The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

SAML-Based Attributes for Globus Grids

The GridShib Project has announced the release of GridShib for Globus Toolkit v0.6.0. This is an exciting development, as GridShib software allows for powerful new authorization architectures in which access control decisions are made based on attributes obtained from many different sources.

This release culminates a 20-month effort to bring SAML-based attribute push to X.509-based Grids. GridShib for Globus Toolkit (GT) is an implementation of a Grid Service Provider, an entity much like a SAML Service Provider but for Grids. A Grid Service Provider consumes X.509-bound SAML tokens, a new type of security token that enables attributed-based authorization in X.509-based Grids. A major advance in this version of GridShib for GT is support for the TeraGrid Science Gateway use case where an intermediary makes a grid request on behalf of a browser user. The Gateway binds a SAML token to an X.509 proxy certificate and makes a request to a gridshib-enabled web service.

On the service side, GridShib for GT consumes the SAML token and makes an access control decision based on the security information in the token. As a SAML-consuming software component, GridShib for GT complements the previously released GridShib SAML Tools and GridShib Certification Authority (CA), which are SAML-producing software components. These three components together enable attribute-based authorization in X.509-based Grids. The Quick Start document provides step-by-step instructions that show how to use GridShib for GT v0.6, GridShib SAML Tools v0.3, and GridShib CA v0.5.1 together on Windows and UNIX systems.

Read the complete article by Ian Foster.


See also the GridShib Project: Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I