Speakers
Andrea Ceccanti
(INFN)
Valery Tschopp
(Switch)
Description
Authorization across the EMI middleware stacks (gLite, ARC and UNICORE) is currently not homogeneous, and components often have their own mechanisms of handling it. To address this inconsistency and to unify the authorization process, the Argus Authorization Service was chosen as the EMI solution.
The Argus Authorization Service renders consistent authorization decisions for distributed services (e.g., user interfaces, portals, computing elements, storage elements). The service is based on the XACML standard, and uses authorization policies to determine if a user is allowed or denied to perform a certain action on a particular service.
Authoring XACML policies in XACML itself is not straightforward: XML per se is perceived by many users as difficult to read, and editing can be prone to error. Argus solution to this issue is the Simplified Policy Language (SPL), which facilitates the authoring of policies. Site administrators can write policies in the SPL and import them in the PAP. Policies are then transparently converted in XACML and stored in the local repository.
This presentation introduces the Argus SPL in detail and the tools that are used daily by administrators to manage authorization policies. Examples of commonly used policies and typical service operation are discussed. A demo showing the integration of Argus with the CREAM CE and gLexec WN will also be given.
Required Facilities
Projector, Audio
Duration (90min sessions) | 45min |
---|
Primary authors
Andrea Ceccanti
(INFN)
Valery Tschopp
(Switch)