A credential store for multi-tenant science gateways

Thejaka Amila Kanewala; Suresh Marru; Jim Basney; Marlon Pierce

doi:10.1109/CCGrid.2014.95

A credential store for multi-tenant science gateways

Thejaka Amila Kanewala, Suresh Marru, Jim Basney, Marlon Pierce

National Center for Supercomputing Applications (NCSA)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Science Gateways bridge multiple computational grids and clouds, acting as overlay cyber infrastructure. Gateways have three logical tiers: a user interfacing tier, a resource tier and a bridging middleware tier. Different groups may operate these tiers. This introduces three security challenges. First, the gateway middleware must manage multiple types of credentials associated with different resource providers. Second, the separation of the user interface and middleware layers means that security credentials must be securely delegated from the user interface to the middleware. Third, the same middleware may serve multiple gateways, so the middleware must correctly isolate user credentials associated with different gateways. We examine each of these three scenarios, concentrating on the requirements and implementation of the middleware layer. We propose and investigate the use of a Credential Store to solve the three security challenges.

Original language	English (US)
Title of host publication	Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014
Publisher	IEEE Computer Society
Pages	445-454
Number of pages	10
ISBN (Print)	9781479927838
DOIs	https://doi.org/10.1109/CCGrid.2014.95
State	Published - 2014
Event	14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2014 - Chicago, IL, United States Duration: May 26 2014 → May 29 2014

Publication series

Name	Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014

Other

Other	14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2014
Country/Territory	United States
City	Chicago, IL
Period	5/26/14 → 5/29/14

Keywords

Apache Airavata
Credential Store
OA4MP
Science Gateways
Security

ASJC Scopus subject areas

Software

Online availability

10.1109/CCGrid.2014.95

Library availability

Discover UIUC Full Text

Cite this

Kanewala, T. A., Marru, S., Basney, J., & Pierce, M. (2014). A credential store for multi-tenant science gateways. In Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014 (pp. 445-454). Article 6846480 (Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014). IEEE Computer Society. https://doi.org/10.1109/CCGrid.2014.95

A credential store for multi-tenant science gateways. / Kanewala, Thejaka Amila; Marru, Suresh; Basney, Jim et al.
Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014. IEEE Computer Society, 2014. p. 445-454 6846480 (Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kanewala, TA, Marru, S, Basney, J & Pierce, M 2014, A credential store for multi-tenant science gateways. in Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014., 6846480, Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014, IEEE Computer Society, pp. 445-454, 14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2014, Chicago, IL, United States, 5/26/14. https://doi.org/10.1109/CCGrid.2014.95

Kanewala TA, Marru S, Basney J, Pierce M. A credential store for multi-tenant science gateways. In Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014. IEEE Computer Society. 2014. p. 445-454. 6846480. (Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014). doi: 10.1109/CCGrid.2014.95

@inproceedings{00c94a42176f4418a5cfeaaa4bc308fb,

title = "A credential store for multi-tenant science gateways",

abstract = "Science Gateways bridge multiple computational grids and clouds, acting as overlay cyber infrastructure. Gateways have three logical tiers: a user interfacing tier, a resource tier and a bridging middleware tier. Different groups may operate these tiers. This introduces three security challenges. First, the gateway middleware must manage multiple types of credentials associated with different resource providers. Second, the separation of the user interface and middleware layers means that security credentials must be securely delegated from the user interface to the middleware. Third, the same middleware may serve multiple gateways, so the middleware must correctly isolate user credentials associated with different gateways. We examine each of these three scenarios, concentrating on the requirements and implementation of the middleware layer. We propose and investigate the use of a Credential Store to solve the three security challenges.",

keywords = "Apache Airavata, Credential Store, OA4MP, Science Gateways, Security",

author = "Kanewala, {Thejaka Amila} and Suresh Marru and Jim Basney and Marlon Pierce",

year = "2014",

doi = "10.1109/CCGrid.2014.95",

language = "English (US)",

isbn = "9781479927838",

series = "Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014",

publisher = "IEEE Computer Society",

pages = "445--454",

booktitle = "Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014",

note = "14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2014 ; Conference date: 26-05-2014 Through 29-05-2014",

}

TY - GEN

T1 - A credential store for multi-tenant science gateways

AU - Kanewala, Thejaka Amila

AU - Marru, Suresh

AU - Basney, Jim

AU - Pierce, Marlon

PY - 2014

Y1 - 2014

N2 - Science Gateways bridge multiple computational grids and clouds, acting as overlay cyber infrastructure. Gateways have three logical tiers: a user interfacing tier, a resource tier and a bridging middleware tier. Different groups may operate these tiers. This introduces three security challenges. First, the gateway middleware must manage multiple types of credentials associated with different resource providers. Second, the separation of the user interface and middleware layers means that security credentials must be securely delegated from the user interface to the middleware. Third, the same middleware may serve multiple gateways, so the middleware must correctly isolate user credentials associated with different gateways. We examine each of these three scenarios, concentrating on the requirements and implementation of the middleware layer. We propose and investigate the use of a Credential Store to solve the three security challenges.

AB - Science Gateways bridge multiple computational grids and clouds, acting as overlay cyber infrastructure. Gateways have three logical tiers: a user interfacing tier, a resource tier and a bridging middleware tier. Different groups may operate these tiers. This introduces three security challenges. First, the gateway middleware must manage multiple types of credentials associated with different resource providers. Second, the separation of the user interface and middleware layers means that security credentials must be securely delegated from the user interface to the middleware. Third, the same middleware may serve multiple gateways, so the middleware must correctly isolate user credentials associated with different gateways. We examine each of these three scenarios, concentrating on the requirements and implementation of the middleware layer. We propose and investigate the use of a Credential Store to solve the three security challenges.

KW - Apache Airavata

KW - Credential Store

KW - OA4MP

KW - Science Gateways

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=84904574703&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84904574703&partnerID=8YFLogxK

U2 - 10.1109/CCGrid.2014.95

DO - 10.1109/CCGrid.2014.95

M3 - Conference contribution

AN - SCOPUS:84904574703

SN - 9781479927838

T3 - Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014

SP - 445

EP - 454

BT - Proceedings - 14th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2014

PB - IEEE Computer Society

T2 - 14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2014

Y2 - 26 May 2014 through 29 May 2014

ER -

A credential store for multi-tenant science gateways

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this