|NeSC Bibliographic Database|
Demonstration of Shibboleth in Action across a Range of Security focused Grid Projects
Appeared in: SuperComputing 2006 (http://sc06.supercomputing.org/)
Field of Science: e-Science
Abstract: One of the critical factors to the success of Grid technologies is ease of use. To encourage wider uptake, the access to large scale computational and data resources such as the National Grid Service (NGS) (www.ngs.ac.uk) needs to be made as simple as possible for the end user. Currently, the end user experience of interacting with such resources typically begins with obtaining an UK e-Science X.509 certificate issued by the UK Certification Authority (CA) at Rutherford Appleton Laboratories (RAL) (www.grid-support.ac.uk/ca). This can often be an arduous process, especially for non-IT experienced researchers, requiring them to follow a detailed recipe for obtaining the certificates and converting them into appropriate formats before they are then able to access the resources. Experiences indicate that users are uncomfortable with certificates, their management and overall use to access and use Grid resources. It is also the case that these certificates are primarily used for authentication only whereas many domains require finer grained security models due to the nature of the research, the computational resources, the data sets or for example the fact that licenses are needed to access Grid resources. The UK academic community is currently in the process of deploying Shibboleth technologies to support local, existing methods of authentication for remote login to resources. Through this model, sites are expected to trust local security infrastructures for example in establishing the identity of users (authentication) and their associated privileges (authorisation). To support this, the Shibboleth architecture and associated protocols identify several key components that should be supported including Identity Providers (typically their home sites/institutions), Service Providers (for example Grid services or data resources) and optionally Where Are You From (WAYF) services. Through these components, end users will have - ideally - single usernames and passwords at their home sites which will provide for seamless access to a range of resources at collaborating institutions and service providers. Local security policies at service provider sites can then be used to restrict (authorise) what resources authenticated users are allowed access to.
Keywords: Grid, Security, Shibboleth
|Last Updated: 22 Jun 12 11:02|