100 likes | 206 Vues
Application of Policy at Fermilab. Stu Fuess Fermilab / CD / CCF 14 Sep 2005 MWSG Meeting. This presentation is from the point of view of an administrator, new to the grid community I’m here to listen and learn Will gladly take questions back to experts It’s a site / resource provider view
E N D
Application of Policyat Fermilab Stu Fuess Fermilab / CD / CCF 14 Sep 2005 MWSG Meeting
This presentation is from the point of view of an administrator, new to the grid community I’m here to listen and learn Will gladly take questions back to experts It’s a site / resource provider view Particular interest in security Will talk about two things SAZ (Site Authorization) As implemented at Fermilab PPT (Policy, Publication, Trust) An embryonic OSG activity In the standard model of authorization policy application… Introduction
Organizational role • Group of unique names • Key Material Authorization context • User Policy comes from many stakeholders • Other • VO • Stakeholders • Delegation • User • Policy • Resource • Attributes • VO • Authorization Policy • Policy • Process acting • on user’s behalf • Architecture • Policy • Enforcement • Standardize • Point • Delegation Policy • Server • Resource • PKI • Attributes • Site • Local Site • Identity • Policy • Kerberos • Policy and • Identity • Allow or • Deny • attributes. • PKI/Kerberos • Identity • Translation • Service • Site/ • Authorization • Resource Graphics from Globus Alliance& GGF OGSA-WG • Service/ • Owner • PDP Slide lifted from D. Groep
VOMS OSG privilege scenario voms-proxy-init Submission site User VOs Execution site site GUMSServer Gatekeeper PRIMA
VOMS OSG privilege scenario voms-proxy-init Submission site User VOs Execution site site GUMSServer Gatekeeper PRIMA site SAZServer PRIMA
SAZ is a service utilizing the authorization callout from the Globus Gatekeeper via a PRIMA interface Providing a separate authorization service Verifies certificate, CA, VO, and user SAZ has been a specific exercise in FermiGrid which introduced a “white list” check of certificate Performing Certificate Revocation List (CRL) function Used to also generate usage / auditing list SAZ experience Found to be “high maintenance” Lots of effort to update “white list” Moving to “black list” model Evaluating code change, don’t anticipate large effort Looking to make SAZ invocation a mainstream process SAZ: Site Authorization
If you make security decisions on a limited number of policy attributes, then in effect you operate as “default allow” with respect to other attributes “Default allow” is a fundamentally different mode of operation than “default deny” Requires technical mitigations to limit vulnerabilities Introduces need for strong reactive component of security Requires agility and flexibility in response to unforeseen circumstances Which may well be external policy changes Believe it necessary to add functionality to allow this mode The PPT activity Site security perspective
It’s the standard authorization model containing policy components from VO, site, and elsewhere: (GGF / EGEE diagram) And now working “bottom up” from the site This is the current principal exercise: understanding site requirements Site requirements may demand more info than the VO supplies! The “trickle down” policy mode may be insufficient Flexibility to make decisions beyond the certificate level e.g. Constraints may be imposed by funding agencies PPT: Policy, Publication, and Trust
Expanding the policy model… The “Publication” part – how do the site/resource provider needs “flow back up”? Not yet… but can think of ways Feedback loops Try again, but this time add information on “this” Matrix of policy queries Tell me “this” How does this get to the human info providers? The “Trust” part – how can a site / resource provider verify that VO supplied information is correct? Want to align PPT with similar efforts It looks like there is a lot “out there”; is there a desire to collaborate? PPT: Policy, Publication, and Trust
We have a strong motivation to increase efforts in implementing policy mechanisms Site security concerns will remain overwhelming factor Experience / “gut feeling” is that current model may not allow sufficient flexibility / responsiveness This is a new environment, receiving much scrutiny Want to use effort as an opportunity to adopt, build upon, align with, supplement, improve, and contribute to community effort Comments welcome: fuess@fnal.gov Conclusion