Information Technology Reference
In-Depth Information
creating portlets [11], while WSRP is a standard for Web portals to access
and display portlets on a remote server [1]. JSR-168 and WSRP work at dif-
ferent levels. JSR-168 specii es the interfaces for local portlets, while WSRP
specii es the interfaces for accessing portlets across portal frameworks.
Using standard portlets can ensure they can plug-and-play in any standard-
compliant portlet containers (e.g., WebSphere Portal, GridSphere).
11.2.2
Single Sign-On in Grid Portals
SSO is one of the important requirements for grid portals. Grid portals
aim to provide an integrated access to geographically distributed, cross-
organization computing resource and services, each of which has its own
user name and password. It is not a user-friendly approach for a user to
enter several different passwords to gain the access to distributed
resources; also, users are not good at remembering many passwords.
SSO provides an access control mechanism that enables a user to be
authenticated once and gain access to the resources of multiple applica-
tions. By using SSO, a user needs just a single user name and password
to be authenticated by the portal, which can then access the different
applications and services on behalf of the user without entering user-
name and password again. This section introduces two important topics
relating to SSO in grid portals: (1) Globus grid security infrastructure and
(2) credential management
.
11.2.2.1
Globus Grid Security Infrastructure
Cryptographic techniques are heavily used in grid environments to meet
the strong security requirements, which are crucial for enforcing resources
sharing policies in a virtual organization (VO); for example, granting
access to VO members only [13]. Grids require all communication between
a user (or an entity acting on behalf of a user) and resources in the grid to
be authenticated and authorized. Grid users should authenticate them-
selves once and from that point on, all further security interactions are
carried out transparently by the grid.
The Grid Security Infrastructure (GSI) [1], developed by the Globus
Alliance [16], provides security mechanisms that are commonly used in
grid environments. The GSI uses public key cryptography (also known as
asymmetric cryptography) as the basis for its functionality, where the cer-
tii cate is a central concept in GSI authentication [1]. Every user and ser-
vice in the grid are identii ed via a certii cate, which contains information
vital to identify and authenticate the user or service. A GSI certii cate
includes four primary pieces of information: (1) a subject name, which
identii es the person or object that the certii cate represents; (2) the public
key belonging to the subject; (3) the identity of a Certii cate Authority (CA)
that signed the certii cate to certify that the public key and the identity
Search WWH ::
Custom Search