In this paper we present a computational infrastructure, the Security Backbone, which is able to satisfy security requirements arising from resource sharing and services interoperability in Grid-like environments, without having to rely on a Public-Key Infrastructure (PKI). Motivation of our approach is rooted in the well-known difficulties encountered to show that interoperability of PKIs is effective or efficient in real-world environments. The proposed solution uses a security layer, lying between the communication and the application level, which provides confidentiality, integrity and authentication services in a fully transparent way from the application point of view, thus enabling the deployment of distributed network applications satisfying the highest security constraints, at a very low organizational and financial cost. Moreover, we have designed a service for scalable and flexible management of authorization policies governing access to resources shared by members of a Virtual Organization, by improving on the Community Authorization Service distributed with the Globus Toolkit.
Arcieri, F., Fioravanti, F., Nardelli, E., Talamo, M. (2004). A Specification for Security Services on Computational Grids. In Grid Services Engineering and Management, Proceedings (pp.237-274). Berlin / Heidelberg : Springer [10.1007/978-3-540-30190-5_9].
A Specification for Security Services on Computational Grids
NARDELLI, ENRICO;TALAMO, MAURIZIO
2004-01-01
Abstract
In this paper we present a computational infrastructure, the Security Backbone, which is able to satisfy security requirements arising from resource sharing and services interoperability in Grid-like environments, without having to rely on a Public-Key Infrastructure (PKI). Motivation of our approach is rooted in the well-known difficulties encountered to show that interoperability of PKIs is effective or efficient in real-world environments. The proposed solution uses a security layer, lying between the communication and the application level, which provides confidentiality, integrity and authentication services in a fully transparent way from the application point of view, thus enabling the deployment of distributed network applications satisfying the highest security constraints, at a very low organizational and financial cost. Moreover, we have designed a service for scalable and flexible management of authorization policies governing access to resources shared by members of a Virtual Organization, by improving on the Community Authorization Service distributed with the Globus Toolkit.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
