X.509 Authentication and Authorization in Fermi Cloud
Pages 732 - 737
Abstract
We present a summary of how X.509 authentication and authorization are used with Open Nebula in Fermi Cloud. We also describe a history of why the X.509 authentication was needed in Fermi Cloud, and review X.509 authorization options, both internal and external to Open Nebula. We show how these options can be and have been used to successfully run scientific workflows on federated clouds, which include Open Nebula on Fermi Cloud and Amazon Web Services as well as other community clouds. We also outline federation options being used by other commercial and open-source clouds and cloud research projects.
References
[1]
R. Hously et al, "Internet X.509 Public Key Infrastruture Certificate and CRL Profile" https://www.ietf.org/rfc/rfc2459
[2]
R. Rivest, A. Shamir, L. Adleman, "A Method for Obtaining Digital Signature and Public-key Cryptosystems", Communications of the ACM 21 120- 126 1978.
[3]
R. Alfieri et al. 2004. VOMS, an authorization system for virtual organizations Proceedings of European across Grids conference No1, Santiago De Compostela, Spain 2970 33-40.
[4]
M. Lorch, D. Kafura, I. Fisk, K. Keahey, G. Carcassi, T. Freeman, T. Peremutov, A. S. Rana. 2005. Authorization and account management in the Open Science Grid The 6th IEEE/ACM International Workshop on Grid Computing, 2005.
[5]
http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html
[6]
http://toolkit.globus.org/toolkit/security/
[7]
http://fermigrid.fnal.gov
[8]
R. Pordes, D. Petravick, B. Kramer, D. Olson, M. Livny, A. Roy, P. Avery, K. Blackburn, T. Wenaus, F. Wurthwein, I. Foster, R. Gardner, M. Wilde, A. Blatecky, J. McGee, and R. Quick 2007. The Open Science Grid Journal of Physics: Conference Series, 78 15.
[9]
http://code.macournoyer.com/thin/
[10]
https://tools.ietf.org/html/rfc7292
[11]
https://wiki.nikhef.nl/grid/LCMAPS
[12]
http://www.egi.eu
[13]
R. Moreno-Vozmediano, R. S. Monero, I. M. Llorente, IaaS Cloud Architecture: From Virtualized Datacenters to Federated Cloud Infrastructures, IEEE Computer, vol. 45, pp. 65-72, Dec. 2012.
[14]
https://www.oasis-open.org/committees/download.php/13525/sstc-saml-exec-overview-2.0-cd-01-2col.pdf
[15]
K. Keahey, I. Foster, T. Freeman, X. Zhang, D. Galron, Virtual Workspaces In The Grid, Europar 2005, Lisbon, Portugal, Sep. 2005.
[16]
http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=X.509
[17]
S. Timm, K. Chadwick, G. Garzoglio, S. Y. Noh, Grids, virtualization, and Clouds at Fermilab, in Proceedings of the 20th International Conference on Computing in High Energy and Nuclear Physics (CHEP 2013), Journal of Physics: Conference Series 513 (2014). D. L. Groep and D. Bonacorsi, eds. IOP Publishing.
[18]
G. Garzoglio, J. Bester, K. Chadwick, D. Dykstra, D. Groep, J. Gu, T. Hesselroth et al. "Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware in OSG and EGEE." In Journal of Physics: Conference Series, vol. 331, no. 6, p. 062011. IOP Publishing, 2011.
[19]
P. Mhashilkar, A. Tiaradani, B. Holzman, K. Larson, I. Sfiligoi, and M. Rynge, Cloud Bursting With Glidein WMS: Means to satisfy ever increasing needs for Scientific Workflows. In Journal of Physics: Conference Series 513 (2014). D. L. Groep and D. Bonacorsi, eds., IOP Publishing.
Index Terms
- X.509 Authentication and Authorization in Fermi Cloud
Recommendations
Two Factor Authentication using M-pin Server for Secure Cloud Computing Environment
Cloud computing is comprised of major demand from the every group of organization because of easy availability and cost effectiveness. The responsibilities of cloud service providers will become increasing more due to the great progression in every ...
An Efficient Schema Shared Approach for Cloud Based Multitenant Database with Authentication and Authorization Framework
3PGCIC '11: Proceedings of the 2011 International Conference on P2P, Parallel, Grid, Cloud and Internet ComputingSoftware-as-a-Service (SaaS) is a service model for delivering application as cloud services over the internet on subscription basis to multiple clients. This has forced the use of shared databases termed as multitenant databases. Multitenancy refers to ...
A Formal Approach for the Identification of Authorization Policy Conflicts within Multi-Cloud Environments
AbstractThe use of the Cloud computing has been constantly on the rise. The flexible billing model coupled with elastic resource provisioning make the Cloud appealing to consumers. However there are still many challenges associated with the Cloud limiting ...
Comments
Information & Contributors
Information
Published In
December 2014
1035 pages
ISBN:9781479978816
Sponsors
Publisher
IEEE Computer Society
United States
Publication History
Published: 08 December 2014
Check for updates
Author Tags
Qualifiers
- Article
Acceptance Rates
Overall Acceptance Rate 38 of 125 submissions, 30%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 72Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 09 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in