Home Up Feedback Contents Search

 
Dynamic Services

 

 

 

Security Disciplines

 

 

Sponsor Links
IBM Virtualization Engine Grid Toolbox for Multiplatforms - ( v. 1.x ) - media
HP/Compaq Proliant BL20p G3 Blade Server
IBM eserver BladeCenter HS20 8832 - Xeon 3.2 GHz
logo_88x31
HP StorageWorks Modular SAN Array 1000, includes one controller and one single-port Fibre Channel I/O Module
Hotwire.com
Intel Server Compute Blade SBXL52 - no CPU
Red Hat Linux Advanced Server
Intel Cluster Math Kernel Library for Linux - ( v. 7.x ) - complete package
Dell Outlet
Intel Blade Server Chassis SBCE - desktop - 7 U
iBook G4
HP Installer Kit for Linux - media
HP StorageWorks Continuous Access EVA - ( v. 1 ) - complete package
HP Fabric Manager Enterprise - ( v. 4.x ) - complete package
IBM Cluster Systems Management Base for Xlinux/EServer - ( v. 1.4 ) - media
HP F500 Cluster for EVA Basic
S/W Integration Kit for HP OpenView NNM SNMP MGMT
HP StorageWorks 300mx MO Jukebox 2 Drives , 291.2 GB
Novanet Microsoft Clusters
HP StorageWorks Magneto-Optical Storage 2200mx , 2.17TB
go_468x60

Security for Virtual Organizations: Federating Trust and Policy Domains
SECTION 1
 Requirements
Grid Society
Example
Challenges
Architecture
Trust Domains
Dynamic Services

SECTION 2
Coming soon

SECTION 3
Coming soon

 << 1 2 3 4 6 >>

 

Excerpt from chapter 21 of Grid 2: Blueprint for a New Computing Infrastructure.


However, in a nontrivial VO such as that described in Section 21.1.2, personal knowledge does not scale in terms of either the size of the VO (there are too many members to be known to each other) or the dynamic nature of the VO (members, resources, and even services join and depart too frequently for knowledge to be maintained). In these situations, delegation mechanisms (303, 371)—mechanisms that allow one entity to assign rights to another—can provide a means for scalable assertion of policy. However, these mechanisms also require some trust anchor, such as the federation service shown in Figure 21.3. In the most general case, trust relationships may need to be established from “first principles,” using techniques such as reputation management (553, 691, 692) to create and monitor trust relationships.

enlarge

Figure 21.3: A virtual organization provides a bridge for a community of resource providers and users who belong to separate policy domains.

21.1.3.3 Dynamic Creation of Services

Over the lifetime of a VO, new services (i.e., resources) may be dynamically created and deployed. For example, a user may establish personal stateful interfaces to existing resources, user jobs will be instantiated as a service to allow for management, or the VO itself may create directory services to keep track of VO participants. Like their static counterparts, these resources must be securely coordinated and interact with other services. To enable this secure interaction and coordination, these services need to be granted rights to allow them to perform actions and establish secure relationships with other entities.

To grant rights to these services, one must be able to identify them. This allows the expression of policy that expresses the services’ rights to perform an action, be a member of a group, and so forth. This leads to the requirement to be able to give dynamic services a unique, assertable identity. Since the user may create these dynamic services, traditional manual means of security administration will not suffice. Identity creation and rights granting must be user driven to allow them to occur in real time.

21.1.3.4 Security Disciplines

In order to address the high-level security requirements, a comprehensive Grid security model must leverage diverse security disciplines (280).

Authentication.

To enable interoperability, we must provide plug points for multiple authentication mechanisms and the means for conveying the specific mechanism used in the authentication operation. The authentication mechanism may be a customized approach or an industry-standard technology. The plug point must be agnostic to any specific authentication technology.

Delegation.

The establishment of dynamic trust domains requires facilities to allow for delegation (303, 371, 500) of access rights from requestors to services, as well as for delegation policies to be specified. In delegating authority from one entity to another, care should be taken that the authority transferred through delegation is scoped only to the task(s) intended to be performed (as in a least-privilege model (571)) and within a limited lifetime, to minimize the misuse of delegated authority.

Single sign-on.

Participants in a Grid environment often need to coordinate multiple resources to accomplish a single task. Having to manually perform an authentication process (e.g., typing in a pass phrase) for each authentication operation is overly burdensome. Security mechanisms must ensure that an entity, having successfully completed the act of authentication once, need not re-authenticate upon subsequent access to Grid resources within some reasonable period of time. Such a mechanism must also take into account that a request may span security domains and hence should factor in federation between authentication domains and mapping of identities. This requirement is important from two perspectives:

  • It places a secondary requirement on a Grid implementation to be able to delegate an entity’s rights, subject to policy (e.g., credential lifespan, restrictions placed by the entity).

  • If the credential material is delegated to intermediaries, it may be augmented to indicate the identity of the intermediaries, subject to policy.

Credential life span and renewal.

To limit the risk of compromise in delegation and single log-on, credentials need to be scoped to a reasonable lifetime. It may not always be possible to predict accurately the lifetime required for a particular task, and in many cases a task initiated by a user may take longer than the life span of the user’s initially delegated credential. In those cases, the user needs to be notified before the credentials expire or needs to refresh those credentials so that the task can be completed.

Authorization.

Access to Grid services must be controlled based on authorization policies (i.e., who can access a service, under what conditions) attached to each service. In addition to the standard model of policies being specified by the resource owner, policies will come from sources such as the requestor’s VO and home organization. Requestors may also specify invocation policies on their requests (i.e., who does the client trust to provide the requested service). Authorization should accommodate various access control models and implementations.
Privacy. Both a service requester and a service provider must be allowed to define and enforce privacy policies, for instance taking into account personally identifiable information or purpose of invocation. (Privacy policies may be treated as an aspect of authorization policy addressing privacy semantics such as information usage rather than plain information access.)

<< 1 2 3 4 6 >>
 

AntiSpyware_120x90
FreeShip_120X90
50% Banner Ads White 120x90
iPod New
 

 

 

Home ] Up ] Security Disciplines ]

Send mail to with questions or comments about this web site.
Copyright © 2005-7 GridSummit.com
Last modified: 10/30/07