{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T08:08:00Z","timestamp":1759133280057,"version":"3.41.0"},"reference-count":58,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2011,1]]},"abstract":"<jats:p>Grid computing facilitates resource sharing typically to support distributed virtual organizations (VO). The multi-institutional nature of a grid environment introduces challenging security issues, especially with regard to authentication and authorization. This article presents a state-of-the-art review of major grid authentication and authorization technologies. In particular we focus upon the Internet2 Shibboleth technologies and their use to support federated authentication and authorization to support interinstitutional sharing of remote grid resources that are subject to access control. We outline the architecture, features, advantages, limitations, projects, and applications of Shibboleth in a grid environment. The evidence suggests that Shibboleth meets many of the demands of the research community in accessing and using grid resources.<\/jats:p>","DOI":"10.1145\/1883612.1883619","type":"journal-article","created":{"date-parts":[[2011,2,1]],"date-time":"2011-02-01T15:50:21Z","timestamp":1296575421000},"page":"1-26","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["A review of grid authentication and authorization technologies and support for federated access control"],"prefix":"10.1145","volume":"43","author":[{"given":"Wei","family":"Jie","sequence":"first","affiliation":[{"name":"Thames Valley University, London, U.K."}]},{"given":"Junaid","family":"Arshad","sequence":"additional","affiliation":[{"name":"University of Leeds, Leeds, U.K."}]},{"given":"Richard","family":"Sinnott","sequence":"additional","affiliation":[{"name":"University of Glasgow, Melbourne, Australia"}]},{"given":"Paul","family":"Townend","sequence":"additional","affiliation":[{"name":"University of Leeds, Leeds, U.K."}]},{"given":"Zhou","family":"Lei","sequence":"additional","affiliation":[{"name":"Shanghai University, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2011,2,4]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"AAI. 2009. Authentication and authorization infrastructure. http:\/\/www.switch.ch\/aai.  AAI. 2009. Authentication and authorization infrastructure. http:\/\/www.switch.ch\/aai."},{"key":"e_1_2_1_2_1","unstructured":"Akenti. 2009. Akenti distributed access control. http:\/\/dsd.lbl.gov\/Akenti.  Akenti. 2009. Akenti distributed access control. http:\/\/dsd.lbl.gov\/Akenti."},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the Conference for Computing in High Energy and Nuclear Physics.","author":"Alfieri R.","year":"2003","unstructured":"Alfieri , R. 2003 . Managing dynamic user communities in a grid of autonomous resources . In Proceedings of the Conference for Computing in High Energy and Nuclear Physics. Alfieri, R. 2003. Managing dynamic user communities in a grid of autonomous resources. In Proceedings of the Conference for Computing in High Energy and Nuclear Physics."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2004.10.006"},{"key":"e_1_2_1_5_1","unstructured":"Athens. 2009. Athens for education. http:\/\/www.athens.ac.uk.  Athens. 2009. Athens for education. http:\/\/www.athens.ac.uk."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.v35:9"},{"key":"e_1_2_1_7_1","unstructured":"Broadfoot P. J. and Martin A. P. 2003. A Critical Survey of Grid Security Requirements and Technologies. Oxford University Computing Laboratory Oxford U.K.  Broadfoot P. J. and Martin A. P. 2003. A Critical Survey of Grid Security Requirements and Technologies. Oxford University Computing Laboratory Oxford U.K."},{"key":"e_1_2_1_8_1","unstructured":"CCIT. 1998. CCITT recommendation X.509. The Directory--Authentication Framework.  CCIT. 1998. CCITT recommendation X.509. The Directory--Authentication Framework."