A Credential Store for Multi-tenant Science Gateways

Kanewala, Thejaka Amilia; Marru, Suresh; Basney, Jim; Pierce, Marlon

A Credential Store for Multi-tenant Science Gateways

Files

ccgrid_2014_credential_store.pdf (527.14 KB)

If you need an accessible version of this item, please email your request to iusw@iu.edu so that they may create one and provide it to you.

Date

2014-03-18

Authors

Kanewala, Thejaka Amilia

Marru, Suresh

Basney, Jim

Pierce, Marlon

Permanent Link

https://hdl.handle.net/2022/17379

Abstract

Science Gateways bridge multiple computational grids and clouds, acting as overlay cyberinfrastructure. Gateways have three logical tiers: a user interfacing tier, a resource tier and a bridging middleware tier. Different groups may operate these tiers. This introduces three security challenges. First, the gateway middleware must manage multiple types of credentials associated with different resource providers. Second, the separation of the user interface and middleware layers means that security credentials must be securely delegated from the user interface to the middleware. Third, the same middleware may serve multiple gateways, so the middleware must correctly isolate user credentials associated with different gateways. We examine each of these three scenarios, concentrating on the requirements and implementation of the middleware layer. We propose and investigate the use of a Credential Store to solve the three security challenges.

Keywords

science gateways, security, OA4MP, Apache Airvata, credential store

Rights

This document is released under the Creative Commons Attribution 3.0 Unported license (http://creativecommons.org/licenses/by/3.0/).
http://creativecommons.org/licenses/by/3.0/

Type

Conference paper

Collections

Peer-reviewed Publications

Full item page