Grid Authorization Landscape and Futures Von Welch NCSA

Slides:

Advertisements

Similar presentations

GT 4 Security Goals & Plans Sam Meder

Advertisements

NRL Security Architecture: A Web Services-Based Solution

Security Standards (…and Competing Standards … and Implementations … and Interoperability) Marty Humphrey Assistant Professor Computer Science Department.

GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Grid Security. Typical Grid Scenario Users Resources.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Authz work in GGF David Chadwick

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

Security Issues in Physics Grid Computing Ian Stokes-Rees OeSC Security Working Group 14 June 2005.

June 30th, 2005EuroPKI2005 “Towards a Unified Authentication and Authorization Infrastructure for Grid Services: Implementing an Enhanced OCSP Service.

EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.

GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch

Authorization Infrastructure, a Standards View Hal Lockhart OASIS.

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

OGSA SEC WG [OGSA= Open Grid Services Architecture] Co-chairs: Nataraj Nagaratnam, IBM, USA Marty Humphrey University of Virginia, USA GGF9.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

1 Grid Security. 2 Grid Security Concerns Control access to shared services –Address autonomous management, e.g., different policy in different work groups.

SAML support in VOMS Valerio Venturi EGEE JRA1 AH Meeting, Amsterdam 20/23 February 2008.

17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.

Andrew McNab - GGF Authz - 16 Dec 2003 GGF Authorization work Andrew McNab, University of Manchester

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Navigating the Standards Landscape Andrew Owen SEARCH.

Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.

1 Globus Toolkit Security Rachana Ananthakrishnan Frank Siebenlist Argonne National Laboratory.

SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

Interoperability in OMII – Europe (using the new standard compliant SAML-based VOMS to handle attribute-based authz.) Morris Riedel (FZJ), Valerio Venturi.

Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.

Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.

OGSA Security Roadmap Discussion GGF5 – 7/24/02. Outline l Introduction l Architecture Goal l Roadmap Goal l Proposed Specs l Challenges l Next Steps.

Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.

Andrew McNab - GridSite/EDG/GGF - 29 Sept 2003 GridSite, EDG and GGF Andrew McNab, University of Manchester

CHEP03 Mar 25Mary Thompson Fine-grained Authorization for Job and Resource Management using Akenti and Globus Mary Thompson LBL,Kate Keahey ANL, Sam Lang.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

Supporting education and research Security and Authentication for the Grid Alan Robiette, JISC Development Group.

Grid Security: The Globus Perspective Frank Siebenlist (ANL) Von Welch (NCSA) GlobusWORLD Copyright (c) 2002 University of.

Policy Resolution and Enforcement of Privileges in a Grid Authorization System Based on Job Properties Sang-Min Park, Glenn Wasson, and Marty Humphrey.

GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.

Grid Security: What is it? Where is it going? Why? Von Welch National Center for Supercomputing Applications Globus Alliance.

OSG AuthZ components Dane Skow Gabriele Carcassi.

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

Rights Management in Globus Data Services Ann Chervenak, ISI/USC Bill Allcock, ANL/UC.

X.509 Proxy Certificates for Dynamic Delegation Ian Foster, Jarek Gawor, Carl Kesselman, Sam Meder, Olle Mulmo, Laura Perlman, Frank Siebenlist, Steven.

Andrew McNabGESA/Authz, GGF9, 7 Oct 2003Slide 1 Authorization status Andrew McNab High Energy Physics University of Manchester

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

Policy Management for OGSA Applications as Grid Services Lavanya Ramakrishnan.

Supporting education and research The JISC Core Middleware Call Brian Gilmore The University of Edinburgh and JISC Committee for Support of Research.

Ákos FROHNER – DataGrid Security n° 1 Security Group TODO

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

DataGrid Security Wrapup Linda Cornwall 4 th March 2004.

1 Globus Toolkit Security Java Components Rachana Ananthakrishnan Frank Siebenlist.

INFSO-RI Enabling Grids for E-sciencE GUMS vs. LCMAPS Oscar Koeroo.

© 2008 Open Grid Forum PGI - Information Security in the UNICORE Grid Middleware Morris Riedel (FZJ – Jülich Supercomputing Centre & DEISA) PGI Co-Chair.

A gLite Authorization Framework

University of Virginia, USA GGF9, Chicago, Illinois, US

Update on EDG Security (VOMS)

Liang Fang, Dennis Gannon Indiana University Frank Siebenlist

Grid Security: What is it? Where is it going? Why?

