Networks for Grid Applications. Third International ICST Conference, GridNets 2009, Athens, Greece, September 8-9, 2009, Revised Selected Papers

Research Article

Authorisation Infrastructure for On-Demand Grid and Network Resource Provisioning

Download419 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-11733-6_2,
        author={Yuri Demchenko and Mihai Cristea and Cees Laat and Evangelos Haleplidis},
        title={Authorisation Infrastructure for On-Demand Grid and Network Resource Provisioning},
        proceedings={Networks for Grid Applications. Third International ICST Conference, GridNets 2009, Athens, Greece, September 8-9, 2009, Revised Selected Papers},
        proceedings_a={GRIDNETS},
        year={2012},
        month={6},
        keywords={Complex Resource Provisioning (CRP) Multidomain Network Resource Provisioning AAA Authorisation Framework Authorisation session Token Based Networking (TBN) ForCES},
        doi={10.1007/978-3-642-11733-6_2}
    }
    
  • Yuri Demchenko
    Mihai Cristea
    Cees Laat
    Evangelos Haleplidis
    Year: 2012
    Authorisation Infrastructure for On-Demand Grid and Network Resource Provisioning
    GRIDNETS
    Springer
    DOI: 10.1007/978-3-642-11733-6_2
Yuri Demchenko1,*, Mihai Cristea1,*, Cees Laat1,*, Evangelos Haleplidis2,*
  • 1: University of Amsterdam
  • 2: University of Patras
*Contact email: demch@science.uva.nl, cristea@science.uva.nl, delaat@science.uva.nl, ehalep@gmail.com

Abstract

The paper presents the Authorisation (AuthZ) infrastructure for combined multidomain on-demand Grid and network resource provisioning which we refer to as the Complex Resource Provisioning (CRP). The proposed CRP model provides a common abstraction of the resource provisioning process and is used as a basis for defining the major AuthZ mechanisms and components that extend the generic AAA AuthZ framework to support CRP (GAAA-CRP), in particular using XML-based AuthZ tickets and tokens to support access control and signalling during different CRP stages. The proposed GAAA-CRP framework is implemented as the GAAA Toolkit pluggable library and allows integration with the Grid and network service and control plane middleware. The proposed authorisation infrastructure allows using in-band binary tokens to extend network access control granularity to data plane and support binding applications to dataflows. The paper discusses the use of the ForCES network management model to achieve interoperability with the network control plane and define the GAAA-NRP interfaces to network control plane. This research was conducted as a part of the EU Phosphorus project.