Special Features:
NCSA TO LEAD GridShib PROJECT
The National Center for Supercomputing Applications (NCSA) will lead a project
to integrate two key software products developed via the National Science
Foundation's National Middleware Initiative. NCSA and collaborators at Argonne
National Laboratory and the University of Chicago will receive $1 million to
combine the strengths of Shibboleth, developed by the Internet2 cooperative,
with the Globus Toolkit, developed by the Globus Alliance. The project is
known as GridShib.
Communities of scientists seeking to collaborate across vast distances are
turning to technology developers to build, deploy and support advanced
cyberenvironments that connect people, data, instruments and high-performance
computing resources. Secure authentication and authorization are growing
challenges for these distributed, multi-institutional collaborative
laboratories.
There is a need for robust infrastructure that will allow for secure
verification of a user's attributes, such as the individual's identity,
affiliation, and role in a collaboration. The GridShib project believes that
the necessary building blocks are present in the Globus Toolkit's Grid
Security Infrastructure, which already provides robust, secure authentication,
and the Shibboleth attribute service, which allows for controlled access to
attribute information.
For example, a group of earthquake researchers at various universities and
research centers might be interested in sharing data and instruments and
devising joint, distributed experiments. The Globus Toolkit and other Grid
services software can make such collaborations possible, but with a
significant missing piece: they lack a way to manage large communities of
users with different levels of access. That's where Shibboleth's strengths
come in.
Shibboleth authenticates users, using local authentication mechanisms that
users are already accustomed to, and sends secured messages regarding the
user's attributes. Typically these messages are sent to a Web server, and the
attributes are used to determine which areas of a website a person can access.
The GridShib team aims to enable Grid services software, such as the Globus
Toolkit, to understand and act on the Shibboleth messages, determining which
information a user can access, which instruments he can use, etc.
"The Globus Toolkit and Shibboleth are two of the most significant projects to
emerge from NMI, but until now they've largely been developed in isolation
from one another," explained Von Welch, NCSA senior security engineer. "By
leveraging the strengths of each project, we believe we can deliver a
framework that can provide the needed capabilities for a robust attribute
infrastructure."
|
