Olle Mulmo - Academia.edu (original) (raw)
Papers by Olle Mulmo
The 6th IEEE/ACM International Workshop on Grid Computing, 2005., 2005
In this paper we present a system permitting controlled policy administration and delegation usin... more In this paper we present a system permitting controlled policy administration and delegation using the XACML access control system. The need for these capabilities stems from the use of XACML in the SweGrid Accounting System, which is used to enforce resource allocations to Swedish research projects. Our solution uses a second access control system Delegent, which has powerful delegation capabilities. We have implemented limited XML access control in Delegent, in order to supervise modifications of the XML-encoded XACML policies. This allows us to use the delegation capabilities of Delegent together with the expressive access level permissions of XACML.
Concurrency and Computation: Practice and Experience, 2000
SUMMARY The SweGrid Accounting System (SGAS) allocates capacity in collaborative Grid environment... more SUMMARY The SweGrid Accounting System (SGAS) allocates capacity in collaborative Grid environments by coordinating enforcement of Grid-wide usage limits as a means to offer usage guarantees and prevent overuse. SGAS employs a credit-based allocation model where Grid capacity is granted to projects via Grid-wide quota allowances that can be spent across the Grid resources. The resources collectively enforce these allowances
International Journal of Cooperative Information Systems, 2006
We present the SweGrid Accounting System (SGAS) -a decentralized and standardsbased system for Gr... more We present the SweGrid Accounting System (SGAS) -a decentralized and standardsbased system for Grid resource allocation enforcement that has been developed with an emphasis on a uniform data model and easy integration into existing scheduling and workload management software.
Proceedings of the 2nd international conference on Service oriented computing - ICSOC '04, 2004
In this paper, we present an Open Grid Services Architecture (OGSA)-based decentralized allocatio... more In this paper, we present an Open Grid Services Architecture (OGSA)-based decentralized allocation enforcement system, developed with an emphasis on a consistent data model and easy integration into existing scheduling, and workload management software at six independent high-performance computing centers forming a Grid known as SweGrid. The Swedish National Allocations Committee (SNAC) allocates resource quotas at these centers to research projects requiring substantial computer time. Our system, the SweGrid Accounting System (SGAS), addresses the need for soft real-time allocation enforcement on SweGrid for cross-domain job submission. The SGAS framework is based on state-of-the-art Web and Grid services technologies. The openness and ubiquity of Web services combined with the fine-grained resource control and cross-organizational security models of Grid services proved to be a perfect match for the SweGrid needs. Extensibility and customizability of policy implementations for the three different parties the system serves (the user, the resource manager, and the allocation authority) are key design goals. Another goal is end-to-end security and single sign-on, to allow resources-selected based on client policies-to act on behalf of the user when negotiating contracts with the bank in an environment where the six centers would continue to use their existing accounting policies and tools. We conclude this paper by showing the feasibility of SGAS, which is currently being deployed at the production sites, using simulations of reservation streams. The reservation streams are shaped using soft computing and policy-based algorithms.
Computational Methods in Science and Technology, 2006
tbd * This work is co-funded by Enabling Grids for E-sciencE (EGEE), a project of the European Co... more tbd * This work is co-funded by Enabling Grids for E-sciencE (EGEE), a project of the European Commission (contract number A Virtual Organisation (VO) comprises a set of individuals and/or institutions having access to computers, software, data, and other resources for collaborative problem-solving or other purposes. Virtual Organisations are a concept that supplies a context for operation of the Grid that can be used to associate users, their requests, and a set of resources. The sharing of resources in a VO is necessarily highly controlled, with resource providers and consumers defining clearly and carefully just what is shared, who is allowed to share, and the conditions under which sharing occurs .
2006 7th IEEE/ACM International Conference on Grid Computing, 2006
Grids are intended to enable cross-organizational interactions which makes Grid security a challe... more Grids are intended to enable cross-organizational interactions which makes Grid security a challenging and nontrivial issue. In Grids, delegation is a key facility that can be used to authenticate and authorize requests on behalf of disconnected users. In current Grid systems there is a tradeoff between flexibility and security in the context of delegation. Applications must choose between limited or full delegation: on one hand, delegating a restricted set of rights reduces exposure to attack but also limits the flexibility/dynamism of the application; on the other hand, delegating all rights provides maximum flexibility but increases exposure. In this paper, we propose an on-demand restricted delegation mechanism, aimed at addressing the shortcomings of current delegation mechanisms by providing restricted delegation in a flexible fashion as needed for Grid applications. This mechanism provides an ontology-based solution for tackling one the most challenging issues in security systems, which is the principle of least privileges. It utilizes a callback mechanism, which allows on-demand provisioning of delegated credentials in addition to observing, screening, and auditing delegated rights at runtime. This mechanism provides support for generating delegation credentials with a very limited and well-defined range of capabilities or policies, where a delegator is able to grant a delegatee a set of restricted and limited rights, implicitly or explicitly.