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2003.1189190"},{"volume-title":"Proceedings of the ITI 1st International Conference on Information and Communications Technology (ICICT).","author":"Chadwick D.","key":"e_1_2_1_10_1","unstructured":"Chadwick , D. and Otenko , O . 2003. A comparison of the Akenti and PERMIS authorization infrastructures in ensuring security in IT infrastructures . In Proceedings of the ITI 1st International Conference on Information and Communications Technology (ICICT). Chadwick, D. and Otenko, O. 2003. A comparison of the Akenti and PERMIS authorization infrastructures in ensuring security in IT infrastructures. In Proceedings of the ITI 1st International Conference on Information and Communications Technology (ICICT)."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1108\/10650740610704153"},{"key":"e_1_2_1_12_1","unstructured":"CSHIB. 2009. Condor-Shib project. http:\/\/hendrix.arc.georgetown.edu\/condor-shib\/index.html.  CSHIB. 2009. Condor-Shib project. http:\/\/hendrix.arc.georgetown.edu\/condor-shib\/index.html."},{"volume-title":"Proceedings of the 3rd International Conference on e-Social Science.","author":"Daw M.","key":"e_1_2_1_13_1","unstructured":"Daw , M. and Procter , R . 2007. Developing an e-Infrastructure for Social Science . In Proceedings of the 3rd International Conference on e-Social Science. Daw, M. and Procter, R. 2007. Developing an e-Infrastructure for Social Science. In Proceedings of the 3rd International Conference on e-Social Science."},{"key":"e_1_2_1_14_1","unstructured":"DyVOSE. 2009. DyVOSE project. http:\/\/labserv.nesc.gla.ac.uk\/projects\/dyvose\/.  DyVOSE. 2009. DyVOSE project. http:\/\/labserv.nesc.gla.ac.uk\/projects\/dyvose\/."},{"key":"e_1_2_1_15_1","unstructured":"EGEE. 2009. EGEE (Enabling grids for e-science) project. http:\/\/www.eu-egee.org.  EGEE. 2009. EGEE (Enabling grids for e-science) project. http:\/\/www.eu-egee.org."},{"key":"e_1_2_1_16_1","unstructured":"ESPGRID. 2009. ESP-GRID project. http:\/\/labserv.nesc.gla.ac.uk\/projects\/esp-grid\/index.html.  ESPGRID. 2009. ESP-GRID project. http:\/\/labserv.nesc.gla.ac.uk\/projects\/esp-grid\/index.html."},{"key":"e_1_2_1_17_1","unstructured":"FAME. 2009. FAME--PERMIS project. http:\/\/www.cs.man.ac.uk\/fame-permis.  FAME. 2009. FAME--PERMIS project. http:\/\/www.cs.man.ac.uk\/fame-permis."},{"key":"e_1_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Farrell S. and Housley R. 2002. An Internet attribute certificate profile for authorization. Internet draft   Farrell S. and Housley R. 2002. An Internet attribute certificate profile for authorization. Internet draft","DOI":"10.17487\/rfc3281"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/288090.288111"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1177\/109434200101500302"},{"key":"e_1_2_1_21_1","unstructured":"GLOBUS. 2009. Globus toolkit. http:\/\/www.globus.org.  GLOBUS. 2009. Globus toolkit. http:\/\/www.globus.org."},{"key":"e_1_2_1_22_1","unstructured":"GRIDSITE. 2009. GridSite project. http:\/\/www.gridsite.org.  GRIDSITE. 2009. GridSite project. http:\/\/www.gridsite.org."},{"key":"e_1_2_1_23_1","unstructured":"GRIDSHIB. 2009. GridShib project. http:\/\/gridshib.globus.org.  GRIDSHIB. 2009. GridShib project. http:\/\/gridshib.globus.org."},{"key":"e_1_2_1_24_1","unstructured":"GSPERMIS. 2009. GridShibPERMIS project. http:\/\/www.jisc.ac.uk\/uploaded_documents\/GRIDShibPermis.pdf.  GSPERMIS. 2009. GridShibPERMIS project. http:\/\/www.jisc.ac.uk\/uploaded_documents\/GRIDShibPermis.pdf."},{"key":"e_1_2_1_25_1","unstructured":"IAMSECT. 2009. IAMSECT project. http:\/\/iamsect.ncl.ac.uk\/.  IAMSECT. 2009. IAMSECT project. http:\/\/iamsect.ncl.ac.uk\/."},{"key":"e_1_2_1_26_1","unstructured":"IMPETUS. 2009. IMPETUS project. http:\/\/ribble.dmu.ac.uk\/impetus\/index.html.  IMPETUS. 2009. IMPETUS project. http:\/\/ribble.dmu.ac.uk\/impetus\/index.html."},{"key":"e_1_2_1_27_1","unstructured":"ISO. 2001. ISO 9594-8\/ITU-T Recommendation X.509. The directory: Public-key and attribute certificate frameworks.  