Authorisation infrastructure for on-demand network resource provisioning
High performance Grid applications require high speed network infrastructure that should be capable to provide network connectivity service on-demand. This paper presents results of the development of the Authorisation (AuthZ) infrastructure for on-demand multidomain network resource provisioning (N...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Tagungsbericht |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 103 |
|---|---|
| container_issue | |
| container_start_page | 95 |
| container_title | |
| container_volume | |
| creator | Demchenko, Y. Wan, A. Cristea, M. de Laat, C. |
| description | High performance Grid applications require high speed network infrastructure that should be capable to provide network connectivity service on-demand. This paper presents results of the development of the Authorisation (AuthZ) infrastructure for on-demand multidomain network resource provisioning (NRP). We propose a general Complex Resource Provisioning (CRP) model that can be used as a basis for AuthZ infrastructure development providing a common abstraction for provisioning both network and Grid resources. This model allows common policy expressions, using single user sign-on credentials when requesting and accessing complex Grid-Network resources. The implementation described is based on the generic AAA Authorisation Framework (GAAA-AuthZ) and suggests a number of security mechanisms and components that extends GAAA-AuthZ to achieve consistent policy enforcement and security context management: Token Validation Service (TVS), AuthZ ticket used for AuthZ session management, a special XACML profile for NRP, reference model for policy obligations handling (OHRM). The proposed infrastructure and solutions are being implemented in the framework of the EU project Phosphorus and use authors experiences gained from the major Grid based and Grid oriented projects. |
| doi_str_mv | 10.1109/GRID.2008.4662787 |
| format | Conference Proceeding |
| fullrecord | <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4662787</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4662787</ieee_id><sourcerecordid>4662787</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-fc9ceba27924030dbc6d248ba32e8c8659a506b07ec2e9feaa5800ebb3a857a03</originalsourceid><addsrcrecordid>eNpFkE1OwzAUhM1PJdrSAyA2uUDCs2PH9rIqpa1UCQnBunKcFzDQuLIdELcniApmM4uZ-RZDyBWFglLQN6uHzW3BAFTBq4pJJU_IhHLGORNS81MyZlSwfGiWZ_-Bqs7_AiVGZPID0MA5lxdkFuMrDBJcKkHHZD3v04sPLprkfJe5rg0mptDb1AfMWh8y3-UN7k3XZB2mTx_esoDR98Fidgj-w8Vh57rnSzJqzXvE2dGn5Olu-bhY59v71WYx3-aOSpHy1mqLtWFSMw4lNLWtGsZVbUqGyqpKaCOgqkGiZahbNEYoAKzr0ighDZRTcv3LdYi4OwS3N-Frd7yn_AbdelSm</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Authorisation infrastructure for on-demand network resource provisioning</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Demchenko, Y. ; Wan, A. ; Cristea, M. ; de Laat, C.</creator><creatorcontrib>Demchenko, Y. ; Wan, A. ; Cristea, M. ; de Laat, C.</creatorcontrib><description>High performance Grid applications require high speed network infrastructure that should be capable to provide network connectivity service on-demand. This paper presents results of the development of the Authorisation (AuthZ) infrastructure for on-demand multidomain network resource provisioning (NRP). We propose a general Complex Resource Provisioning (CRP) model that can be used as a basis for AuthZ infrastructure development providing a common abstraction for provisioning both network and Grid resources. This model allows common policy expressions, using single user sign-on credentials when requesting and accessing complex Grid-Network resources. The implementation described is based on the generic AAA Authorisation Framework (GAAA-AuthZ) and suggests a number of security mechanisms and components that extends GAAA-AuthZ to achieve consistent policy enforcement and security context management: Token Validation Service (TVS), AuthZ ticket used for AuthZ session management, a special XACML profile for NRP, reference model for policy obligations handling (OHRM). The proposed infrastructure and solutions are being implemented in the framework of the EU project Phosphorus and use authors experiences gained from the major Grid based and Grid oriented projects.