This Article Full Text Full Text (PDF) All Versions of this Article: M2662v1 15/3/363    most recent Submit a response Alert me when this article is cited Alert me when eLetters are posted Alert me if a correction is posted Services Similar articles in this journal Similar articles in PubMed Alert me to new issues of the journal Download to citation manager Google Scholar Articles by Langella, S. Articles by Saltz, J. PubMed PubMed Citation Articles by Langella, S. Articles by Saltz, J.

Sharing Data and Analytical Resources Securely in a Biomedical Research Grid Environment

Department of Biomedical Informatics, The Ohio State University, Columbus, OH.

^_* Correspondence: Tahsin Kurc, Biomedical Informatics Department, Ohio State University, 3184 Graves Hall, 333 West 10th Ave., Columbus, OH, 43210 (Email: kurc{at}bmi.osu.edu).

Received for publication: 11/15/07; accepted for publication: 02/13/08.

Objectives: To develop a security infrastructure to support controlled and secure access to data and analytical resources in a biomedical research Grid environment, while facilitating resource sharing among collaborators.

Design: A Grid security infrastructure, called Grid Authentication and Authorization with Reliably Distributed Services (GAARDS), is developed as a key architecture component of the NCI-funded cancer Biomedical Informatics Grid (caBIG^TM). The GAARDS is designed to support in a distributed environment 1) efficient provisioning and federation of user identities and credentials; 2) group-based access control support with which resource providers can enforce policies based on community accepted groups and local groups; and 3) management of a trust fabric so that policies can be enforced based on required levels of assurance.

Measurements: GAARDS is implemented as a suite of Grid services and administrative tools. It provides three core services: Dorian for management and federation of user identities, Grid Trust Service for maintaining and provisioning a federated trust fabric within the Grid environment, and Grid Grouper for enforcing authorization policies based on both local and Grid-level groups.

Results: The GAARDS infrastructure is available as a stand-alone system and as a component of the caGrid infrastructure. More information about GAARDS can be accessed at http://www.cagrid.org.

Conclusions: GAARDS provides a comprehensive system to address the security challenges associated with environments in which resources may be located at different sites, requests to access the resources may cross institutional boundaries, and user credentials are created, managed, revoked dynamically in a de-centralized manner.