Lecture Notes in Computer Science, 2006
This contribution presents the design and implementation of a bank service, constituting a key co... more This contribution presents the design and implementation of a bank service, constituting a key component in a recently developed Grid accounting system. The Grid accounting system maintains a Grid-wide view of the resources consumed by members of a virtual organization (VO). The bank is designed as an online service, managing the accounts of VO projects. Each service request is transparently intercepted by the accounting system, which acquires a reservation on a portion of the project's bank account prior to servicing the request. Upon service completion, the account is charged for the consumed resources. We present the overall bank design and technical details of its major components, as well as some illustrative examples of relevant service interactions. The system, which has been implemented using the Globus Toolkit, is based on state-of-the-art Web and Grid services technology and complies with the Open Grid Services Architecture (OGSA).
Proceedings - IEEE/ACM International Workshop on Grid Computing, 2006
This paper presents ongoing research and current results on the development of flexible access co... more This paper presents ongoing research and current results on the development of flexible access control infrastructures for complex resource provisioning in Grid-based collaborative applications and on-demand network services provisioning. We investigate the use of workflow concepts for the required orchestration of multiple Grid resources and/or services across multiple administrative and security domains. In particular, workflow execution and management tools can be used to track security context changes that are dependent on the application domain, execution stage defined policies, or user and/or service attributes. The paper discusses what specific functionality should be added to Grid-oriented authorization frameworks to handle such dynamic service-related security contexts. As an example, the paper explains how such functionality can be achieved in the GAAA Authorization framework (GAAA-AuthZ) and GAAA toolkit. Suggestions are given about integration with the Globus Toolkit's Authorization Framework. Additionally, the paper analyses what possibilities of expressing and handling dynamic security contexts are available in XACML, and describes SAML-compatible AuthZ ticket format for extended AuthZ session management. The paper is based on experiences gained from major Grid based and Grid oriented projects such as EGEE, Phosphorus, NextGrid, Collaboratory.nl and GigaPort Research on Network.
Lecture Notes in Computer Science, 2006
Grids are becoming economically viable and productive tools. They provide a way of utilizing a va... more Grids are becoming economically viable and productive tools. They provide a way of utilizing a vast array of linked resources such as computing systems, databases and services online within Virtual Organizations (VO). However, today's Grid architectures are not capable of supporting dynamic, agile federation across multiple administrative domains and the main barrier, which hinders dynamic federation over short time scales is security. Federating security and trust is one of the most significant architectural issues in Grids. Existing relevant standards and specifications can be used to federate security services, but do not directly address the dynamic extension of business trust relationships into the digital domain. In this paper we describe an experiment which highlights those challenging architectural issues and forms the basis of an approach that combines a dynamic trust federation and a dynamic authorization mechanism for addressing dynamic security trust federation in Grids. The experiment made with the prototype described in this paper is used in the NextGRID 1 project to define the requirements of next generation Grid architectures adapted to business application needs.
Journal of Grid Computing, 2006
Manual management of public key credentials can be a significant and often off-putting obstacle t... more Manual management of public key credentials can be a significant and often off-putting obstacle to Grid use, particularly for casual users. We describe the Portal-based User Registration Service (PURSE), a set of tools for automating user registration, credential creation, and credential management tasks. PURSE provides the system developer with a set of customizable components, suitable for integration with portals, that can be used to address the full lifecycle of Grid credential management. We describe the PURSE design and its use in portals for two systems, the Earth System Grid data access system and the Swegrid computational Grid. In both cases, the user is entirely freed from the need to create or manage public key credentials, thus simplifying the Grid experience and reducing opportunities for error. We argue that this capturing of common use cases in a reusable "solution" can be a model for how Grid ease-of-use can be addressed in other domains as well.