</description><identifier>ISSN: 2152-1085</identifier><identifier>ISBN: 1424425786</identifier><identifier>ISBN: 9781424425785</identifier><identifier>EISSN: 2152-1093</identifier><identifier>EISBN: 1424425794</identifier><identifier>EISBN: 9781424425792</identifier><identifier>DOI: 10.1109/GRID.2008.4662787</identifier><identifier>LCCN: 2008904447</identifier><language>eng</language><publisher>IEEE</publisher><subject>AAA Authorisation Framework ; Access control ; Authorisation session ; Authorization ; Complex Resource Provisioning ; Context modeling ; Logic gates ; Middleware ; Multidomain Network Resource Provisioning ; Resource management ; Security ; Token Validation Service ; XACML</subject><ispartof>2008 9th IEEE/ACM International Conference on Grid Computing, 2008, p.95-103</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4662787$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,27902,54895</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4662787$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Demchenko, Y.</creatorcontrib><creatorcontrib>Wan, A.</creatorcontrib><creatorcontrib>Cristea, M.</creatorcontrib><creatorcontrib>de Laat, C.</creatorcontrib><title>Authorisation infrastructure for on-demand network resource provisioning</title><title>2008 9th IEEE/ACM International Conference on Grid Computing</title><addtitle>GRID</addtitle><description>High performance Grid applications require high speed network infrastructure that should be capable to provide network connectivity service on-demand. This paper presents results of the development of the Authorisation (AuthZ) infrastructure for on-demand multidomain network resource provisioning (NRP). We propose a general Complex Resource Provisioning (CRP) model that can be used as a basis for AuthZ infrastructure development providing a common abstraction for provisioning both network and Grid resources. This model allows common policy expressions, using single user sign-on credentials when requesting and accessing complex Grid-Network resources. The implementation described is based on the generic AAA Authorisation Framework (GAAA-AuthZ) and suggests a number of security mechanisms and components that extends GAAA-AuthZ to achieve consistent policy enforcement and security context management: Token Validation Service (TVS), AuthZ ticket used for AuthZ session management, a special XACML profile for NRP, reference model for policy obligations handling (OHRM). The proposed infrastructure and solutions are being implemented in the framework of the EU project Phosphorus and use authors experiences gained from the major Grid based and Grid oriented projects.</description><subject>AAA Authorisation Framework</subject><subject>Access control</subject><subject>Authorisation session</subject><subject>Authorization</subject><subject>Complex Resource Provisioning</subject><subject>Context modeling</subject><subject>Logic gates</subject><subject>Middleware</subject><subject>Multidomain Network Resource Provisioning</subject><subject>Resource management</subject><subject>Security</subject><subject>Token Validation Service</subject><subject>XACML</subject><issn>2152-1085</issn><issn>2152-1093</issn><isbn>1424425786</isbn><isbn>9781424425785</isbn><isbn>1424425794</isbn><isbn>9781424425792</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2008</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNpFkE1OwzAUhM1PJdrSAyA2uUDCs2PH9rIqpa1UCQnBunKcFzDQuLIdELcniApmM4uZ-RZDyBWFglLQN6uHzW3BAFTBq4pJJU_IhHLGORNS81MyZlSwfGiWZ_-Bqs7_AiVGZPID0MA5lxdkFuMrDBJcKkHHZD3v04sPLprkfJe5rg0mptDb1AfMWh8y3-UN7k3XZB2mTx_esoDR98Fidgj-w8Vh57rnSzJqzXvE2dGn5Olu-bhY59v71WYx3-aOSpHy1mqLtWFSMw4lNLWtGsZVbUqGyqpKaCOgqkGiZahbNEYoAKzr0ighDZRTcv3LdYi4OwS3N-Frd7yn_AbdelSm</recordid><startdate>200809</startdate><enddate>200809</enddate><creator>Demchenko, Y.</creator><creator>Wan, A.</creator><creator>Cristea, M.</creator><creator>de Laat, C.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200809</creationdate><title>Authorisation infrastructure for on-demand network resource provisioning</title><author>Demchenko, Y. ; Wan, A. ; Cristea, M. ; de Laat, C.