HEAL DSpace

A Kerberos security architecture for web services based instrumentation grids

DSpace/Manakin Repository

Show simple item record

dc.contributor.author Moralis, A en
dc.contributor.author Pouli, V en
dc.contributor.author Papavassiliou, S en
dc.contributor.author Maglaris, V en
dc.date.accessioned 2014-03-01T01:29:33Z
dc.date.available 2014-03-01T01:29:33Z
dc.date.issued 2009 en
dc.identifier.issn 0167-739X en
dc.identifier.uri http://hdl.handle.net/123456789/19308
dc.subject AAI en
dc.subject Instrumentation Grid en
dc.subject Kerberos en
dc.subject Web Services Security (WSS) en
dc.subject.classification Computer Science, Theory & Methods en
dc.subject.other AAI en
dc.subject.other Authorization infrastructures en
dc.subject.other Comparative measurements en
dc.subject.other Exchange mechanisms en
dc.subject.other Grid security infrastructures en
dc.subject.other Heterogeneous resources en
dc.subject.other Instrumentation Grid en
dc.subject.other Kerberos en
dc.subject.other Message exchanges en
dc.subject.other Performance improvements en
dc.subject.other Proxy certificates en
dc.subject.other Security architectures en
dc.subject.other Web Services Security (WSS) en
dc.subject.other Ws securities en
dc.subject.other X.509 certificates en
dc.subject.other Instruments en
dc.subject.other Service oriented architecture (SOA) en
dc.subject.other Web services en
dc.subject.other Authentication en
dc.title A Kerberos security architecture for web services based instrumentation grids en
heal.type journalArticle en
heal.identifier.primary 10.1016/j.future.2008.11.004 en
heal.identifier.secondary http://dx.doi.org/10.1016/j.future.2008.11.004 en
heal.language English en
heal.publicationDate 2009 en
heal.abstract Instrumentation Grids aim at controlling and managing heterogeneous resources & instruments securely, reliably and in near real-time. Within this context, we present a Web Services based Security Architecture that aims at improving security performance maintaining at the same time interoperability with legacy Grid Security Infrastructure (GSI). Our architecture utilizes GSI X.509 Certificates or Proxy Certificates (RFC3820) for the initial authentication of a user. However, it subsequently maps this identity to a Kerberos one and utilizes WS Security Kerberos Token Profile for embedding user credentials within WS exchange mechanisms. It then provides user authorization, thus realizing a complete AAI (Authentication & Authorization Infrastructure). In order to demonstrate and quantify the performance improvement achieved by our approach over a message exchange using X.509 Certificate Token Profile, we present comparative measurements on implementations of the two options. Our results demonstrate that the Kerberos message exchange schema exhibits up to 50% message throughput improvement, under high CPU load on the server. © 2008 Elsevier B.V. All rights reserved. en
heal.publisher ELSEVIER SCIENCE BV en
heal.journalName Future Generation Computer Systems en
dc.identifier.doi 10.1016/j.future.2008.11.004 en
dc.identifier.isi ISI:000267400900013 en
dc.identifier.volume 25 en
dc.identifier.issue 7 en
dc.identifier.spage 804 en
dc.identifier.epage 818 en


Files in this item

Files Size Format View

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record