I am attending this week the Open Source Grid and Cluster conference in Oakland, California. This event includes GlobusWorld, Sun Grid Engine workshop, and Rocks workshop, as well as tracks on other open source grid and cluster software.
As an organizing committee member, it is always a little nervewracking ahead of a meeting, wondering how it will work. We're now in the third day and I am please to say that the meeting is going very well. The sessions are well attended and there is lots and lots of discussion and questions, both during and between talks. (At this very moment, I am in a session that is running 15 minutes over as attendees miss the break for a demonstration of Taverna and Globus.) In addition, the Marriott in Oakland turns out to be a beautiful location.
The GridShib Project announced last week the release of GridShib for Globus Toolkit v0.6.0. This is an exciting development, as GridShib software allows for powerful new authorization architectures in which access control decisions are made based on attributes obtained from many different sources. From their announcement:
This release culminates a 20-month effort to bring SAML-based attribute push to X.509-based Grids.
GridShib for Globus Toolkit (GT) is an implementation of a Grid Service Provider, an entity much like a SAML Service Provider but for Grids. A Grid Service Provider consumes X.509-bound SAML tokens, a new type of security token that enables attributed-based authorization in X.509-based Grids.
Most everything you need to know about GridShib for GT is on this web page:
On this readme page, you will find more detailed information about the GridShib for GT software as well as links to downloads and documentation.
A major advance in this version of GridShib for GT is support for the TeraGrid Science Gateway use case where an intermediary makes a grid request on behalf of a browser user. The Gateway binds a SAML token to an X.509 proxy certificate and makes a request to a gridshib-enabled web service. On the service side, GridShib for GT consumes the SAML token and makes an access control decision based on the security information in the token.
As a SAML-consuming software component, GridShib for GT complements the previously released GridShib SAML Tools and GridShib Certification Authority (CA), which are SAML-producing software components. These three components together enable attribute-based authorization in X.509-based Grids. See the Quick Start for step-by-step instructions that show how to use GridShib for GT v0.6, GridShib SAML Tools v0.3, and GridShib CA v0.5.1 together on Windows and UNIX systems: