|
SPAM-GP - Security Portlets simplifying Access to and Management of Grid Portals | |
|---|
The SPAM-GP (Security Portlets simplfying Access to and Management of Grid Portals) project aims to develop a family of JSR-168 compliant portlets that will support the definition and enforcement of fine-grained, user-oriented security infrastructures for Grid portals driven by, and ultimately benefiting from the Internet2 Shibboleth technology. The SPAM-GP tools allow partial integration of the Shibboleth, GridSphere and PERMIS security software for system adminstrators to manage user privileges for internal and external services, and access control to their own resources.
SPAM-GP consists of a Scoped Attribute Manager Portlet (SCAMP), an Attribute Certificate Portlet (ACP) and a Content Configuration Portlet (CCP). The SCAMP tool allows a Shibboleth Attribute Acceptance Policy to be edited to allow only a subset of a federation access to a Service Provider, and to enforce the assertion of only particular types of access attributes. Using the CCP, these external user attributes are utilised by the GridSphere framework to form a user login session, and also to tailor the user's view of the portal based on these attributes. Finally the ACP allows these attributes to be digitally signed and stored, so that PERMIS-enabled external services may utilise this information to make valid and secure access control decisions.
The SPAM-GP software is available to project collaborators from this website in the restricted area accessible here. A username and password is required for access to this area and can be requested by emailing John Watt at the address at the bottom of the page.
The SEE-GEO project provides a real-life testbed for the SPAM-GP tools. The project aims to link UK Census data with Geospatial data to enable geographical representations of Census data parameters. Prior to final software submission, the SPAM-GP tools will be utilised by this project to secure access to a GridSphere portal hosting the SEE-GEO GeoLinking Service (GLS) client, then allowing seamless access to the secure backend services (hosted at EDINA and MIMAS) required by the client.
The tools developed will eventually be deployed across all NeSC Glasgow portals, and eventually be packaged with the OMII-UK software stack.
SPAM-GP has been developed by Jipu Jiang, Tom Doherty and John Watt of NeSC Glasgow.
For more information on SPAM-GP please contact Prof Richard Sinnott (r.sinnott@nesc.gla.ac.uk) or Dr John Watt (j.watt@nesc.gla.ac.uk)
Page updated on the 18th September 2008
Maintained by Susan McCafferty and John Watt