Federated Identity and Access Management and Trusted Computing-based Federated GRID Model for Federated GRID Resources

摘要

The prominent FId model allows the IDP end-users to log-in once via a service SSo to access multiple resources using SAML or XACML at the RP's. The GridShib, Shibboleth plus PERMS, Globus Toolkit, and PERMS are the examples of web-portal based GRID. The problems in the existing web portal-based GRID are that: (1) The protected resource access decisions are performed on attributes like name, email, or role, but not on the attributes of the attested machines', and (2) The RP blindly trusts the IDP machine's health. In this paper the conceptual federated GRID model is proposed by taking advantage of the TC, and FId&AM systems. The contributions in this paper are: (1) the Ima and rma protocols for the federated GRIDs, (2) the resources access decision on the basis of attested machine's platform mutual integrity attribute, and (3) the machine-platform trust formation via the machine's platform integrity mutual attestation.