Secure federated authentication and authorisation to GRID portal applications using SAML and XACML

Erik Vullings*, James Dalziel, Markus Buchhorn

*Corresponding author for this work

    Research output: Contribution to journalArticlepeer-review

    6 Citations (Scopus)

    Abstract

    Internationally, the need for federated Identity & Access Management continues to grow, as it allows users to get Single Sign-On access to external resources (a.k.a. Service Providers) using their home account and some attributes that are being released securely by their home organization (a.k.a. Identity Providers). In other words, it solves the problem of service providers needing to create and maintain accounts for external users who they may not know. Current implementations seem to either rely on SAML, the Security Assertion Markup Language, or PKI, where the latter is mainly popular for Grid services. However, there are some trends towards convergence, for example, the recent release of the Globus toolkit is SAML and XACML aware, and GridShib is another project that uses PKI for authentication and SAML for passing attributes for authorisation. Still, these projects do not use the full potential of SAML and XACML, so this paper focuses on a scalable approach using distributed attribute authorities to access Grid services. Copyright

    Original languageEnglish
    Pages (from-to)101-113
    Number of pages13
    JournalJournal of Research and Practice in Information Technology
    Volume39
    Issue number2
    Publication statusPublished - 2007

    Keywords

    • eResearch toolkits
    • Federated identity & access management
    • Grid
    • SAML
    • Shibboleth
    • Virtual organizations
    • Virtual Research Environment (VRE)
    • XACML

    Fingerprint

    Dive into the research topics of 'Secure federated authentication and authorisation to GRID portal applications using SAML and XACML'. Together they form a unique fingerprint.

    Cite this