Information Technology Reference
In-Depth Information
Fig. 11.1 The security infrastructure of the MoSGrid science gateway applying SAML assertions
and using additionally basic
file transfer (BFT) and transport layer security (TLS) within the
UNICORE context
11.2.1 User Roles and Extended Authentication
Users of the molecular simulation community are in general not IT specialists, and
can be distinguished as novice users and expert users regarding their knowledge
about the computational methods and the underlying infrastructure. Within the
context of science gateways we identi
ed four further roles: guests, workflow
developers, science gateway developers, and administrators. Guests can only access
public information in the science gateway; novice users, expert users, and workflow
developers are registered users with a different knowledge about the application
domain; science gateway developers add features to the science gateway and
administrators manage the science gateway. Liferay offers
fine-grained role-based
management via communities, organizations, and groups. The MoSGrid science
gateway applies the technical roles of Liferay and, thus, offers features for the
workflow management and diverse applications suitable to the knowledge and
requirements of the users.
In the area of credential management, WS-PGRADE has been extended for the
use of SAML for trust delegation. SAML is a widely used security standard for trust
delegation, and SAML assertions are advantageous compared to proxy certi
cates
(SAML 2002). They can be limited to one entity, to a speci
c validity time span,
and to a trust chain of a maximum length. Within MoSGrid the possibility to
manage SAML assertions has been added to the certi
cate portlet of WS-PGRADE.
The creation of SAML assertions is solved in an integrated signed applet, which
forms an extensible and secure solution only relying on a web browser and Java
security. The generated SAML assertions form the basis for the enhanced job and
workflow management, and are applied in the distributed data management as well.
Search WWH ::
Custom Search