ISO. 2001. ISO 9594-8\/ITU-T Recommendation X.509. The directory: Public-key and attribute certificate frameworks."},{"volume-title":"Security frameworks for 475, open Systems: Access control framework","author":"Recommendation X.","key":"e_1_2_1_28_1","unstructured":"ITU-T. 1995. ITU-T Recommendation X. 812|ISO\/IEC 10181-3:1996. Security frameworks for 475, open Systems: Access control framework . ITUT , Geneva, Switzerland . ITU-T. 1995. ITU-T Recommendation X.812|ISO\/IEC 10181-3:1996. Security frameworks for 475, open Systems: Access control framework. ITUT, Geneva, Switzerland."},{"volume-title":"Introduction to Public Key Technology and the Federal PKI Infrastructure","author":"Kuhn D. R.","key":"e_1_2_1_29_1","unstructured":"Kuhn , D. R. , Introduction to Public Key Technology and the Federal PKI Infrastructure . National Institute of Standards and Technology , Gaithersburg, MD . Kuhn, D. R., et al. 2001. Introduction to Public Key Technology and the Federal PKI Infrastructure. National Institute of Standards and Technology, Gaithersburg, MD."},{"key":"e_1_2_1_30_1","unstructured":"MAMS. 2009. Meta-access Management system. http:\/\/www.melcoe.mq.edu.au\/projects\/MAMS.  MAMS. 2009. Meta-access Management system. http:\/\/www.melcoe.mq.edu.au\/projects\/MAMS."},{"key":"e_1_2_1_31_1","first-page":"12","article-title":"Federated security: The Shibboleth approach","volume":"27","author":"Morgan R. L. B.","year":"2004","unstructured":"Morgan , R. L. B. , 2004 . Federated security: The Shibboleth approach . Educause Quart. 27 , 4, 12 -- 17 . Morgan, R. L. B., et al. 2004. Federated security: The Shibboleth approach. Educause Quart. 27, 4, 12--17.","journal-title":"Educause Quart."},{"key":"e_1_2_1_32_1","unstructured":"NGS. 2009. U.K. national grid service. http:\/\/www.grid-support.ac.uk\/.  NGS. 2009. U.K. national grid service. http:\/\/www.grid-support.ac.uk\/."},{"key":"e_1_2_1_33_1","unstructured":"OASIS. 2003. OASIS security services technical committee. Security Assertion Markup Language (SAML) v1.1. OASIS standard 200308. http:\/\/www.oasisopen.org\/specs\/index.php&num; samlv1.1.  OASIS. 2003. OASIS security services technical committee. Security Assertion Markup Language (SAML) v1.1. OASIS standard 200308. http:\/\/www.oasisopen.org\/specs\/index.php&num; samlv1.1."},{"key":"e_1_2_1_34_1","unstructured":"OASIS. 2009. Organization for the advancement of structured information standards. http:\/\/www.oasis-open.org.  OASIS. 2009. Organization for the advancement of structured information standards. http:\/\/www.oasis-open.org."},{"key":"e_1_2_1_35_1","unstructured":"OGF. 2009. Open grid forum. http:\/\/www.ogf.org.  OGF. 2009. Open grid forum. http:\/\/www.ogf.org."},{"key":"e_1_2_1_36_1","unstructured":"OGSA. 2009a. OGSA-DAI project. http:\/\/www.ogsadai.org.uk\/.  OGSA. 2009a. OGSA-DAI project. http:\/\/www.ogsadai.org.uk\/."},{"key":"e_1_2_1_37_1","unstructured":"OGSA. 2009b. Message level security. http:\/\/www.globus.org\/toolkit\/3.0\/ogsa\/docs\/message_security.html.  OGSA. 2009b. Message level security. http:\/\/www.globus.org\/toolkit\/3.0\/ogsa\/docs\/message_security.html."},{"key":"e_1_2_1_38_1","unstructured":"Openid. 2009. Open id. http:\/\/openid.net.  Openid. 2009. Open id. http:\/\/openid.net."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.5555\/863632.883495"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10723-006-9054-4"},{"key":"e_1_2_1_41_1","unstructured":"PERSEUS. 2009. PERSEUS project. http:\/\/www.angel.ac.uk\/PERSEUS.  PERSEUS. 2009. PERSEUS project. http:\/\/www.angel.ac.uk\/PERSEUS."},{"key":"e_1_2_1_42_1","unstructured":"SAKAVRE. 2009. Sakai VRE project. http:\/\/tyne.dl.ac.uk\/Sakai\/.  SAKAVRE. 2009. Sakai VRE project. http:\/\/tyne.dl.ac.uk\/Sakai\/."},{"key":"e_1_2_1_43_1","unstructured":"SEEGEO. 2009. SEE-GEO project. http:\/\/edina.ac.uk\/projects\/seesaw\/index.html.  SEEGEO. 2009. SEE-GEO project. http:\/\/edina.ac.uk\/projects\/seesaw\/index.html."