Grid Meter » Simplifying the Grid Security Experience

March 09, 2006 | Comments: (0)

Simplifying the Grid Security Experience

TAGS: None

In geology and microscopy, Grid users are showing interest in a new GSI credential management and integration project -- GAMA (Grid Account Management Architecture) that 'makes Grid security as easy to use as any commercial web site, while maintaining the security and delegation capabilities of GSI.'

According to Kurt Mueller, one of the technical leads on the project:

"Grid systems rely on a collection of back-end software packages to create and manage Grid credentials for users. Installation and maintenance of these packages can be complicated for system administrators, and oftentimes users are required to explicitly manage their own Grid credentials through command-line interfaces. Our idea was to package the required tools together, make them easy to install, and then provide a nice user interface for users to request accounts, and for administrators to manage the whole account approval process. We provide a web services interface to the entire server infrastructure, so that the Grid can be accessed by many different types of client applications, including web portals, stand-alone applications, handheld devices, etc.

Basically, GAMA unifies a number of Grid components into a single tool, making Grid security as easy to use as any commercial Web site while maintaining the security and delegation capabilities of GSI. It provides an appropriate, simplified interface to end users, and to portal and application developers."

Mueller and his colleagues are currently working on the GAMA 2 release, which seeks to continue to reduce the administrative hassles of scaling Grid security, and provide a more extensible framework.

"This technology was used by the projects we supported, but of course there may be other people who want use the software that have their own existing infrastructures; they may already have a certificate management system, they may already have users with certificates in place, and they may have additional sorts of systems that are already installed at their locations. They may have an LDAP server that they use for authentication. They may support SRB, and they may need SRB accounts for users. So GAMA 2 has removed all of the hard coding of the very specific technologies we implemented for GAMA 1 and has replaced that with a plug-in system whereby people who use and implement GAMA at their site can, without much difficulty, create a custom plug-in that will do whatever task they need. They can create a plug-in for their existing LDAP authentication infrastructure, or they can create a plug-in to interface with their SRB account system, for example.

Unlike GAMA 1, which has a singular log-in function, GAMA 2 includes the notion of sequences of tasks that are designed in a work flow manner to perform a single function. With GAMA 2, a log-in could consist of retrieving a credential from MyProxy, opening a socket connection to an SRB server, and retrieving some other information from an LDAP server all at once. So the administrator of GAMA will be able to combine smaller tasks into more complex sequences and make those available, through simple Web services interfaces, to any applications or portals or other GAMA clients. We are increasing the ability of GAMA significantly and making it easier to use and integrate with existing infrastructures."

Posted by Greg Nawrocki on March 9, 2006 08:53 AM

RATE THIS ARTICLE: