Abstract
X.509 certificates and VOMS have proved to be a secure and reliable solution for authentication and authorization on the Grid, but also showed usability issues and required the development of ad-hoc services and libraries to support VO-based authorization schemes in Grid middleware and experiment computing frameworks. The need to move beyond X.509 certificates is recognized as an important objective in the HEP R&D roadmap for software and computing, to overcome the usability issues of the current AAI and embrace recent advancement in web technologies widely adopted in industry, but also to enable the secure composition of computing and storage resources provisioned across heterogeneous providers in order to meet the computing needs of HL-LHC. A flexible and usable AAI based on modern web technologies is a key enabler of such secure composition and has been a major topic of research of the recently concluded INDIGO-DataCloud project. In this contribution, we present an integrated solution, based on the INDIGO-DataCloud Identity and Access Management service that demonstrates how a next generation, token-based VO-aware AAI can be built in support of HEP computing use cases, while maintaining compatibility with the existing, VOMS-based AAI used by the Grid.
Highlights
IntroductionX.509 has often represented a barrier when integrating computing and storage resources from external partners, such as commercial providers, hybrid clouds and HPC centers, whose importance is becoming crucial to address the expected computing needs of HLLHC [7]
Virtual Organization Membership Service (VOMS) attribute certificates [4]: X.509 attribute certificates [5] embedded in proxy certificates and used to augment identity information with Virtual Organisation (VO)-issued authorization attributes that drive the authorization at services
Moving beyond X.509 certificates is recognized as a key challenge for HEP computing to improve usability, simplify the middleware stack and enable interoperability with heterogeneous computing and storage resource providers
Summary
X.509 has often represented a barrier when integrating computing and storage resources from external partners, such as commercial providers, hybrid clouds and HPC centers, whose importance is becoming crucial to address the expected computing needs of HLLHC [7]. In this contribution we describe a novel AAI, conceived in the context of the INDIGO DataCloud project [8], which is based on industry standard technologies and represents a possible solution for the aforementioned problems
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
