A service-oriented architecture for authentication and authorization.

摘要

Many applications require access to large quantities of data and computational resources that are often distributed over a wide-area network. Grid computing infrastructures provide a platform to run these applications, but their heterogeneous nature makes security a vital component of grid systems. The standard technology for grid security is the Grid Security Infrastructure (GSI). Although GSI is well-known in academic and government settings, GSI-based security systems are usually difficult to deploy and use. The Grid Account Management Architecture (GAMA [18]) was developed to make Grid security easy for system administrators and users by extensive use of web-services technology. Nevertheless, GAMA has a few limitations that make it unattractive to many communities. For example, it does not offer a usable resource authorization mechanism. Moreover, it is tightly coupled to the selected technologies.;We propose GAMA2.0, which is a service-oriented architecture that addresses both authentication and authorization concerns. Moreover, the multi-tier architecture is pluggable to cope with the rapidly evolving relevant technologies. We have implemented the GAMA 2.0 reference infrastructure using well known programming techniques such as polymorphism and the Command pattern. In addition, a comprehensive testing strategy, which includes unit-testing and scenario-testing, as well as detailed exception handling has been employed to ensure correctness and robustness of the infrastructure. Although performance was not the driving factor, we have managed to increase GAMA 2.0's performance by applying a few optimization techniques.