- Digipede Wins Microsoft’s Innovation Partner of the Year Award
- Recent Grid News
- The Grid and the Web - Open Standards and Open Source
- Ground Swell for Grid - Where it May Come From
- Open Source Pioneer Shifts Focus
- Grid-Compliant Open Source Portals
- GridwiseTech Report On Open Source Portals
- Grid and Utility Computing Webinar
- Six New Globus Incubator Projects
- Supercharging Your Cluster With Univa Globus
March 16, 2006 | Comments: (0)
Georgetown U. Tackles Grid Security with Shibboleth
Five years ago, Georgetown University -- home to numerous leading medical research facilities, such as the Lombardi Comprehensive Cancer Center -- did not have a core computational facility, let alone a Grid in place.
But in a short while, their Advanced Research Computing (ARC) team has not only created a shared computing infrastructure for Georgetown researchers -- but is also one of the leading contributors to the National Cancer Institute's caBIG collaborative research Grid project.
Because Georgetown's Grid so quickly grew from scratch, the administrative pains of scaling the security were pretty immediate.
"Every time we'd stand up a cluster, it would have its own user base," said Arnie Miles, Systems Architect. "We were using local accounts, and creating tiny administrative domains. And we quickly realized that while (Condor) has functionality to span across these Beowulf clusters -- it was all IP or host database security, and it was too labor intensive. And after administrative configurations were complete, it didn't meet our security requirements."
Georgetown tackled the security scale issue by hiring an identity management expert to work with the ARC team. Chad La Joie had previously spent years developing and managing an identity management infrastructure at Virginia Tech. With the ARC team, he saw an opportunity to apply Shibboleth in the healthcare arena.
Shibboleth has a trust fabric mechanism based on the SAML 2.0 metadata file.
It's a public key infrastructure (PKI) that allows for simpler trust negotiation with a service provider. As it goes to connect to the identity provider, certificates get passed and verified. The response that gets sent back is an XML document which is digitally signed, again using the public and private key pairs obtained in the certification process, to sign and verify the data. This metadata describes each service provider, each identity provider, and all of their PKI information. It is really a simple and elegant method to configure the necessary trust.
"We saw Shibboleth's potential for importing and making available to the Grid the identities, attributes, and credentials of the researchers participating in the Grid at Georgetown," said La Joie. "Shibboleth is a way to make it easier for them to participate -- not having to know about all of the certificates or deal with all of those issues."
Posted by Greg Nawrocki on March 16, 2006 06:17 AM
RATE THIS ARTICLE:
-
- COMMENTS
TOP STORIES
ADDITIONAL RESOURCES
- Remote Access: Maintain Security and Decrease the Burden on IT
- Beyond AntiVirus: Symantec Endpoint Protection
- What Every Enterprise Needs to Know About VDI
- Solution for Open Virtualization Provides Server Consolidation
- Help Simplify Virtualization
- A Guide to Rich Internet Application (RIA) Security