A Grid Authorization Model for Science Gateways

The JISC Core Middleware Call

Presentation transcript:

Grid Authorization Landscape and Futures Von Welch NCSA

Outline l Grid Authorization Goals u Where would we like to be… l Current Grid Authorization u Where we are… l Future Grid Authorization u How are we going to start getting there…

Grid Authorization “Flow” VO User Process Resource Delegate

Ultimate Goal is Arbitrary Flows

Without Common Infrastructure Policy DB

Current State of Grid Authz VO User Process Enforcement Delegate

Current Resource Owner to VO l Resource owner trusts an attribute authority run by the VO u E.g. VOMS, CAS l Trust instantiated through key pair user by the attribute authority l Trust may be scoped u More in enforcement…

VO to User l VO Attribute authority issues assertions to users l Attributes are limited by ability of enforcement system to understand them l Today mostly group/role (VOMS) l Some capabilities-based systems emerging (PRIMA, VOMS, CAS)

User to Process l User may delegate rights to processes to allow them to run on their behalf u X.509 Proxy Certificates l Again granularity of delegation limited by ability of enforcement system to understand l Today mostly all or nothing l Some basic limitations u E.g. Allowed to run job?

Resource Enforcement l All of the ability to do delegation comes down to here, where it must be understood l Vanilla GT understands simple delegation (all/nothing/job run), no attributes l Modifications have emerged u VOMS has attribute capabilities for GRAM u CAS in GridFTP with file capabilities l Modifications are painful as must be made to each application and protocol

Resource Enforcement l Some richly features authorization decision systems exist in Grid community u Akenti, PERMIS u Many other in the world l How do we tie these into GT? u Painful process of defining enforcement points, interfaces

GT2 Authz Callouts l Extensions to GT2 to allow basic and GRAM authz callouts (dynamic libraries) l Basic just allows for user, service u Doesn’t understand application - no operation u Good for user-based ACLs, revocation, etc. l GRAM has user, operation (RSL), service, job state u Application-specific changes l Success in initial deployments u Enough to show the track looks promising

Future of Grid Authz

l How does OGSA help? l How do we get big, smart enforcement systems? u Can do any policy or delegation the enforcement system understands it

How does OGSA help? l SOAP-based protocols allow for carrying of credentials outside of application protocol u Solves protocol problem of how to pass assertions around generically u Don’t need to hack every application protocol

How does OGSA help? l Web services define common scheme for service interface (WSDL) u Well-defined name for the service u Well-defined names for the operations l And arguments l Allows a policy to talk about “Operation X on service Y” without knowing anything about the service

OGSA Service Authz l This, combined with hosting environment programming model, allows application- agnostic authorization separate from application u Hosting environment can peel off credentials and determine request and outsource authorization l Now possible to write one authz service that understand whatever credentials and policy is needed for a resource

Hosting Environment OGSA Service Authorization Application Logic Service S1 User U1 Request O2() Can U1 envoke O2 On S1? Yes No, Reject

OGSA-Authz l Standard protocol being worked on in GGF by OGSA-Authz working group u Allow for any authz service and resource to talk u As well as standards for attributes so authz service can understand attributes of requestor l Still to be seen how much policy is total application agnostic and can be expressed on user/service/operation

What about WS Security Standards? l WS-Security OASIS TC u Profiles for carrying credentials in SOAP u In looks close to being done u 36 companies have agreed how to send username and password over the wire…

WS Security - SAML l SAML u Attribute assertions look fairly stable u In use (Internet2 and others) u Future of authorization is up in the air, may be subsumed by…

WS Security (cont) l XACML u Good basic language for expressing rights u But, no way to express right to delegate l Can give rights to VO but doesn’t allow VO to delegate rights to user nor user to process u Defines start at a authz protocol, will finish?

WS Security Current/proposed WSS-specs proposed SOAP Foundation WS-Security WS-PolicyWS-TrustWS-Privacy WS-SecureConversationWS-Authorization In progress promised WS-Federation

WS Security (confusing picture) proposed SOAP Foundation WS-Security WS-Privacy WS-SecureConversation WS-Federation WS-Authorization In progress promised SAML Liberty Alliance WS-Trust WS-Policy-* XACML standardized XrML

Questions l Where does privacy fit in Grid authorization? u Do science grids care? l Multiple credentials? u When will we need them? l How does one do least privilege delegation with late-binding jobs? u If we leave it up the users, I think we’re in trouble

More Questions l More features tends to lead to more complexity, which leads to errors. Where to stop? u Probably not close yet l How fine grained does authorization need to be? u What information is useful? Arguments, application state, user creds u How to pass this around reasonably? (Might be huge) l How do you authorize “Give me all the database rows I have access to” when authorization is outsourced?