JISC

The Final Report for this project is now available here

Overview

Both VOMS and PERMIS provide security management infrastructures for Grids but are predominantly used by different groups of Grid users. Each has its strengths and weaknesses. VOMS is good at managing user roles. PERMIS is good at making authorisation decisions. Their combination will be a powerful solution to Grid security management. This project proposes to integrate VOMS and PERMIS in the National Grid Service and OMII-UK.

Aims and objectives

• integrate VOMS and PERMIS, more specifically the VOMS user management and attribute assignment function with the PERMIS policy based authorisation decision function;
• ensure they seamlessly inter-work with the latest Grid technologies including Globus toolkit version 4 (GT4), the Open Middleware Infrastructure Institute UK (OMII-UK) software release and Shibboleth;
• validate the results in several representative major pilot applications run by the National e-Science Centre (NeSC) at the University of Glasgow;
• evaluate the combined software from user, administrator and Grid developer perspectives;
• integrate the combined infrastructure with the National Grid Service (NGS) at CCLRC;
• distribute the integrated software as open source code as part of either Globus Toolkit, or the OMII-UK Repository, or the US-NMI, or a combination of them.

Project methodology

• NGS, OMII and NeSC will provide use cases that are to be supported Kent will analyse the existing technologies and then produce a design for the integrated infrastructure.
• NGS, OMII and NeSC will provide feedback and QA of the design. Kent will implement the design, producing the software glue for VOMS and PERMIS, and the policy management GUI to support VOMS attributes.
• NeSC will build the testbeds for piloting the integrated software in various configurations with different grid applications.
• OMII will provide help and support with the integration with their middleware and packaging of the final release.
• NGS will provide help and support with integrating the piloted software into their operational services

Anticipated outputs and outcomes

• D1.1 A document describing the background to the integration work.
• D1.2 A document of case studies to be supported
• D2.1 A VOMS-PERMIS integration design document.
• D3.1 A modified PERMIS Policy Editor and Wizard with documentation and help files
• D4.1 Beta software ready for validation and piloting.
• D4.2 Preparation of test bed, services and portals
• D5.1 A paper for an international grid conference describing the piloting of the integrated VOMS-PERMIS software with GT4 and/or OMII-UK.
• D5.2 A paper for an international grid conference describing the piloting of the integrated authorization software utilizing Shibboleth and multiple Grid middleware (GT4 and OMII-UK) including how user single sign-on across a range of e-Science resources can be supported with fine grained authorisation.
• D5.3 Document describing the overall lessons learned in supporting this infrastructure from a user, an administrator and a Grid developer perspective
• D6.1 The integrated software packaged with GT4 and OMII-UK and fully integrated into the NGS
• D6.2. User, developer and administrator documentation for the integrated VOMS-PERMIS package including support in a Shibboleth-enabled environment, with guidance to Grid Operations Support Centre on practicalities of usage
• D6.3 Final report to JISC

Technology / Standards used

• OGF GFD.66 “Use of SAML for OGSI Authorization”
• ITU-T X.509 Attribute Certificates
• RFC 3820 Proxy Certificates 

Lead Institution  

• University of Kent

Project Partners

•  The National e-Science Centre (NeSC) at the University of Glasgow
• The National Grid Service at the Science and Technology Facilities Counci
• Open Middleware Infrastructure Institute UK