IEEE Network, 2000
ABSTRACT Supervisory control and data acquisition systems are used extensively to control and mon... more ABSTRACT Supervisory control and data acquisition systems are used extensively to control and monitor critical infrastructure including power, gas, oil, and water. To integrate intelligent electronic devices in smart grid infrastructure, the utilities are deploying substation automation systems (SASs) and extensive communication networks, but there is growing concern about SCADA security including substation security. Although there are several solutions utilized to prevent security threats in SCADA networks, existing SCADA networks still have severe shortcomings. In this article, we propose a lightweight and efficient security solution for SASs that provides multilevel multi-factor authentication and attribute-based authorization by deploying public key certificates, and zero-knowledge protocol-based server-aided verification and access control mechanisms using attribute certificates. It can be seen that the proposed approach is efficient and robust.
Future Generation Computer Systems, 2008
This paper summarises ongoing research and recent results on the development of flexible access c... more This paper summarises ongoing research and recent results on the development of flexible access control infrastructure for complex resource provisioning in Grid-based collaborative applications and on-demand network services provisioning. The paper analyses the general access control model for Grid-based applications and discusses what mechanisms can be used for expressing and handling dynamic domain or process/workflowrelated security context. Suggestions are given on what specific functionality should be added to the Grid-oriented authorization frameworks to handle such dynamic security context. As an example, the paper explains how such functionality can be achieved in the GAAA Authorization framework (GAAA-AuthZ) and GAAA toolkit. Additionally, the paper describes AuthZ ticket format for extended AuthZ session management. The paper is based on experiences gained from major Grid-based and Grid-oriented projects such as EGEE, Phosphorus, NextGRID, and GigaPort Research on Network.
Concurrency and Computation: Practice and Experience, 2008
The SweGrid Accounting System (SGAS) allocates capacity in collaborative Grid environments by coo... more The SweGrid Accounting System (SGAS) allocates capacity in collaborative Grid environments by coordinating enforcement of Grid-wide usage limits as a means to offer usage guarantees and prevent overuse. SGAS employs a credit-based allocation model where Grid capacity is granted to projects via Grid-wide quota allowances that can be spent across the Grid resources. The resources collectively enforce these allowances in a soft, real-time manner.
Arxiv preprint physics/ …, 2003
Diana Bosio, James Casey, Akos Frohner, Leanne Guy, Peter Kunszt, Erwin Laure, Sophie Lemaitre, L... more Diana Bosio, James Casey, Akos Frohner, Leanne Guy, Peter Kunszt, Erwin Laure, Sophie Lemaitre, Levi Lucio, Heinz Stockinger, Kurt Stockinger CERN, European Organization for Nuclear Research, CH-1211 Geneva 23, Switzerland William Bell, David Cameron, Gavin ...
3rd annual PKI R&D workshop, Apr 1, 2004
Proxy credentials are commonly used in security systems when one entity wishes to grant to anothe... more Proxy credentials are commonly used in security systems when one entity wishes to grant to another entity some set of its privileges. We have defined and standardized X. 509 Proxy Certificates for the purpose of providing restricted proxying and delegation within a PKI-based authentication system. We present here our motivations for this work coming from our efforts in Grid security, the Proxy Certificate itself, and our experiences in implementation and deployment.
Arxiv preprint cs/ …, 2003
One of the fundamental concepts in Grid computing is the creation of Virtual Organizations (VO's)... more One of the fundamental concepts in Grid computing is the creation of Virtual Organizations (VO's): a set of resource consumers and providers that join forces to solve a common problem. Typical examples of Virtual Organizations include collaborations formed around the Large Hadron Collider (LHC) experiments. To date, Grid computing has been applied on a relatively small scale, linking dozens of users to a dozen resources, and management of these VO's was a largely manual operation. With the advance of large collaboration, linking more than 10000 users with a 1000 sites in 150 counties, a comprehensive, automated management system is required. It should be simple enough not to deter users, while at the same time ensuring local site autonomy. The VO Management Service (VOMS), developed by the EU DataGrid and DataTAG projects[1, 2], is a secured system for managing authorization for users and resources in virtual organizations. It extends the existing Grid Security Infrastructure[3] architecture with embedded VO affiliation assertions that can be independently verified by all VO members and resource providers. Within the EU DataGrid project, Grid services for job submission, file-and database access are being equipped with fine-grained authorization systems that take VO membership into account. These also give resource owners the ability to ensure site security and enforce local access policies. This paper will describe the EU DataGrid security architecture, the VO membership service and the local site enforcement mechanisms Local Centre Authorization Service (LCAS), Local Credential Mapping Service(LCMAPS) and the Java Trust and Authorization Manager. * Corresponding author (CPS), all these CA's mutually trust each other and are trusted by all resources participating in the EDG test-bed.
