1. Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against attacks - service denial attack - spoofing attack - password sniffing - password sniffing - change of data in transit - change of data in transit

2. Concerns for GeoNet’s Security Infrastructure Authentication: Authentication: – Providing proof of identity (login, password, certificate) Authorization Authorization – Allowing or prohibiting access to protected resources based on the role of the user (validator, administrator, or general user) Integrity Integrity – Ensuring integrity of messages during transfer over the internet Audit logs Audit logs – Tracking important activities by the users

3. User Internet Portal Grid Services Server Certificate Authority (CA) Internet Firewall Login Service Authentication User Authentication Authentication, Role based Authorization Trust Message Level Security TLS The user logs in via a Transport Layer Security connection. The user name and password are encrypted. The internet portal invokes grid services. A message sent to a grid service is signed by a certificate from the Certificate Authority (the portal trusts the CA). The grid services center authorizes a message based on its associated certificate (the grid service center trusts the CA). The firewall provides additional security by adding requirements that can filter messages to the server Scenario