Click here for full text:
Security Infrastructure for A Web Service Based Resource Management System
Yan, Yong; Goss, Michael; Kumar, Raj
HPL-2002-297
Keyword(s): symmetric key cryptography; authentication; access Control; integrity checking; Kerberos; global resource management; grid computing
Abstract: A global resource management system intents to aggregate all kinds of heterogeneous resources that are geographically distributed so that a uniform resource programming interface can be provided to applications. The emerging web service model with single SOAP-based RPC interface provides a good way to uniformly abstract underlying resources and hide the heterogeneity of resources. In a web service mode based resource management system, the security infrastructure is a paramount component. In this paper, we have designed and implemented a security infrastructure for a Web service model based global resource management system. In order to provide a secure shell around the global resource management system while keeping a simple Web access interface to the system, a Kerberos-like authentication system is built from the modification to the Kerberos model with a new set of authentication protocols while keeping the basic security mechanisms of the Kerberos. Our security infrastructure enforces Kerberos-like strong authentication and role-based access control. By encapsulating principals-to roles assignment into the service ticket, our system first seamlessly combines the Kerberos-like authentication with the role-based access control model. With the help of two security mechanisms: passport and service guard, transparent enforcement in the Web service messaging engine and the separate of security policy and security engine have been achieved so that our system can be easily extended and enhanced.
14 Pages
Back to Index
| 
printable version
