1. Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group

2. 4 Dec 2002Managing Access to Grid Resources2 Overview What is Akenti? What are its key design goals? How does it achieve these? Who uses it? How can it be deployed in Grid contexts? References for further reading

3. 4 Dec 2002Managing Access to Grid Resources3 Origins of Akenti Developed at Lawrence Berkeley National Laboratory Designed to address complex authorisation problems involving multiple administrative domains and multiple stakeholders Assumes a public-key environment (identity certs, digital signatures etc.) First announced in 1998, considerably enhanced since that time

4. 4 Dec 2002Managing Access to Grid Resources4 Goals of Akenti (1) To reflect accurately the access control policies (authority, and authority delegation) present in real environments To achieve the same level of expressiveness of access control as a human controller would be able to do

5. 4 Dec 2002Managing Access to Grid Resources5 Goals of Akenti (2) At a more detailed level, Akenti aims to Allow each stakeholder to impose its access control requirements independently of other stakeholders Provide for changes in stakeholder requirements to take immediate effect Support high standards of integrity and non-repudiation in the expression and enforcement of access control requirements

6. 4 Dec 2002Managing Access to Grid Resources6 How does Akenti work? Akenti is based on digitally signed assertions (of 4 types) Authentication is via standard X.509 identity certificates Authorisation involves three types of signed certificate defined in Akenti –Policy certificates –User attribute certificates –Resource use-condition certificates –[N.B. The latter 3 types are formulated in XML, not X.509 format]

7. 4 Dec 2002Managing Access to Grid Resources7 High level diagram

8. 4 Dec 2002Managing Access to Grid Resources8 Policy certificates One per resource But resources can be hierarchical (useful for tree-structured file systems) Contain Name of resource List of trusted CAs Names of stakeholders (or groups) Optional list of attribute cert locations Signed by a stakeholder (i.e. effectively self-signed, must be stored securely)

9. 4 Dec 2002Managing Access to Grid Resources9 Use-condition certificates Apply to resources Each stakeholder must supply at least one use-condition cert These contain Conditions – Boolean expressions defining user attributes needed Signing authority for the attribute certs to be matched against these conditions Rights – list of possible actions applying to the resource

10. 4 Dec 2002Managing Access to Grid Resources10 Example conditions Components of user’s identity certificate e.g. CN=, O=, OU= etc. Additional parameters defined in policy cert and contained in user attribute certs e.g. role or group membership Environmental parameters e.g. time of day, system load

11. 4 Dec 2002Managing Access to Grid Resources11 User attribute certificates These contain The identity of the user to whom the attribute cert applies (and the name of the issuer of this identity) An attribute-value pair defining the attribute which this certificate expresses A digital signature by the person or authority who asserts that the subject of the certificate possesses the defined attribute

12. 4 Dec 2002Managing Access to Grid Resources12 Akenti in use The user request access to the resource and is first authenticated Then The resource gateway contacts Akenti Akenti locates the policy certificate Akenti collects the resource’s use- condition certs and the user’s attribute certs (possibly from multiple locations) The Akenti policy engine makes the access control decision

13. 4 Dec 2002Managing Access to Grid Resources13 High level diagram

14. 4 Dec 2002Managing Access to Grid Resources14 Usage scenarios The Akenti service can be invoked as a function call by a gatekeeper program e.g. it has been interfaced to the Globus job submission process Or, in a web context, access control can be effected via an Apache module mod_Akenti, freely available

15. 4 Dec 2002Managing Access to Grid Resources15 Administrative tools The Akenti distribution includes graphical user interface tools to create Policy certificates Resource use-condition certificates User attribute certificates Once created and stored, a web interface allows stakeholders to review the access control scheme

16. 4 Dec 2002Managing Access to Grid Resources16 Deployment To date most production use has been in US Department of Energy projects Akenti has been extensively used by the US DoE Combustion Collaboratory It is now being deployed in the US National Fusion Grid (http://www.fusiongrid.org)

17. 4 Dec 2002Managing Access to Grid Resources17 UK activity Two JISC projects funded to gain knowledge and experience of Akenti Manchester Computing + ESNW – use of Akenti to manage access to web-based resources University of Salford – architectural comparison of Akenti and Permis A further study (Univ of Warwick) will also be benchmarked against Akenti

18. 4 Dec 2002Managing Access to Grid Resources18 Conclusions Akenti is a comparatively mature and sophisticated authorisation scheme, with Considerable flexibility in access control policies and parameters Implementation hooks for both Globus and web environments A very useful looking toolset A possible reservation is that its own “certificates” are not standards-based

19. 4 Dec 2002Managing Access to Grid Resources19 References Akenti home page http://www-itg.lbl.gov/Akenti/ Links from here to project description, documentation, download page etc. Akenti papers and presentations http://www-itg.lbl.gov/Akenti/papers.html For a good overview, see in the above publications list “Authorisation Policy in a PKI Environment” [from Proceedings of the 1 st Annual NIST Workshop on PKI, Gaithersburg, April 2002]

20. Supporting further and higher education Questions?