Sharing data and analytical resources securely in a biomedical research grid environment

Abstract:

Enforcing controlled access to resources in a Grid environment, while facilitating resource sharing among collaborators, is a challenging problem. The challenges stem from the fact that resources in the environment may be located at different sites, requests to access the resources may cross institutional boundaries, and user credentials are created, managed, revoked dynamically in a de-centralized manner. This paper describes a security infrastructure, called Grid Authentication and Authorization with Reliably Distributed Services (GAARDS), to address these challenges. The GAARDS infrastructure is one of the key architecture components of the NCI-funded cancer Biomedical Informatics Grid (caBIG™), which is envisioned to span hundreds of institutions and thousands of researchers acting as both resource providers and clients. The main features of GAARDS are: 1) support for efficient provisioning and federation of user identities and credentials in a distributed environment; 2) group-based access control support with which resource providers can enforce access control policies based on community accepted groups (roles) as well as local groups; and 3) support for management of a trust fabric so that resource providers and clients can enforce policies based on required levels of assurance.