Paper:	Group Membership Based Authorization to CADC Resources
Volume:	461, Astronomical Data Analysis Software and Systems XXI
Page:	311
Authors:	Damian, A.; Dowler, P.; Gaudet, S.; Hill, N.
Abstract:	The Group Membership Service (GMS), implemented at the Canadian Astronomy Data Centre (CADC), is a prototype of what could eventually be an IVOA standard for a distributed and interoperable group membership protocol. Group membership is the core authorization concept that enables teamwork and collaboration amongst astronomers accessing distributed resources and services. The service integrates and complements other access control related IVOA standards such as single-sign-on (SSO) using X.509 proxy certificates and the Credential Delegation Protocol (CDP). The GMS has been used at CADC for several years now, initially as a subsystem and then as a stand-alone Web service. It is part of the authorization mechanism for controlling the access to restricted Web resources as well as the VOSpace service hosted by the CADC. We present the role that GMS plays within the access control system at the CADC, including the functionality of the service and how the different CADC services make use of it to assert user authorization to resources. We also describe the main advantages and challenges of using the service as well as future work to increase its robustness and functionality.

Astronomical Society of the Pacific
Conference Series

© Copyright 1988 - 2025 - Astronomical Society of the Pacific
No part of the material protected by this copyright may be reproduced or used in any form other than for personal use without written permission from the ASP.

Page generated in 0.036 seconds