The 6th IEEE/ACM International Workshop on Grid Computing, 2005., 2005
In this paper we present a system permitting controlled policy administration and delegation usin... more In this paper we present a system permitting controlled policy administration and delegation using the XACML access control system. The need for these capabilities stems from the use of XACML in the SweGrid Accounting System, which is used to enforce resource allocations to Swedish research projects. Our solution uses a second access control system Delegent, which has powerful delegation capabilities. We have implemented limited XML access control in Delegent, in order to supervise modifications of the XML-encoded XACML policies. This allows us to use the delegation capabilities of Delegent together with the expressive access level permissions of XACML.
Concurrency and Computation: Practice and Experience, 2000
SUMMARY The SweGrid Accounting System (SGAS) allocates capacity in collaborative Grid environment... more SUMMARY The SweGrid Accounting System (SGAS) allocates capacity in collaborative Grid environments by coordinating enforcement of Grid-wide usage limits as a means to offer usage guarantees and prevent overuse. SGAS employs a credit-based allocation model where Grid capacity is granted to projects via Grid-wide quota allowances that can be spent across the Grid resources. The resources collectively enforce these allowances
International Journal of Cooperative Information Systems, 2006
We present the SweGrid Accounting System (SGAS) -a decentralized and standardsbased system for Gr... more We present the SweGrid Accounting System (SGAS) -a decentralized and standardsbased system for Grid resource allocation enforcement that has been developed with an emphasis on a uniform data model and easy integration into existing scheduling and workload management software.
Proceedings of the 2nd international conference on Service oriented computing - ICSOC '04, 2004
In this paper, we present an Open Grid Services Architecture (OGSA)-based decentralized allocatio... more In this paper, we present an Open Grid Services Architecture (OGSA)-based decentralized allocation enforcement system, developed with an emphasis on a consistent data model and easy integration into existing scheduling, and workload management software at six independent high-performance computing centers forming a Grid known as SweGrid. The Swedish National Allocations Committee (SNAC) allocates resource quotas at these centers to research projects requiring substantial computer time. Our system, the SweGrid Accounting System (SGAS), addresses the need for soft real-time allocation enforcement on SweGrid for cross-domain job submission. The SGAS framework is based on state-of-the-art Web and Grid services technologies. The openness and ubiquity of Web services combined with the fine-grained resource control and cross-organizational security models of Grid services proved to be a perfect match for the SweGrid needs. Extensibility and customizability of policy implementations for the three different parties the system serves (the user, the resource manager, and the allocation authority) are key design goals. Another goal is end-to-end security and single sign-on, to allow resources-selected based on client policies-to act on behalf of the user when negotiating contracts with the bank in an environment where the six centers would continue to use their existing accounting policies and tools. We conclude this paper by showing the feasibility of SGAS, which is currently being deployed at the production sites, using simulations of reservation streams. The reservation streams are shaped using soft computing and policy-based algorithms.
Computational Methods in Science and Technology, 2006
tbd * This work is co-funded by Enabling Grids for E-sciencE (EGEE), a project of the European Co... more tbd * This work is co-funded by Enabling Grids for E-sciencE (EGEE), a project of the European Commission (contract number A Virtual Organisation (VO) comprises a set of individuals and/or institutions having access to computers, software, data, and other resources for collaborative problem-solving or other purposes. Virtual Organisations are a concept that supplies a context for operation of the Grid that can be used to associate users, their requests, and a set of resources. The sharing of resources in a VO is necessarily highly controlled, with resource providers and consumers defining clearly and carefully just what is shared, who is allowed to share, and the conditions under which sharing occurs .
2006 7th IEEE/ACM International Conference on Grid Computing, 2006
Grids are intended to enable cross-organizational interactions which makes Grid security a challe... more Grids are intended to enable cross-organizational interactions which makes Grid security a challenging and nontrivial issue. In Grids, delegation is a key facility that can be used to authenticate and authorize requests on behalf of disconnected users. In current Grid systems there is a tradeoff between flexibility and security in the context of delegation. Applications must choose between limited or full delegation: on one hand, delegating a restricted set of rights reduces exposure to attack but also limits the flexibility/dynamism of the application; on the other hand, delegating all rights provides maximum flexibility but increases exposure. In this paper, we propose an on-demand restricted delegation mechanism, aimed at addressing the shortcomings of current delegation mechanisms by providing restricted delegation in a flexible fashion as needed for Grid applications. This mechanism provides an ontology-based solution for tackling one the most challenging issues in security systems, which is the principle of least privileges. It utilizes a callback mechanism, which allows on-demand provisioning of delegated credentials in addition to observing, screening, and auditing delegated rights at runtime. This mechanism provides support for generating delegation credentials with a very limited and well-defined range of capabilities or policies, where a delegator is able to grant a delegatee a set of restricted and limited rights, implicitly or explicitly.
