• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Journal of grid computing >Role-Based Access Control in a Data Grid Using the Storage Resource Broker and Shibboleth
【24h】

Role-Based Access Control in a Data Grid Using the Storage Resource Broker and Shibboleth

机译:使用存储资源代理和Shibboleth的数据网格中基于角色的访问控制

获取原文
获取原文并翻译 | 示例
       
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

In this paper, we propose a role-based access control (RBAC) system for data resources in the Storage Resource Broker (SRB). The SRB is a Data Grid management system, which can integrate heterogeneous data resources of virtual organizations (VOs). The SRB stores the access control information of individual users in the Metadata Catalog (MCAT) database. However, because of the specific MCAT schema structure, this information can only be used by the SRB applications. If VOs also have many non-SRB applications, each with its own storage format for user access control information, it creates a scalability problem with regard to administration. To solve this problem, we developed a RBAC system with Shibboleth, which is an attribute authorization service currently being used in many Grid environments. Thus, the administration overhead is reduced because the role privileges of individual users are now managed by Shibboleth, not by MCAT or applications. In addition, access control policies need to be specified and managed across multiple VOs. For the specification of access control policies, we used the Core and Hierarchical RBAC profile of the eXtensible Access Control Markup Language (XACML); and for distributed administration of those policies, we used the Object, Metadata and Artifacts Registry (OMAR). OMAR is based on the e-business eXtensible Markup Language (ebXML) registry specifications developed to achieve interoperable registries and repositories. Our RBAC system provides scalable and fine-grain access control and allows privacy protection. Performance analysis shows that our system adds only a small overhead to the existing security infrastructure of the SRB.
机译:在本文中,我们为存储资源代理(SRB)中的数据资源提出了一个基于角色的访问控制(RBAC)系统。 SRB是一个数据网格管理系统,可以集成虚拟组织(VO)的异构数据资源。 SRB将单个用户的访问控制信息存储在元数据目录(MCAT)数据库中。但是,由于特定的MCAT模式结构,此信息只能由SRB应用程序使用。如果VO也有许多非SRB应用程序,每个应用程序都有用于用户访问控制信息的自己的存储格式,则它会在管理方面造成可伸缩性问题。为了解决此问题,我们使用Shibboleth开发了RBAC系统,该系统是当前在许多Grid环境中使用的属性授权服务。因此,减少了管理开销,因为单个用户的角色特权现在由Shibboleth管理,而不是由MCAT或应用程序管理。另外,需要在多个VO之间指定和管理访问控制策略。对于访问控制策略的规范,我们使用了可扩展访问控制标记语言(XACML)的核心和分层RBAC配置文件。对于这些策略的分布式管理,我们使用了对象,元数据和工件注册表(OMAR)。 OMAR基于电子商务可扩展标记语言(ebXML)注册表规范而开发,旨在实现可互操作的注册表和存储库。我们的RBAC系统提供可扩展的细粒度访问控制,并提供隐私保护。性能分析表明,我们的系统仅在SRB的现有安全基础结构中增加了很小的开销。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号