Browse > Article
http://dx.doi.org/10.7472/jksii.2012.13.6.55

OAuth based Proxy Delegation Service  

Heo, Daeyoung (Department of Computer Science, Kookmin University)
Hwang, Suntae (Department of Computer Science, Kookmin University)
Publication Information
Journal of Internet Computing and Services / v.13, no.6, 2012 , pp. 55-62 More about this Journal
Abstract
Grid web applications by standard Web technology are increasingly used to provide grid service to users as normal Web user interface and service. It is however difficult to integrate a grid security system such as Grid Security Infrastructure (GSI) into Web applications because the delegation way of standard Web security is not the same as the one of Grid security. This can be solved by allowing Web applications to get a Grid credential by using an online credential repository system such as MyProxy. In this paper, we investigate the problem that occurs when MyProxy, which assumes mutual trust between a user and Grid web application, is adapted for achieving security integration between Web and Grid, and we propose a new Grid proxy delegation service to delegate a Grid credential to the Web without assuming mutual trust. In the service, the X.509 proxy delegation process is added to OAuth protocol for credential exchange, and authentication can be done by an external service such as OpenID. So, users can login onto the Grid web application in a single sign-on manner, and are allowed to securely delegate and retrieve multiple credentials for one or more Virtual Organizations.
Keywords
X.509 Proxy Delegation; Grid Security; OAuth;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 I. Foster, C. Kesselman and S. Tuecke, "The anatomy of the grid" in International Journal of High Performance Computing Applications, Mar. 2001.
2 V. Welch, I. Foster, C. Kesselman, O. Mulmo, L. Pearlman, S. Tuecke, J. Gawor, S. Meder and F. Siebenlist, "X.509 Proxy Certificates for Dynamic Delegation", In 3rd Annual PKI R&D Workshop, 2004.
3 J. Novotny, S. Tuecke and V. Welch, "An Online Credential Repository for the Grid: MyProxy" in Proc. of the Tenth International Symposium on High Performance Distributed Computing (HPDC- 10), IEEE Press, Aug. 2001.
4 J. Basney, M. Humphrey and V. Welch, "The MyProxy online credential repository" in Software Practice and Experience, vol.35, pp. 801-816, 2005,   DOI
5 CollabNet: OpenSSO. Online available at https://opensso.dev.java.net/.
6 OpenID Authenticatioin 2.0, OpenID Foundation, 2007; http://openid.net/specopenid-authentication-2_0.html
7 E. Hammer-Lahav, "RFC5849; The OAuth 1.0 Protocol". IETF, Apr. 2010
8 허대영, 황선태, 정갑주 "X.509 대리 인증서 위임을 위해 확장된 OAuth 프로토콜", 정보과학회논문지, 시스템 및 이론, 제 38권, 제 5호, pp.257-262, 2011.10
9 D. D. Veccio, M. Humphrey, J. Basney and N. Nagaratnam, "CredEx: user-centric credential management for grid and Web services" in Proc. Of the IEEE International Conf. on Web Services p.149-156, Jul. 2005
10 A. Nadalin, et al., Eds. Web Services Security 1.0 (WS-Security). OASIS Standard 200401, March 2004; http://docs.oasis-open.org/wss/2004/01/oasis- 200401-wss-soap-message-security-1.0.pdf
11 A. Nadalin, M. Goodner, M. Gudgin, A. Barbir, and H. Granqvist. WS-Trust 1.3; http://docs-oasis-open.org/wssx/ws-trust/v1.3/ws-trust.pdf, 2007. OASIS Standard
12 J. H. Abawajy, "An online credential management service for InterGrid computing" in IEEE Asia-Pacific Services Computting