Transmission security is provided by WSGrid. Hence, it is not discussed here.
Authentication concerns the users??™ identity. In WSGrid, it is provided by means of security
tokens. However, in order to dynamically delegate access rights, temporary authentication
should be given. Another important issue regarding authentication is ???Single Sign-On???. It
is used especially for long-running processes across service boundaries, and in cases where
the process submitter does not necessarily have to stay online, authentication is manual. By
the use of ???Single Sign-On???, the user can directly access different resources, even if they are
located in different domains (Demchenko, 2004). Authorization addresses the user??™s privilege
of action. Basically, a resource provider is allowed to make an authorization decision
referring to the user??™s capabilities such as The Community Authorization Service (CAS) or
relevant information such as attributes of identities, in VOMS on the European Data Grid. It
can accept, deny or suspend access requests. In order to make decisions, a decision-making
function might be involved and defined, either in an executable module or in an assertion
policy such as the PERMIS system (PERMIS, n.
Pages:
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440