SCI: Collaborative Research: NMI DEVELOPMENT: Policy Controlled Attribute Framework
University Of Chicago, Chicago IL
Investigators
Abstract
This proposal integrates GSI and Shibboleth to form a robust attribute infrastructure for campus environments to enable secure verification of user attributes by inter-institutional Grid users. This project will deliver a framework that allows participants in multi organizational collaborations to control the attribute information that they want to publish, share, and reveal to other parties. Those parties will be also be able to determine whether they possess the capabilities to access a service by matching their capabilities with the service's shared policy of required attributes. Pseudonymous interactions will be supported through the use of anonymous public key credentials that are mapped to the client's identity at the client's own discretion. The project substantially leverages on and extends existing technologies, primarily Internet2's Shibboleth, the Globus Alliance's Globus Toolkit, and NCSA's GridLogon Service. The framework will use Shibboleth's Attribute Authority service (SAAS) and its attribute release policies to restrict the attributes communicated to other parties. We will enhance these Shibboleth services by enabling Web services access through integration with the Globus Toolkit. To enable pseudonymous deployment, a module will be developed for the GridLogon service to allow authenticated users to obtain public key credentials that do not reveal their identity, yet are fully compatible with the Grid Security Infrastructure. Lastly, formats and protocols will be developed and implemented to express, publish, share, and match attribute-related policies and capabilities.
View original record on NSF Award Search →