Presentation is loading. Please wait.

Presentation is loading. Please wait.

GT 3 Security Features Sam Meder. Assumptions l Familiarity with PKI concepts u Certificates (CA, EEC, Proxy) u Delegation l Some knowledge of Web Services.

Similar presentations

Presentation on theme: "GT 3 Security Features Sam Meder. Assumptions l Familiarity with PKI concepts u Certificates (CA, EEC, Proxy) u Delegation l Some knowledge of Web Services."— Presentation transcript:

1 GT 3 Security Features Sam Meder

2 Assumptions l Familiarity with PKI concepts u Certificates (CA, EEC, Proxy) u Delegation l Some knowledge of Web Services Security Standards: u WS-Security u XML-Signature u XML-Encryption l Some knowledge of GSSAPI

3 GT Security Overview l GT 3.0 Authentication Mechanisms u X509/SSL/GSSAPI based (GSI Secure Conversation) u X509/public key based (GSI Secure Message) l GT 3.0 Authorization Mechanisms u Gridmap u Host u Self u None

4 WS Background l Most security work is done in JAX-RPC/Axis Handlers Hosting Environment/Container Outgoing Handler Incoming Handler Outgoing Handler Incoming Handler Pivot Handler Service

5 Server Side Implementation Server Hosting Environment Client WS-Security Handler Sec Conv Msg Handler JAAS Security Policy Handler Service Authorization Handler SecConv Service Sec Msg Handler

6 Server Side Implementation Continued l Handlers, Handlers, Handlers u WS-Security Handler l Decrypts/verifies signature on incoming messages l Populates the JAAS Peer Subject u Security Policy Handler l Checks that the security meets the requirements specified in the security deployment descriptor u Authentication Policy Handler l Sets the invocation (JAAS) subject as specified by the run-as policy in the security deployment descriptor u Run As Handler

7 Server Side Implementation Continued l Even more handlers u Authorization Handler l Authorizes incoming messages – more later u Credential Refresh Handler l Refreshes credential in invocation subject based on delegated credential u Authentication Service Handler l Redirects messages to Secure Conversation Service u Secure Message Handler (aka X509 Sign Handler) l Signs GSI Secure Message secured communications

8 Server Side Implementation Continued l Only one more I promise u Secure Conversation Message Handler (aka GSS Handler) l Signs and encrypts GSI Secure Conversation secured communication l Other pieces: u Context Manager l Keeps track of established contexts l Destroy contexts on expiration

9 Server Side Programming l Declarative Model: u Security properties (for incoming communication) are specified in a deployment descriptor u Wrapper handler(s) reads descriptor and populate security parameters u Handlers act on security parameters u Generally requires no explicit security calls by service implementer

10 Client Hosting Environment Client Service Sec Conv Service Handler SecCon v Service SecConv Message Handler Sec Msg Handler WS-Sec Client Handler Server Hosting Environment Client Side Implementation

11 Client Side Implementation Continued l Clients Side Handlers u Secure Conversation Service Handler l Establishes new Secure Conversation context if needed u Secure Message Handler u Secure Conversation Message Handler u WS-Security (Client) Handler l Above three are equivalent/same as server side handlers u Client side Authorization l Handled by the Secure Conversation Service and the WS-Security Client Handler l Host authorization by default

12 Client Side Programming l Clients need to set security properties explicitly – programmatic model u Server/Service acting as client l Handlers pick up security properties and act accordingly

13 JAAS l Java Authentication & Authorization Service l Currently (3.0) only used for managing/storing credentials u JAAS Subject object l Authorization checks l Outgoing Connections l Different Subject Types: u System u Container u Peer l Invocation Subject

14 GRIM (Grid Resource Identity Mapper) l Allows GT3 components to run without special privileges l Setuid to user with access to (host) credentials u Reads credentials u Creates GRIM Proxy from credentials and configuration information

15 GRIM Proxy l Proxy contains a GRIM Policy l GRIM Policy currently (3.0) consists of u List of authorized porttypes u List of authorized DNs l GRIM Policy in 3.x will change to u Always list GRAM porttype l Backwards compatibility l No other porttypes will ever be listed u List of authorized DNs

