dc.contributor.author |
Moralis, A |
en |
dc.contributor.author |
Pouli, V |
en |
dc.contributor.author |
Papavassiliou, S |
en |
dc.contributor.author |
Maglaris, V |
en |
dc.date.accessioned |
2014-03-01T01:29:33Z |
|
dc.date.available |
2014-03-01T01:29:33Z |
|
dc.date.issued |
2009 |
en |
dc.identifier.issn |
0167-739X |
en |
dc.identifier.uri |
https://dspace.lib.ntua.gr/xmlui/handle/123456789/19308 |
|
dc.subject |
AAI |
en |
dc.subject |
Instrumentation Grid |
en |
dc.subject |
Kerberos |
en |
dc.subject |
Web Services Security (WSS) |
en |
dc.subject.classification |
Computer Science, Theory & Methods |
en |
dc.subject.other |
AAI |
en |
dc.subject.other |
Authorization infrastructures |
en |
dc.subject.other |
Comparative measurements |
en |
dc.subject.other |
Exchange mechanisms |
en |
dc.subject.other |
Grid security infrastructures |
en |
dc.subject.other |
Heterogeneous resources |
en |
dc.subject.other |
Instrumentation Grid |
en |
dc.subject.other |
Kerberos |
en |
dc.subject.other |
Message exchanges |
en |
dc.subject.other |
Performance improvements |
en |
dc.subject.other |
Proxy certificates |
en |
dc.subject.other |
Security architectures |
en |
dc.subject.other |
Web Services Security (WSS) |
en |
dc.subject.other |
Ws securities |
en |
dc.subject.other |
X.509 certificates |
en |
dc.subject.other |
Instruments |
en |
dc.subject.other |
Service oriented architecture (SOA) |
en |
dc.subject.other |
Web services |
en |
dc.subject.other |
Authentication |
en |
dc.title |
A Kerberos security architecture for web services based instrumentation grids |
en |
heal.type |
journalArticle |
en |
heal.identifier.primary |
10.1016/j.future.2008.11.004 |
en |
heal.identifier.secondary |
http://dx.doi.org/10.1016/j.future.2008.11.004 |
en |
heal.language |
English |
en |
heal.publicationDate |
2009 |
en |
heal.abstract |
Instrumentation Grids aim at controlling and managing heterogeneous resources & instruments securely, reliably and in near real-time. Within this context, we present a Web Services based Security Architecture that aims at improving security performance maintaining at the same time interoperability with legacy Grid Security Infrastructure (GSI). Our architecture utilizes GSI X.509 Certificates or Proxy Certificates (RFC3820) for the initial authentication of a user. However, it subsequently maps this identity to a Kerberos one and utilizes WS Security Kerberos Token Profile for embedding user credentials within WS exchange mechanisms. It then provides user authorization, thus realizing a complete AAI (Authentication & Authorization Infrastructure). In order to demonstrate and quantify the performance improvement achieved by our approach over a message exchange using X.509 Certificate Token Profile, we present comparative measurements on implementations of the two options. Our results demonstrate that the Kerberos message exchange schema exhibits up to 50% message throughput improvement, under high CPU load on the server. © 2008 Elsevier B.V. All rights reserved. |
en |
heal.publisher |
ELSEVIER SCIENCE BV |
en |
heal.journalName |
Future Generation Computer Systems |
en |
dc.identifier.doi |
10.1016/j.future.2008.11.004 |
en |
dc.identifier.isi |
ISI:000267400900013 |
en |
dc.identifier.volume |
25 |
en |
dc.identifier.issue |
7 |
en |
dc.identifier.spage |
804 |
en |
dc.identifier.epage |
818 |
en |