Describes the ESNet On-Demand Secure Circuits and Advance Reservation System (OSCARS) system for dynamically provisioning quality of service enabled virtual circuits.
Describes the use of a credential manager and MyProxy to handle X.509 certificates for the FusionGrid and the ROAM central authorization service to provide access control for all the FusionGrid resources.
A Global Grid Forum Experimental document that describes how attributes are used in OGSI..
Describes a security model that facilitates control of resources by autonomous peers who act on behalf of collaborating users.
Describes recent improvements to grid security that have streamlined the usage and adminstration of FusionGrid resources.
A survey of security issues in Grid computing
This paper defines an extension to X.509 certificates to specify restricted rights in delegated X.509 certificates
Presents the accomplishments and future plans of the National Fusion Collaboratory Project which unites fusion and computer science researchers to develop and deploy a national Fusion Energy Sciences Grid (FusionGrid) that is a system for secure sharing of computation, visualization, and data resources over the Internet.
An expanded version of the NIST workshop paper that includes performance measurements of the Akenti code.
Describes the National Fusion Collaboratory's successful demonstration of remote access as a grid service to the TRANSP transport analysis code for tokamak exeriments.
An introduction to a model for building incremental trust based on supporting a variety of credentials and levels logins.
A presentation of the integration of the Globus Job Manager integration with the Akenti Authorization server done as part of the National Fusion Collaboratory.
A summary of the security requirements of a grid computing environments and the tools that an be used to meet these requirements, including basic cryptograhic techniques, authentication systems and authorization standards and systems.
This paper examines the basis for the trust a relying party places in an X.509 identity certificate signed by a CA. It is intended to be an informational document and is the result of extensive discussion on the security WG mailing list about the current and best PKI authentication practice.
A summary of the security requirements for collaborative environments, the available solutions and our view of the current shortcomings of these tools.
This paper explores the issues of doing authorization in an environment where X.509 certificates are used to identity users.It describes the Akenti cerficate-based authorization in which auhorization policy is stored in digitally signed certificates, and all the particpating entites are authenticated by X.509 certificates.
This paper was a proposed extension to X.509 certificates to specify restricted rights in delegated X.509 certificates
A comprehensive set of Grid usage scenarios are presented and analysed with regard to secuirty requirements such as authentication, authorization, integrity and confidentiality. The main value of these scenarios and the associated security discussions are to provide a library of situations against which an application designer can match, thereby facilitating security-aware application use and development.
This paper describes a secure group layer (SGL) which bundles a reliable group communication system, a group authorization and access control mechanism, and a group key agreement protocol to provide a comprehensive and practical secure group communication platform.
This is a description of the goals and plans for a National Fusion Collaboratory, the infrastructure enabling virtual organizations provided by the Globus Toolkit, and the Akenti project's authorization and use policies which will be used to fulfill resource management goals of the collaboratory.
We describe an agent-based system that we have developed to automate the execution of monitoring sensors and the collection of event data in large distributed systems such a Computational Grids.
This paper explores some of the history and future directions of modern scientific data intensive computing, and describes some specific application examples.
A 12-page paper on the design and implemention of Akenti, a policy-base authorization system, including performance measurements of the system.
This paper describes real-time Generation and cataloguing of large data-objects in widely distributed environments, i.e., a distributed, wide area network based approach to collecting, cataloguing, storing, and providing Web access for large-data-objects that originate as high-speed data streams
A six-page paper on the goals and design of the Akenti Distributed Access Control system
We describe a distributed, wide area network based approach to collecting, cataloguing, storing, and providing Web access for large-data-objects that originate as high-speed data streams.
Describes the LBNL Image Library which was designed and implemented to provide a system to help researchers organize, browse and search through digital image collections, especially collections where the original images are stored off-line in a mass storage system.
| Page last modified: 07/17/06 Contact: Mary Thompson Credits:The research and development of the Distributed Systems Department is funded by the U.S. Dept. of Energy, Office of Science, Office of Advanced Scientific Computing Research, Mathematical, Information, and Computational Sciences Division. |