Role Based Access Control System in the ATLAS Experiment

Valsan, M L; Twomey, M; Caramarcu, C; Korol, A A; Ballestrero, S; Khomoutnikov, V; Schlenker, S; Darlea, G L; Filimonov, V; Bujor, F; Zaytsev, A S; Scannicchio, D A; Avolio, G; Dumitru, I; Lehmann Miotto, G; Bogdantchikov, A; Dobson, M

ATLAS Slides
Report number	ATL-DAQ-SLIDE-2010-391
Title	Role Based Access Control System in the ATLAS Experiment
Author(s)	Valsan, M L (Politehnica University Bucharest, Romania) ; Dobson, M (CERN) ; Lehmann Miotto, G (CERN) ; Scannicchio, D A (University of California at Irvine, USA) ; Schlenker, S (CERN) ; Filimonov, V (Petersburg Nuclear Physics Institute, Russia) ; Khomoutnikov, V (Petersburg Nuclear Physics Institute, Russia) ; Dumitru, I (Politehnica University Bucharest, Romania) ; Zaytsev, A S (Budker Institute of Nuclear Physics, Russia) ; Korol, A A (Budker Institute of Nuclear Physics, Russia) ; Bogdantchikov, A (Budker Institute of Nuclear Physics, Russia) ; Avolio, G (University of California at Irvine, USA) ; Caramarcu, C (National Institute of Physics and Nuclear Engineering, Romania) ; Ballestrero, S (University of Johannesburg, South Africa) ; Darlea, G L (Politehnica University Bucharest, Romania) ; Twomey, M (Washington U., Seattle) ; Bujor, F (Politehnica University Bucharest, Romania)
Corporate author(s)	The ATLAS collaboration
Submitted to	Conference on Computing in High Energy and Nuclear Physics 2010, Taipei, Taiwan, 18 - 22 Oct 2010
Submitted by	[email protected] on 14 Oct 2010
Subject category	Detectors and Experimental Techniques
Accelerator/Facility, Experiment	CERN LHC ; ATLAS
Free keywords	role based access control ; roles ; security policy ; authorization ; access manager ; LDAP
Abstract	The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Servers offering remote access to the Detector Control System (DCS) and to Windows machines inside ATCN, the PVSS SCADA software, the distributed file system, the central network attached file system. The RBAC implementation uses a directory service based on Lightweight Directory Access Protocol to store the users (~3000), roles (~320), groups (~80) and access policies. The information is kept in sync with various other databas es and directory services: human resources, central CERN IT, CERN Active Directory and the Access Control Database used by DCS.

Back to search

Record creato 2010-10-14, modificato l'ultima volta il 2012-07-10

Record simili

Testo completo:

PDF

Collegamento esterno:

Original Communication (restricted to ATLAS)

Aggiungi ad un cestino personale
Esporta come BibTeX, MARC, MARCXML, DC, EndNote, NLM, RefWorks

CERN Document Server

Access articles, reports and multimedia content in HEP

Main menu

CERN Accelerating science