},{"key":"e_1_2_1_44_1","unstructured":"SHEBANGS. 2009. SHEBANGS project. http:\/\/www.rcs.manchester.ac.uk\/research\/shebangs.  SHEBANGS. 2009. SHEBANGS project. http:\/\/www.rcs.manchester.ac.uk\/research\/shebangs."},{"key":"e_1_2_1_45_1","unstructured":"Shibgrid. 2009. ShibGrid project. http:\/\/www.oesc.ox.ac.uk\/activities\/projects\/index.xml?ID=ShibGrid.  Shibgrid. 2009. ShibGrid project. http:\/\/www.oesc.ox.ac.uk\/activities\/projects\/index.xml?ID=ShibGrid."},{"key":"e_1_2_1_46_1","unstructured":"Shibboleth. 2009. Shibboleth project. http:\/\/shibboleth.internet2.edu.  Shibboleth. 2009. Shibboleth project. http:\/\/shibboleth.internet2.edu."},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICGRID.2006.311008"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCGRID.2008.67"},{"key":"e_1_2_1_49_1","unstructured":"SPIE. 2009. SPIE project. http:\/\/www.oucs.ox.ac.uk\/rts\/spie.  SPIE. 2009. SPIE project. http:\/\/www.oucs.ox.ac.uk\/rts\/spie."},{"volume-title":"A Rough Guide to Grid Security","author":"Surridge M.","key":"e_1_2_1_50_1","unstructured":"Surridge , M. 2002. A Rough Guide to Grid Security . IT Innovation Centre , Southampton, U.K. Surridge, M. 2002. A Rough Guide to Grid Security. IT Innovation Centre, Southampton, U.K."},{"key":"e_1_2_1_51_1","unstructured":"Tuecke S. etal 2001. Internet X.509 Public Key Infrastructure Proxy Certificate Profile. IETF. Fremont CA.  Tuecke S. et al. 2001. Internet X.509 Public Key Infrastructure Proxy Certificate Profile. IETF. Fremont CA."},{"key":"e_1_2_1_52_1","unstructured":"UKAMF. 2009. U.K. Access Management Federation for Education and Research. http:\/\/www.ukfederation.org.uk.  UKAMF. 2009. U.K. Access Management Federation for Education and Research. http:\/\/www.ukfederation.org.uk."},{"key":"e_1_2_1_53_1","unstructured":"Uportal. 2009. uPortal project. http:\/\/www.uportal.org.  Uportal. 2009. uPortal project. http:\/\/www.uportal.org."},{"key":"e_1_2_1_54_1","unstructured":"VASH. 2009. VASH service. http:\/\/www.switch.ch\/grid\/vash\/.  VASH. 2009. VASH service. http:\/\/www.switch.ch\/grid\/vash\/."},{"key":"e_1_2_1_55_1","unstructured":"VERSI. 2009. Victorian eresearch strategic initiative. http:\/\/versi.edu.au\/index.html.  VERSI. 2009. Victorian eresearch strategic initiative. http:\/\/versi.edu.au\/index.html."},{"key":"e_1_2_1_56_1","unstructured":"VPMAN. 2009. VPMan project. http:\/\/sec.cs.kent.ac.uk\/vpman.  VPMAN. 2009. VPMan project. http:\/\/sec.cs.kent.ac.uk\/vpman."},{"key":"e_1_2_1_57_1","unstructured":"Weise J. 2008. Public key infrastructure overview. http:\/\/www.sun.com\/blueprints\/0801\/publickey.pdf.  Weise J. 2008. Public key infrastructure overview. http:\/\/www.sun.com\/blueprints\/0801\/publickey.pdf."},{"key":"e_1_2_1_58_1","unstructured":"Welch V. etal 2004. Use of SAML for OGSA authorization. https:\/\/forge.gridforum.org\/projects\/ogsa-authz.  Welch V. et al. 2004. Use of SAML for OGSA authorization. https:\/\/forge.gridforum.org\/projects\/ogsa-authz."}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1883612.1883619","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1883612.1883619","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T10:52:17Z","timestamp":1750243937000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1883612.1883619"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,1]]},"references-count":58,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2011,1]]}},"alternative-id":["10.1145\/1883612.1883619"],"URL":"https:\/\/doi.org\/10.1145\/1883612.1883619","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"type":"print","value":"0360-0300"},{"type":"electronic","value":"1557-7341"}],"subject":[],"published":{"date-parts":[[2011,1]]},"assertion":[{"value":"2008-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2009-08-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2011-02-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}