A concept for attribute-based authorization on D-Grid resources

In Germany's D-Grid project numerous Grid communities are working together to provide a common overarching Grid infrastructure. The major aims of D-Grid are the integration of existing Grid deployments and their interoperability. The challenge lies in the heterogeneity of the current implementations: three Grid middleware stacks and different Virtual Organization management approaches have to be embraced to achieve the intended goals. In this article we focus oil the implementation of an attribute-based authorization infrastructure that not only leverages the well-known VO attributes but also campus attributes managed by a Shibboleth federation.