Integrated Account Management Architecture
Tsukuba-GAMA is an open source software which provides user and credential management, using the Grid Security Infrastructure (GSI) based on Public Key Infrastructure (PKI), X.509 certificate, proxy certificate, and the concept of Virtual Organization (VO).
In order to respect the publication policies of data owners, one of the key issues of e-Science is its focus on the concept of a VO, a dynamic collection of individuals, institutions, and resources. To achieve VO-based design for an account management architecture, GSI with VO-level authentication and authorization provided by VOMS (VO Membership Service), is commonly used. However, Grid-based applications and middleware suites are often too complicated for application users and developers.
As always, there is still a need for users to generate and manage certificates carefully. In order to reduce such complexity, and retuce vulnerability risks due to mistakes by inexperienced users, Tsukuba-GAMA (Grid Account Management Architecture) provides a flexible and easy interface for account management on the e-Science.
Components
Account and Credential Management Portal
It allows users to release from credential management on user's client. Tsukuba-GAMA portlet on GridSphere 3 provides CA (Certificate Authority) and credential (EE; end-entity) store using MyProxy.
It allows clients to authenticate against a MyProxy and VOMS servers. After a successful authentication, a delegation is retrieved and stored on the web server. Java/Servlet code can make use of this delegation to perform operations on the client's behalf.
GridSphere Authentication Modules
These allow clients to authenticate against a MyProxy and VOMS servers. After a successful authentication, a delegation is retrieved and stored on the web server. JSR168 portlets code can make use of this delegation to perform operations on the client's behalf.
Tsukuba-GAMA Credential Manager (v1.1 to be released)
Download
Version |
Date |
md5sum |
note |
6 Apr. 2010 |
08039b7816c1b17f4012d31c90f2facb |
first release |
|
1.0RC2 |
3 Apr. 2010 |
306de13c6593a24045eb4f0933b931b8 |
bug fix |
1.0RC1 |
31 Mar. 2010 |
795b9a9ea238289419a2a9764d883256 |
support GridSphere 2 |
beta02 |
26 Nov. 2009 |
064010db5d8787ab54c825f2c46b4b7a |
update MyProxy VOMS integration |
beta01 |
23 Nov. 2009 |
01d4c13dbc8456a2a12dff883da8b290 |
Account management, GridSphere3 authmodule, Servlet authentication filter |
alpha01 |
4 June 2009 |
090c464da7beae6f008e3fff4b918668 |
Prototype code |
Publications
Naotaka YAMAMOTO, Isao KOJIMA, Yoshio TANAKA, Satoshi SEKIGUCHI, VO-enabled Service Harmonization in the GEO Grid, escience, pp.174-181, 2008 Fourth IEEE International Conference on eScience, 2008, link
S. Sekiguchi et al., Design Principles and IT Overview of the GEO Grid, IEEE Systems Journal,Vol. 2, No. 3,pp.374-389,2008.9
Related Links
Softwares
- GAMA (Grid Account Management Architecture)
VOMS (Virtual Organization Membership Service)
- PRIMA/GUMS