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-fc9ceba27924030dbc6d248ba32e8c8659a506b07ec2e9feaa5800ebb3a857a03</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2008</creationdate><topic>AAA Authorisation Framework</topic><topic>Access control</topic><topic>Authorisation session</topic><topic>Authorization</topic><topic>Complex Resource Provisioning</topic><topic>Context modeling</topic><topic>Logic gates</topic><topic>Middleware</topic><topic>Multidomain Network Resource Provisioning</topic><topic>Resource management</topic><topic>Security</topic><topic>Token Validation Service</topic><topic>XACML</topic><toplevel>online_resources</toplevel><creatorcontrib>Demchenko, Y.</creatorcontrib><creatorcontrib>Wan, A.</creatorcontrib><creatorcontrib>Cristea, M.</creatorcontrib><creatorcontrib>de Laat, C.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Demchenko, Y.</au><au>Wan, A.</au><au>Cristea, M.</au><au>de Laat, C.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Authorisation infrastructure for on-demand network resource provisioning</atitle><btitle>2008 9th IEEE/ACM International Conference on Grid Computing</btitle><stitle>GRID</stitle><date>2008-09</date><risdate>2008</risdate><spage>95</spage><epage>103</epage><pages>95-103</pages><issn>2152-1085</issn><eissn>2152-1093</eissn><isbn>1424425786</isbn><isbn>9781424425785</isbn><eisbn>1424425794</eisbn><eisbn>9781424425792</eisbn><abstract>High performance Grid applications require high speed network infrastructure that should be capable to provide network connectivity service on-demand. This paper presents results of the development of the Authorisation (AuthZ) infrastructure for on-demand multidomain network resource provisioning (NRP). We propose a general Complex Resource Provisioning (CRP) model that can be used as a basis for AuthZ infrastructure development providing a common abstraction for provisioning both network and Grid resources. This model allows common policy expressions, using single user sign-on credentials when requesting and accessing complex Grid-Network resources. The implementation described is based on the generic AAA Authorisation Framework (GAAA-AuthZ) and suggests a number of security mechanisms and components that extends GAAA-AuthZ to achieve consistent policy enforcement and security context management: Token Validation Service (TVS), AuthZ ticket used for AuthZ session management, a special XACML profile for NRP, reference model for policy obligations handling (OHRM). The proposed infrastructure and solutions are being implemented in the framework of the EU project Phosphorus and use authors experiences gained from the major Grid based and Grid oriented projects.</abstract><pub>IEEE</pub><doi>10.1109/GRID.2008.4662787</doi><tpages>9</tpages></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISSN: 2152-1085 |
| ispartof | 2008 9th IEEE/ACM International Conference on Grid Computing, 2008, p.95-103 |
| issn | 2152-1085 2152-1093 |
| language | eng |
| recordid | cdi_ieee_primary_4662787 |
| source | IEEE Electronic Library (IEL) Conference Proceedings |
| subjects | AAA Authorisation Framework Access control Authorisation session Authorization Complex Resource Provisioning Context modeling Logic gates Middleware Multidomain Network Resource Provisioning Resource management Security Token Validation Service XACML |
| title | Authorisation infrastructure for on-demand network resource provisioning |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-08T21%3A10%3A42IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Authorisation%20infrastructure%20for%20on-demand%20network%20resource%20provisioning&rft.btitle=2008%209th%20IEEE/ACM%20International%20Conference%20on%20Grid%20Computing&rft.au=Demchenko,%20Y.&rft.date=2008-09&rft.spage=95&rft.epage=103&rft.pages=95-103&rft.issn=2152-1085&rft.eissn=2152-1093&rft.isbn=1424425786&rft.isbn_list=9781424425785&rft_id=info:doi/10.1109/GRID.2008.4662787&rft_dat=%3Cieee_6IE%3E4662787%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=1424425794&rft.eisbn_list=9781424425792&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4662787&rfr_iscdi=true |