Interoperability and Integration of VO-Management Technologies in D-Grid


For Grids today a number of technologies for authorisation are in place, the most prominent being variants of role-based and attribute-based techniques. However, the degree of support for these techniques varies between the different middleware and there is little or no interoperability between the approaches. D-Grid features three middleware systems: gLite, Globus Toolkit 4 (GT4), and UNICORE 5. While to one end current versions of UNICORE and GT4 do not have any notion of VOs on the other end gLite is the ecosystem of the role-based VOMS, the Virtual Organisation Membership Service. During the last years a number of international projects emerged aiming to provide attribute-based authorisation based on Shibboleth for GT4, the most mature development being GridShib.

Surveys carried out in the VO-Management project and the AAI project indicated, that the different Communities in D-Grid have different preferences with respect to VO-Management, e.g. the High Energy Physics Community prefers VOMS, a central VO-Management, while other Communities like the Climate Research Community are in favour of Shibboleth approaches. Finally, UNICORE based Communities make use of UNICORE internal authorisation mechanisms only. Using different systems for the management of VOs D-Grid bears the risk compromising the goal of a common and general Grid infrastructure.

The VOMS project focuses on integrating the major VO-Management technologies for the D-Grid middleware. This includes the integration of Shibboleth into the D-Grid infrastructure and the extension of the VO-Management. Inter alia IVOM will:

  • implement a comprehensive VO-Management including the integration of GT4, gLite and UNICORE, allowing a uniform management of users and rights for authentication and authorisation independent from the Grid middleware used,
  • provide mechanisms through the introduction of Shibboleth allowing Communities with a large number of users to access Grid services without a massive rollout of user certificates,
  • enhance UNICORE to both using VOMS role-based authorisation and Shibboleth authentication mechanisms and attribute-based authorisation.

The project partners are:

  • Alfred-Wegner-Institut (AWI)
  • DAASI International GmbH
  • Fraunhofer Institute SCAI
  • Leibniz Rechenzentrum (LRZ)
  • Regionales Rechenzentrum for Niedersachsen (RRZN)
  • Forschungszentrum L3S

Associated Partners are:

  • DFN-Verein
  • Forschungszentrum Jülich
  • SUN Microsystems GmbH
  • University of Göttingen