Lecture Notes in Computer Science, 2006
This contribution presents the design and implementation of a bank service, constituting a key co... more This contribution presents the design and implementation of a bank service, constituting a key component in a recently developed Grid accounting system. The Grid accounting system maintains a Grid-wide view of the resources consumed by members of a virtual organization (VO). The bank is designed as an online service, managing the accounts of VO projects. Each service request is transparently intercepted by the accounting system, which acquires a reservation on a portion of the project's bank account prior to servicing the request. Upon service completion, the account is charged for the consumed resources. We present the overall bank design and technical details of its major components, as well as some illustrative examples of relevant service interactions. The system, which has been implemented using the Globus Toolkit, is based on state-of-the-art Web and Grid services technology and complies with the Open Grid Services Architecture (OGSA).
Proceedings - IEEE/ACM International Workshop on Grid Computing, 2006
This paper presents ongoing research and current results on the development of flexible access co... more This paper presents ongoing research and current results on the development of flexible access control infrastructures for complex resource provisioning in Grid-based collaborative applications and on-demand network services provisioning. We investigate the use of workflow concepts for the required orchestration of multiple Grid resources and/or services across multiple administrative and security domains. In particular, workflow execution and management tools can be used to track security context changes that are dependent on the application domain, execution stage defined policies, or user and/or service attributes. The paper discusses what specific functionality should be added to Grid-oriented authorization frameworks to handle such dynamic service-related security contexts. As an example, the paper explains how such functionality can be achieved in the GAAA Authorization framework (GAAA-AuthZ) and GAAA toolkit. Suggestions are given about integration with the Globus Toolkit's Authorization Framework. Additionally, the paper analyses what possibilities of expressing and handling dynamic security contexts are available in XACML, and describes SAML-compatible AuthZ ticket format for extended AuthZ session management. The paper is based on experiences gained from major Grid based and Grid oriented projects such as EGEE, Phosphorus, NextGrid, Collaboratory.nl and GigaPort Research on Network.
Lecture Notes in Computer Science, 2006
Grids are becoming economically viable and productive tools. They provide a way of utilizing a va... more Grids are becoming economically viable and productive tools. They provide a way of utilizing a vast array of linked resources such as computing systems, databases and services online within Virtual Organizations (VO). However, today's Grid architectures are not capable of supporting dynamic, agile federation across multiple administrative domains and the main barrier, which hinders dynamic federation over short time scales is security. Federating security and trust is one of the most significant architectural issues in Grids. Existing relevant standards and specifications can be used to federate security services, but do not directly address the dynamic extension of business trust relationships into the digital domain. In this paper we describe an experiment which highlights those challenging architectural issues and forms the basis of an approach that combines a dynamic trust federation and a dynamic authorization mechanism for addressing dynamic security trust federation in Grids. The experiment made with the prototype described in this paper is used in the NextGRID 1 project to define the requirements of next generation Grid architectures adapted to business application needs.
Journal of Grid Computing, 2006
Manual management of public key credentials can be a significant and often off-putting obstacle t... more Manual management of public key credentials can be a significant and often off-putting obstacle to Grid use, particularly for casual users. We describe the Portal-based User Registration Service (PURSE), a set of tools for automating user registration, credential creation, and credential management tasks. PURSE provides the system developer with a set of customizable components, suitable for integration with portals, that can be used to address the full lifecycle of Grid credential management. We describe the PURSE design and its use in portals for two systems, the Earth System Grid data access system and the Swegrid computational Grid. In both cases, the user is entirely freed from the need to create or manage public key credentials, thus simplifying the Grid experience and reducing opportunities for error. We argue that this capturing of common use cases in a reusable "solution" can be a model for how Grid ease-of-use can be addressed in other domains as well.
