Home Up Feedback Contents Search

 
Security Disciplines

 

 

 

 

 

Sponsor Links
IBM Virtualization Engine Grid Toolbox for Multiplatforms - ( v. 1.x ) - media
HP/Compaq Proliant BL20p G3 Blade Server
IBM eserver BladeCenter HS20 8832 - Xeon 3.2 GHz
logo_88x31
HP StorageWorks Modular SAN Array 1000, includes one controller and one single-port Fibre Channel I/O Module
Hotwire.com
Intel Server Compute Blade SBXL52 - no CPU
Red Hat Linux Advanced Server
Intel Cluster Math Kernel Library for Linux - ( v. 7.x ) - complete package
Dell Outlet
Intel Blade Server Chassis SBCE - desktop - 7 U
iBook G4
HP Installer Kit for Linux - media
HP StorageWorks Continuous Access EVA - ( v. 1 ) - complete package
HP Fabric Manager Enterprise - ( v. 4.x ) - complete package
IBM Cluster Systems Management Base for Xlinux/EServer - ( v. 1.4 ) - media
HP F500 Cluster for EVA Basic
S/W Integration Kit for HP OpenView NNM SNMP MGMT
HP StorageWorks 300mx MO Jukebox 2 Drives , 291.2 GB
Novanet Microsoft Clusters
HP StorageWorks Magneto-Optical Storage 2200mx , 2.17TB
C4S Overall 468

Security for Virtual Organizations: Federating Trust and Policy Domains
SECTION 1
 Requirements
Grid Society
Example
Challenges
Architecture
Trust Domains
Dynamic Services

SECTION 2
Coming soon

SECTION 3
Coming soon

 << 1 2 3 4 5

 

Excerpt from chapter 21 of Grid 2: Blueprint for a New Computing Infrastructure.


Privacy.

Both a service requester and a service provider must be allowed to define and enforce privacy policies, for instance taking into account personally identifiable information or purpose of invocation. (Privacy policies may be treated as an aspect of authorization policy addressing privacy semantics such as information usage rather than plain information access.)

Confidentiality.

The confidentiality of the underlying communication (transport) mechanism must be protected, as must the confidentiality of the messages or documents that flow over a given transport mechanism. The confidentiality requirement includes point-to-point transport as well as store-and-forward mechanisms.

Message integrity.

 Unauthorized changes made to messages or documents must be detectable by the recipient. The use of message- or document-level integrity checking is determined by policy, which is tied to the offered quality of the service.

Policy exchange.

Service requestors and providers must be allowed to dynamically exchange security (among other) policy information to establish a negotiated security context between them. Such policy information can contain authentication requirements, supported functionality, constraints, privacy rules, and so forth.

Secure logging.

Provisions must be made for security services, facilities for time-stamping, and mechanisms for securely logging any kind of operational information or event. The word securely in this context means reliably and accurately, that is, so that such a collection is neither interruptible nor alterable by adverse agents. Secure logging is the foundation for addressing requirements for notarization, non-repudiation, and auditing.

Assurance.

Means must be provided to qualify the security assurance level expected of a hosting environment. This information may include virus protection, firewall usage for Internet access, and internal virtual private network (VPN) usage (310). Users can consider such information when making a decision about the environment in which to deploy a service.
Manageability. Security management in Grids is needed, for example, in the areas of identity management, policy management, and key management. Security management also includes higher-level requirements such as virus protection and intrusion detection and protection, which are requirements in their own rights but are typically provided as part of security management.

Firewall traversal.

A major barrier to dynamic, cross-domain Grid computing today is the existence of firewalls (179). Although firewalls may provide only limited value within a dynamic Grid environment, they are unlikely to disappear soon. Thus, a Grid security model must take them into account and provide mechanisms for cleanly traversing them—without compromising local control of firewall policy.

As Grid computing continues to evolve to support e-business applications in commercial settings, the requirements and functions discussed in this section will form the foundation for standards-based interoperability not only between real organizations within a VO (intra-VO) but also across organizations belonging in different VOs (inter-VO). On this foundation, applications and infrastructure can be built to establish the trust relationships required for commercial distributed computing, enterprise application integration, and business-to-business partner collaboration over the Internet.
 

<< 1 2 3 4 5
 

iMac
Banner
Special Situations Service
Banner 10000170
 

 

 

Home ] Up ]

Send mail to with questions or comments about this web site.
Copyright © 2005-7 GridSummit.com
Last modified: 10/30/07