16 GRIM Wish List l Make GRIM produce independent proxy l Proxy should contain non-critical extension l Extension should contain SAML assertion on allowed DNs l Does not require special handling of proxy in cases where you don’t care about the extension

17 Authorization – Cooking your own l Replace the Authorization Handler u Check out the current one u Write your own u Build/Compile it u Replace existing handler in server- config.wsdd and make sure that handler is available in your CLASSPATH

18 public class AuthorizationHandler extends BasicHandler {... public void invoke(MessageContext messageContext) throws AxisFault { Subject subject = (Subject) messageContext.getProperty(Constants.PEER_SUBJECT); ServiceProperties props = DescriptorHandler.getService(messageContext); ServiceAuthorization auth = null; String tmp = (String)props.getProperty(Authorization.AUTHORIZATION); if (tmp == null) { auth = DefaultAuthorization.getInstance(); } else if (tmp.equalsIgnoreCase("none")) { auth = NoAuthorization.getInstance(); } else if (tmp.equalsIgnoreCase("self")) { auth = SelfAuthorization.getInstance(); } else if (tmp.equalsIgnoreCase("gridmap")) { auth = GridMapAuthorization.getInstance(); } else { Exception e = new AuthorizationException( i18n.getMessage("badAuthMethod", new Object[] {tmp})); throw AxisFault.makeFault(e); } try { auth.authorize(subject, props, messageContext); } catch (AuthorizationException e) { throw AxisFault.makeFault(e); }

19 server-config.wsdd … … … … … …

20 GSI Secure Conversation l Based on GSSAPI, WS-Security, XML-Signature and XML-Encryption l Session based l Support for delegation u Automatic refresh of delegated proxy on re- delegation l Uses our SSL based GSSAPI mechanism u Protocol is driven by gss_init/accept_sec_context u get_mic/verify_mic and wrap/unwrap

21 Secure Conversation PortType

22 Secure Conversation Messages

23 Secure Conversation Messages Continued

24 Secure Conversation Messages Continued

25 Secure Conversation Messages Recap l Context establishment messages contain: u Base 64 encoded GSS token u Context Identifier u Continue Needed indicator u Mechanism OID – initial message only

26 GSI Secure Conversation & XML-Encryption 00000000-7562-527e-00000000-0000322d926f FwMAAQ………….kwn55YyoSCw92ILu

27 GSI Secure Conversation & XML-Signature CGnV0ogSVvsS+dpABEJI2+hs4o4= AAAAAAAAAAEAAALI9CswCadOGScGWbGsrSkAD6PcyS0= 00000000-5680-d374-00000000-00001223536a

28 Performance l Needs to be improved u Currently about 10x slower than insecure u Initialization is very slow l Apache XML security libraries add large overhead (3x/message processed) l JSR 105/106 are moving along u Apache will adopt u We don’t want to make major changes now l Concentrate on low cost high impact improvements l Move some interactions to Secure Message u Fewer roundtrips

29 New Secure Conversation Features (3.x) l Support for anonymous authentication l Support for specifying context lifetime l Some performance improvements

30 GSI Secure Message l Supports integrity protection with X509 certificates u Support for proxy certificates l Can be combined with GSI Secure Conversation l Not fully featured u No replay attack prevention u No encryption support l Missing features slated for 3.x

31 GSI Secure Message Example 3glkeh6.....wvZFY1waVEKaQ== v8iQBeaSs9/XZNEyWb00z/23nuE= IFQS5..........12mCw==

32 Username/Password l Not clear which release this will show up in l Potential mechanisms: u WS-Security Username/Password token l Should be used in combination with anonymous Secure Conversation u More advanced/secure Username/Password schemes - AuthA

33 The AuthA Protocol l Client has password l Server has u secret = f(servername|username|password) u f is a secure one way function l Client & Server created Session Key using a encrypted Diffie-Hellman exchange l Client & Server authenticate each other l Security Proof Exists l Details at contributions/autha.pdf

34 Discussion l WS-Resource Impact l One time passwords l Smart Card support l Kerberos l Other authentication mechanisms? l …

Download ppt "GT 3 Security Features Sam Meder. Assumptions l Familiarity with PKI concepts u Certificates (CA, EEC, Proxy) u Delegation l Some knowledge of Web Services."

Similar presentations

Ads by Google