The Security model of the ALICE next generation Grid framework release_c6zs7qjsrvayriekfzwr6szgcm

by Miguel Martinez Pedreira, Costin Grigoras, Volodymyr Yurchenko, Maksim Melnik Storetvedt

Published in EPJ Web of Conferences by EDP Sciences.

2019   Volume 214, p03042

Abstract

JAliEn (Java-AliEn) is the ALICE next generation Grid framework which will be used for the top-level distributed computing resources management during the LHC Run 3 and onward. While preserving an interface familiar to the ALICE users, its performance and scalability are an order of magnitude better than the currently used framework. To implement the JAliEn security model, we have developed the so-called Token Certificates – short lived full Grid certificates, generated by central services automatically or on the client's request. Token Certificates allow fine-grained control over user/client authorization, e.g. filtering out unauthorized requests based on the client's type: end user, job agent, jobpayload. These and other parameters (like job ID) are encrypted in the token by the issuing service and cannot be altered.The client-side security implementation is further described in aspects of the interaction between user jobs and job agents. User jobs will use JAliEn tokens for authentication and authorization by the central JAliEn services. These tokens are passed from the job agent through a pipe stream, not stored on disk and thus readily available only to the intended job process. The level of isolation of user payloads is further improved by running them in containers. While JAliEn doesn't rely on X.509 proxies, the backward compatibility is kept to assure interoperability with services that require them.
In application/xml+jats format

Archived Files and Locations

application/pdf   475.8 kB
file_zt67wkg2tbdzndab6rc4725yaa
www.epj-conferences.org (publisher)
web.archive.org (webarchive)
Read Archived PDF
Preserved and Accessible
Type  article-journal
Stage   published
Year   2019
Container Metadata
Open Access Publication
In DOAJ
In ISSN ROAD
In Keepers Registry
ISSN-L:  2100-014X
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: f5c96ae6-27ea-430e-9ed0-d05bfed53b40
API URL: JSON