OSG Document 365-v1

gPLAZMA: Introducing RBAC Security in dCache

Document #:
Document type:
Submitted by:
Abhishek Rana
Updated by:
Elfrida Gabriel
Document Created:
24 Feb 2006, 15:11
Contents Revised:
24 Feb 2006, 15:11
DB Info Revised:
14 Nov 2006, 12:29
Viewable by:
  • Public document
Modifiable by:
  • Same as Viewable by
We introduce gPLAZMA (grid-aware PLuggable AuthoriZation MAnagement)
Architecture. Our work is motivated by a need for fine-grain security
(Role Based Access Control or RBAC) in Storage Systems, and utilizes
VOMS extended X.509 certificate specification for defining extra
attributes (FQANs), based on RFC 3281. Our implementation, the gPLAZMA
module for dCache, introduces Storage Authorization Callouts for SRM
and GridFTP. It allows using different authorization mechanisms
simultaneously, fine-tuned with switches and priorities of mechanisms.
Of the four mechanisms currently supported, one is an integration with
RBAC services in the OSG Privilege Project, others are built-in as a
lightweight suite of services (gPLAZMAlite Services Suite) including
the legacy dcache.kpwd file, as well as the popular grid-mapfile,
augmented with a gPLAZMAlite specific RBAC mechanism. Based on our
current work, we also outline a future potential towards authorization
for storage quotas. This work was undertaken as a collaboration
between PPDG Common, OSG Privilege project, and the SRM-dCache groups

Presented at the XVth International Conference on
Computing in High Energy and Nuclear Physics (CHEP’06)
February 15, 2006
TIFR, Mumbai


RANA, Abhishek Singh (University of California, San Diego, CA, USA)
WÜRTHWEIN, Frank (University of California, San Diego, CA, USA)
PERELMUTOV, Timur (Fermi National Accelerator Laboratory, Batavia, IL,USA)
KENNEDY, Robert (Fermi National Accelerator Laboratory, Batavia, IL, USA)
BAKKEN, Jon (Fermi National Accelerator Laboratory, Batavia, IL, USA)
SKOW, Dane (Fermi National Accelerator Laboratory, Batavia, IL, USA)
FISK, Ian (Fermi National Accelerator Laboratory, Batavia, IL, USA)
FUHRMANN, Patrick (DESY, Hamburg, Germany)
ERNST, Michael (DESY, Hamburg, Germany)

Files in Document:
Associated with Events:
CHEP '06 held on 15 Feb 2006 in Mumbai, India
DocDB Home ]  [ Search ] [ Last 20 Days ] [ List Authors ] [ List Events ] [ List Topics ]

Supported by the National Science Foundation and the U.S. Department of Energy's Office of Science Contact Us | Site Map

DocDB Version 8.7.23, contact Document Database Administrators