Shibboleth Access for Resources on the National Grid Service (SARoNGS)

Wang, Xiao Dong; Jones, Mike; Jensen, Jens; Richards, Andrew; Wallom, David; Ma, Tiejun; Frank, Robert G.; Spence, Donald P.; Young, Steven D.; Devereux, C.; Geddes, N. I.

doi:10.1109/ias.2009.163

Cited by 11 publications

(8 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SAML assertions are used in UNICORE infrastructures, GridShib [21] allows applying SAML assertions in Globus Toolkit infrastructures, and SAML is supported by various security infrastructures like the open-source software Shibboleth. The latter provides federated and scalable access to DCIs and is widely used (e.g., in the Swiss grid infrastructure [22], in a UK grid infrastructure [23]). Currently, no standard has evolved for cloud infrastructures like Amazon EC2 [24].…”

Section: Security Infrastructuresmentioning

confidence: 99%

A Science Gateway Getting Ready for Serving the International Molecular Simulation Community

Gesing¹,

Herres‐Pawlis²,

Brinkmann³

et al. 2012

Proceedings of EGI Community Forum 2012 / EMI Second Technical Conference — PoS(EGICF12-EMITC2)

View full text Add to dashboard Cite

Section: Security Infrastructuresmentioning

confidence: 99%

A Science Gateway Getting Ready for Serving the International Molecular Simulation Community

Gesing¹,

Herres‐Pawlis²,

Brinkmann³

et al. 2012

Proceedings of EGI Community Forum 2012 / EMI Second Technical Conference — PoS(EGICF12-EMITC2)

View full text Add to dashboard Cite

“…Thus, a significant part of the authorization in SARoNGS takes place within the grid resource provider's service whereas ACD assumes the role of a delegated authorization decision maker for those resources. The SARoNGS model is essentially the VOMS model [6] with Shibboleth presented to the user and the grid X.509 Certificates hidden [13]. The advantages of ACD over SARoNGS are that the VO members' activities can be more tightly controlled (helping VO-based security) and managed (delegating responsibility for usability to the VO and the AHE).…”

Section: Related Workmentioning

confidence: 99%

“…There are certainly precedents for the concept of VOs used in ACD whereby users invoke either their local credentials or a dedicated username and password, such as in the 'community account' system provided by TeraGrid [28] and SARoNGS [13] offered by NGS. For instance, the community account system allows scientists to access grid resources using a dedicated username and password via a Web portal.…”

Section: Related Workmentioning

confidence: 99%

“…ACD is more than simply a security layer. Existing solutions such as MyProxy, Shibboleth and SARoNGS only provide credential repositories to store short-lived X.509 certificates (Myproxy), web-based single sign-on (Shibboleth), and web portals to access grid resources using a combination of Shibboleth and VOMS (SARoNGS) [9,13]. None of these solutions provides a holistic VO-controlled security solution in the way ACD does.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Audited credential delegation: a usable security solution for the virtual physiological human toolkit

et al. 2011

View full text Add to dashboard Cite

We present applications of audited credential delegation (ACD), a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience. Current security solutions are based on public key infrastructure (PKI). While PKI offers strong security for VPH projects, it suffers from serious usability shortcomings in terms of end-user acquisition and management of credentials which deter scientists from exploiting distributed VPH environments. By contrast, ACD supports the use of local credentials. Currently, a local ACD username -password combination can be used to access grid-based resources while Shibboleth support is underway. Moreover, ACD provides seamless and secure access to shared patient data, tools and infrastructure, thus supporting the provision of personalized medicine for patients, scientists and clinicians participating in e-health projects from a local to the widest international scale.

show abstract

“…ac.uk/ca. Whilst other authentication models have also been explored including federated authentication models of access and usage based upon the Internet2 Shibboleth technology [2] in JISC funded projects such as SHEBANGS [3], ShibGrid [4] and SARONGS [5], the primary and most commonly adopted authentication model by the research community is still based upon X.509 PKI-based authentication where users acquire and maintain their own X.509 certificates and use them to create proxy credentials when submitted jobs or accessing data on resources such as the NGS. We note also that the UK e-Science CA also issues host certificates that can be used for similar purposes.…”

Section: Introductionmentioning

confidence: 99%

The Design, Development and Application of a Proxy Credential Auditing Infrastructure for Collaborative Research

Bayliss

Sinnott

Jie

et al. 2011

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

Abstract-Single sign-on and delegation of privileges are fundamental tenets upon which e-Infrastructures and Grid-based research more generally have been based. The realisation of single sign-on and delegation of privileges in accessing resources such as the UK e-Science National Grid Service (NGS -http://www.ngs.ac.uk) and other national facilities is typically facilitated by X.509-based Public Key Infrastructures (PKI) and exploitation of proxy certificates. This model can be categorised by authentication-oriented access and usage of resources. It is the case however that proxy certificates, can potentially be obtained and abused by a malicious third party without the knowledge of the holder. There is currently no method for end users to detect such misuse. In this paper we describe a novel proxy auditing solution that addresses this issue directly. We describe the design and implementation of this solution and illustrate its application in widely distributed and heterogeneous research environments. We focus in particular on the needs and requirements of such a facility in the ESRC funded Data Management through eSocial Science (DAMES -www.dames.org.uk) project, where secure access and monitoring of social simulations and associated data sets are required by the researchers and associated data providers.

show abstract

Shibboleth Access for Resources on the National Grid Service (SARoNGS)

Cited by 11 publications

References 8 publications

A Science Gateway Getting Ready for Serving the International Molecular Simulation Community

A Science Gateway Getting Ready for Serving the International Molecular Simulation Community

Audited credential delegation: a usable security solution for the virtual physiological human toolkit

The Design, Development and Application of a Proxy Credential Auditing Infrastructure for Collaborative Research

Contact Info

Product

Resources

About