer grained security models due to the nature of the research, the computational resources, the data sets or for example the fact that licenses are needed to access Grid resources. The UK academic community is currently in the process of deploying Shibboleth technologies to support local, existing methods of authentication for remote login to resources. Through this model, sites are expected to trust local security infrastructures for example in establishing the identity of users (authentication) and their associated privileges (authorisation). To support this, the Shibboleth architecture and associated protocols identify several key components that should be supported including Identity Providers (typically their home sites/institutions), Service Providers (for example Grid services or data resources) and optionally Where Are You From (WAYF) services. Through these components, end users will have - ideally - single usernames and passwords at their home sites which will provide for seamless access to a range of resources at collaborating institutions and service providers. Local security policies at service provider sites can then be used to restrict (authorise) what resources authenticated users are allowed access to.

Keywords: Grid, Security, Shibboleth



Last Updated: 22 Jun 12 11:02
This is an archived website, preserved and hosted by the School of Physics and Astronomy at the University of Edinburgh. The School of Physics and Astronomy takes no responsibility for the content, accuracy or freshness of this website. Please email webmaster [at] ph [dot] ed [dot] ac [dot] uk for enquiries about this archive.