Presentation on theme: "Supporting further and higher education Grid Security: Present and Future Alan Robiette, JISC Development Group."— Presentation transcript:
Supporting further and higher education Grid Security: Present and Future Alan Robiette, JISC Development Group
5 Dec 2002Grid Security Workshop2 Overview Existing Grid security model The Grid Security Infrastructure (GSI) Web services and security models for web services (WS-Security) Security architecture for the Open Grid Services Architecture (OGSA) References for further reading
5 Dec 2002Grid Security Workshop3 The Grid today Globus Toolkit v2 – Grid Security Infrastructure (GSI) Two core concepts X.509 digital certificates used as identity credentials Short-lived proxy certificates used to delegate identity temporarily to other processes Standard tools (e.g. GridFTP) modified for authentication via certificates
5 Dec 2002Grid Security Workshop4 Authorisation Authentication (knowing who you are dealing with) is reasonably secure in Globus v2 Authorisation (managing access to resources on the basis of an individuals attributes or role) is a much more open question Available solutions are immature, or not well tested in practical circumstances
5 Dec 2002Grid Security Workshop5 Web services The concept of web services is a hot topic in commercial circles Web services are self-describing services which can interact in a machine-to-machine mode, with little or no human intervention Intended to improve the efficiency of business-to-business processes Common verbs: publish, locate, bind
5 Dec 2002Grid Security Workshop6 Web services diagram
5 Dec 2002Grid Security Workshop7 Implementation Most commonly implemented using XML Service descriptions written is WSDL (Web Services Description Language) Services communicate via messages expressed in SOAP (Simple Object Access Protocol) All over http and Port 80 … Security for Web services is a question of securing SOAP message exchanges
5 Dec 2002Grid Security Workshop8 WS-Security First roadmaps and draft specifications published April 2002 by IBM, Microsoft and Verisign Standardisation activity now transferred to the OASIS-Open consortium http://www.oasis-open.org/committees/wss/ Very complex model (next slide)
5 Dec 2002Grid Security Workshop9 WS-Security model
5 Dec 2002Grid Security Workshop10 Open Grid services OGSA (Open Grid Services Architecture) is billed as the future of the Grid Builds on web services concept but extends it significantly E.g. Grid processes typically may need to invoke transient services Concept of service factory
5 Dec 2002Grid Security Workshop11 OGSA security Correspondingly builds on web services security But requires significant extensions to cope with the virtual organisation problem Unlike the relatively homogenous approach of GSI, OGSA security envisages translation and mapping of security parameters (e.g. credentials) between different domains
5 Dec 2002Grid Security Workshop12 OGSA security services
5 Dec 2002Grid Security Workshop13 Another view
5 Dec 2002Grid Security Workshop14 Conclusions Globus/GSI today is fairly stable, with authorisation the main outstanding problem WS-Security will get there in time Though implementations may vary in how complete they are OGSA Security (Globus v3) is an ambitious target And there is a good way still to go!
5 Dec 2002Grid Security Workshop15 References Globus version 2 and GSI –http://www.globus.org/security/ –http://www.gridforum.org/2_SEC/GSI.htm Web services and WS-Security –http://www.w3.org/2002/ws/ –http://www.oasis-open.org/committees/wss/ OGSA security –http://www.globus.org/ogsa/security/ –http://www.gridforum.org/2_SEC/ogsa-sec.htm
Supporting further and higher education Questions?
Your consent to our cookies if you continue to use this website.