IEEE Network, 2000
ABSTRACT Supervisory control and data acquisition systems are used extensively to control and mon... more ABSTRACT Supervisory control and data acquisition systems are used extensively to control and monitor critical infrastructure including power, gas, oil, and water. To integrate intelligent electronic devices in smart grid infrastructure, the utilities are deploying substation automation systems (SASs) and extensive communication networks, but there is growing concern about SCADA security including substation security. Although there are several solutions utilized to prevent security threats in SCADA networks, existing SCADA networks still have severe shortcomings. In this article, we propose a lightweight and efficient security solution for SASs that provides multilevel multi-factor authentication and attribute-based authorization by deploying public key certificates, and zero-knowledge protocol-based server-aided verification and access control mechanisms using attribute certificates. It can be seen that the proposed approach is efficient and robust.
Future Generation Computer Systems, 2008
This paper summarises ongoing research and recent results on the development of flexible access c... more This paper summarises ongoing research and recent results on the development of flexible access control infrastructure for complex resource provisioning in Grid-based collaborative applications and on-demand network services provisioning. The paper analyses the general access control model for Grid-based applications and discusses what mechanisms can be used for expressing and handling dynamic domain or process/workflowrelated security context. Suggestions are given on what specific functionality should be added to the Grid-oriented authorization frameworks to handle such dynamic security context. As an example, the paper explains how such functionality can be achieved in the GAAA Authorization framework (GAAA-AuthZ) and GAAA toolkit. Additionally, the paper describes AuthZ ticket format for extended AuthZ session management. The paper is based on experiences gained from major Grid-based and Grid-oriented projects such as EGEE, Phosphorus, NextGRID, and GigaPort Research on Network.
Concurrency and Computation: Practice and Experience, 2008
The SweGrid Accounting System (SGAS) allocates capacity in collaborative Grid environments by coo... more The SweGrid Accounting System (SGAS) allocates capacity in collaborative Grid environments by coordinating enforcement of Grid-wide usage limits as a means to offer usage guarantees and prevent overuse. SGAS employs a credit-based allocation model where Grid capacity is granted to projects via Grid-wide quota allowances that can be spent across the Grid resources. The resources collectively enforce these allowances in a soft, real-time manner.
Arxiv preprint physics/ …, 2003
Diana Bosio, James Casey, Akos Frohner, Leanne Guy, Peter Kunszt, Erwin Laure, Sophie Lemaitre, L... more Diana Bosio, James Casey, Akos Frohner, Leanne Guy, Peter Kunszt, Erwin Laure, Sophie Lemaitre, Levi Lucio, Heinz Stockinger, Kurt Stockinger CERN, European Organization for Nuclear Research, CH-1211 Geneva 23, Switzerland William Bell, David Cameron, Gavin ...
3rd annual PKI R&D workshop, Apr 1, 2004
Proxy credentials are commonly used in security systems when one entity wishes to grant to anothe... more Proxy credentials are commonly used in security systems when one entity wishes to grant to another entity some set of its privileges. We have defined and standardized X. 509 Proxy Certificates for the purpose of providing restricted proxying and delegation within a PKI-based authentication system. We present here our motivations for this work coming from our efforts in Grid security, the Proxy Certificate itself, and our experiences in implementation and deployment.
Arxiv preprint cs/ …, 2003
One of the fundamental concepts in Grid computing is the creation of Virtual Organizations (VO's)... more One of the fundamental concepts in Grid computing is the creation of Virtual Organizations (VO's): a set of resource consumers and providers that join forces to solve a common problem. Typical examples of Virtual Organizations include collaborations formed around the Large Hadron Collider (LHC) experiments. To date, Grid computing has been applied on a relatively small scale, linking dozens of users to a dozen resources, and management of these VO's was a largely manual operation. With the advance of large collaboration, linking more than 10000 users with a 1000 sites in 150 counties, a comprehensive, automated management system is required. It should be simple enough not to deter users, while at the same time ensuring local site autonomy. The VO Management Service (VOMS), developed by the EU DataGrid and DataTAG projects[1, 2], is a secured system for managing authorization for users and resources in virtual organizations. It extends the existing Grid Security Infrastructure[3] architecture with embedded VO affiliation assertions that can be independently verified by all VO members and resource providers. Within the EU DataGrid project, Grid services for job submission, file-and database access are being equipped with fine-grained authorization systems that take VO membership into account. These also give resource owners the ability to ensure site security and enforce local access policies. This paper will describe the EU DataGrid security architecture, the VO membership service and the local site enforcement mechanisms Local Centre Authorization Service (LCAS), Local Credential Mapping Service(LCMAPS) and the Java Trust and Authorization Manager. * Corresponding author (CPS), all these CA's mutually trust each other and are trusted by all resources participating in the EDG test-bed.