1 / 16

Grid Security: Present and Future

Grid Security: Present and Future. Alan Robiette, JISC Development Group <a.robiette@jisc.ac.uk>. Overview. Existing Grid security model The Grid Security Infrastructure (GSI) Web services and security models for web services (WS-Security)

miranda-roach
Télécharger la présentation

Grid Security: Present and Future

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Grid Security: Present and Future Alan Robiette, JISC Development Group <a.robiette@jisc.ac.uk>

  2. Overview • Existing Grid security model • The Grid Security Infrastructure (GSI) • Web services and security models for web services (WS-Security) • Security architecture for the Open Grid Services Architecture (OGSA) • References for further reading Grid Security Workshop

  3. The Grid today • Globus Toolkit v2 – Grid Security Infrastructure (GSI) • Two core concepts • X.509 digital certificates used as identity credentials • Short-lived “proxy certificates” used to delegate identity temporarily to other processes • Standard tools (e.g. GridFTP) modified for authentication via certificates Grid Security Workshop

  4. Authorisation • Authentication (knowing who you are dealing with) is reasonably secure in Globus v2 • Authorisation (managing access to resources on the basis of an individual’s attributes or role) is a much more open question • Available solutions are immature, or not well tested in practical circumstances Grid Security Workshop

  5. Web services • The concept of web services is a hot topic in commercial circles • Web services are self-describing services which can interact in a machine-to-machine mode, with little or no human intervention • Intended to improve the efficiency of business-to-business processes • Common verbs: publish, locate, bind Grid Security Workshop

  6. Web services diagram Grid Security Workshop

  7. Implementation • Most commonly implemented using XML • Service descriptions written is WSDL (Web Services Description Language) • Services communicate via messages expressed in SOAP (Simple Object Access Protocol) • All over http and Port 80 … • Security for Web services is a question of securing SOAP message exchanges Grid Security Workshop

  8. WS-Security • First roadmaps and draft specifications published April 2002 by IBM, Microsoft and Verisign • Standardisation activity now transferred to the OASIS-Open consortium • http://www.oasis-open.org/committees/wss/ • Very complex model (next slide) Grid Security Workshop

  9. WS-Security model Grid Security Workshop

  10. Open Grid services • OGSA (Open Grid Services Architecture) is billed as the future of the Grid • Builds on web services concept but extends it significantly • E.g. Grid processes typically may need to invoke transient services • Concept of “service factory” Grid Security Workshop

  11. OGSA security • Correspondingly builds on web services security • But requires significant extensions to cope with the virtual organisation problem • Unlike the relatively homogenous approach of GSI, OGSA security envisages translation and mapping of security parameters (e.g. credentials) between different domains Grid Security Workshop

  12. OGSA security services Grid Security Workshop

  13. Another view Grid Security Workshop

  14. Conclusions • Globus/GSI today is fairly stable, with authorisation the main outstanding problem • WS-Security will get there in time • Though implementations may vary in how complete they are • OGSA Security (Globus v3) is an ambitious target • And there is a good way still to go! Grid Security Workshop

  15. References • Globus version 2 and GSI • http://www.globus.org/security/ • http://www.gridforum.org/2_SEC/GSI.htm • Web services and WS-Security • http://www.w3.org/2002/ws/ • http://www.oasis-open.org/committees/wss/ • OGSA security • http://www.globus.org/ogsa/security/ • http://www.gridforum.org/2_SEC/ogsa-sec.htm Grid Security Workshop

  16. Questions?

More Related