ROAM: An Authorization Manager for Grids

Abstract: The Resource Oriented Authorization Manager (ROAM) was created to provide a simple but flexible authorization system for the FusionGrid computational Grid. ROAM builds on and extends previous community efforts by both responding to access authorization requests and by providing a Web interface for resource management. ROAM works with the Globus Resource Allocation Manager (GRAM), and is general enough to be used by other virtual organizations that use Globus middleware or X.509/TLS authentication schemes to se… Show more

“…In past Grid projects, proprietary services have often been developed to address this issue (e.g. CAS [34], PRIMA [27], ROAM [6]) but none of them established itself as a widely accepted community standard as they were too tightly coupled with the middleware and the local resources. A standardization on SAML/XACML profiles to be used by all middlewares is available [11] but has not been widely adopted yet.…”

“…Django routes HTTP requests to Python functions ("view" functions), that are responsible for returning content to the user. Access control is most easily done through Python function decorators: if a view function is marked with the login required decorator, then Django ensures that HTTP requests to that URL come from logged-in users, and will redirect any unauthorized request to the site login page 6. Since the SlcsInit and VomsProxyInit servlets run in a Java server, completely separated by the server running Django, an issue arises as how to communicate certificate/proxy location and passphrases back and forth from the Django decorator to the Java servlets.…”

GridCertLib: A Single Sign-on Solution for Grid Web Applications and Portals

“…In past Grid projects, proprietary services have often been developed to address this issue (e.g. CAS [34], PRIMA [27], ROAM [6]) but none of them established itself as a widely accepted community standard as they were too tightly coupled with the middleware and the local resources. A standardization on SAML/XACML profiles to be used by all middlewares is available [11] but has not been widely adopted yet.…”

“…Django routes HTTP requests to Python functions ("view" functions), that are responsible for returning content to the user. Access control is most easily done through Python function decorators: if a view function is marked with the login required decorator, then Django ensures that HTTP requests to that URL come from logged-in users, and will redirect any unauthorized request to the site login page 6. Since the SlcsInit and VomsProxyInit servlets run in a Java server, completely separated by the server running Django, an issue arises as how to communicate certificate/proxy location and passphrases back and forth from the Django decorator to the Java servlets.…”

GridCertLib: A Single Sign-on Solution for Grid Web Applications and Portals

“…• Os trabalhos [Lorch e Kafura, 2004] e [Burruss et al, 2006] adotam modelos com políticas complexas para a criação e gerenciamento de contas Unix locais, utilizadas na execução das tarefas. Por mais flexíveis que as políticas adotadas sejam, sua efetivação é realizada por mecanismos locais, nos quais os recursos disponíveis podem variar de acordo com a grade computacional utilizada.…”

Plataforma para efetivação de múltiplas políticas de controle de acesso em ambientes de grade computacional

A vision for a collaborative control room for ITER