The Grid Authentication and Authorization with Reliably Distributed Services (GAARDS) provides services and tools for the administration and enforcement of security policy in an enterprise Grid. GAARDS was developed on top of the Globus Toolkit and extends the Grid Security Infrastructure (GSI) to provide enterprise services and administrative tools for: (1) grid user management, (2) identity federation, (3) trust fabric provisioning and management, (4) group/VO management (5) Access Control Policy management and enforcement, (6) credential delegation, (7) web single sign on, and (8) Integration between existing security domains and the grid security domain. GAARDS services can be used individually or grouped together to meet the authentication and authorization needs for Grids. Below is a list of some of the core services provided by GAARDS:
- Dorian - A grid service for the provisioning and management of grid users accounts. Dorian provides an integration point between external security domains and the grid, allowing accounts managed in external domains to be federated and managed in the grid. Dorian allows users to use their existing credentials (external to the grid) to authenticate to the grid.
- Authentication Service - Provides a framework for issuing SAML assertions for existing credential providers such that they may easily integrated with Dorian and other grid credential providers. The authentication service also provides a uniform authentication interface in which applications can be built on.
- Grid Trust Service (GTS) - The Grid Trust Service (GTS) is a grid-wide mechanism for maintaining and provisioning a federated trust fabric consisting of trusted certificate authorities, such that grid services may make authentication decisions against the most up to date information.
- Grid Grouper - Provides a group-based authorization solution for the Grid, wherein grid services and applications enforce authorization policy based on membership to groups defined and managed at the grid level.
- Credential Delegation Service (CDS) - A WSRF-compliant Grid service that enables users/services (delegator) to delegate their Grid credentials to other users/services (delegatee) such that the delegatee(s) may act on the delegator's behalf.
- Web Single Sign On (WebSSO) - Provides a comprehensive, Single Sign On (SSO) solution for web applications using GAARDS.
- Common Security Module (CSM) - Provides a centralize approach to managing and enforcing access control policy authorization.
GAARDS is currently under development as part of the caGrid project. caGrid is the core middleware for the caBIG project. GAARDS is an effort undergoing incubation at Globus. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful Globus projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by Globus. The status of the GAARDS is: Newly accepted Incubator Project November 2006, as defined by the Incubator Process Guidelines found at http://dev.globus.org/wiki/Incubator/Incubator_Process .
Download Software and Documentation
Incubator Project Metadata
Stephen Langella, Ohio State University
Scott Oster, Ohio State University
Shannon Hastings, Ohio State University
Joshua Phillips, Semantic Bits
- CAGRID_USERS-L@LIST.NIH.GOV (archive) - General discussion list for posting questions, comments, and for getting help with technical difficulties. Click here to join this list.
- CAGRID_DEVELOPERS-L@LIST.NIH.GOV - Developers discussion list.
The GAARDS Project adheres to the Globus Alliance Project Guidelines.
Guidelines for committers
- Currently this projects source code is being managed at the caBIG GForge.
Guidelines for individual contributors
- If you wish to become a contributer to this project please email Stephen Langella at Stephen.Langella@osumc.edu
The GAARDS project gratefully acknowledges the following contributors
- Joel Saltz, Ohio State University
- Tahsin Kurc, Ohio State University
- Aaron Lucas, John Hopkins University
- Frank Siebenlist, Argonne National Labs
- Tom Barton, University of Chicago
- Avinash Shanbhag, NCICB