ABSTRACT
This chapter describes the authentication and authorization security mechanisms that protect grid-enabled resources. These are implemented in the grid middleware software package, the Globus Toolkit (GT). Unfortunately these mechanisms are mostly grid specific, which means that most GT users need different credentials for accessing grid-enabled resources than for accessing Web-based and organizational resources. This is not optimum from either a usability or administrative perspective. Two new technologies, Shibboleth and PERMIS, will allow harmonization of user accesses to organizational, Web-based and grid-enabled resources. Shibboleth is a protocol suite that is providing users with single sign-on access to distributed federated resources, using their normal organizational credentials. PERMIS is a policy-based authorization infrastructure that says if a user is granted or denied access to any type of resource, based on the user’s credentials and the authorization policy for the resource. Several recent research projects are enabling these three technologies to be combined together so that users can use the same set of credentials to access grid, organizational, and Web-based resources. Furthermore, administrators are empowered to write the same authorization policies for protecting their resources, regardless of whether they are being accessed locally or via the Web or the grid.
