Home Up Feedback Contents Search

 
Secure Services

 

 

 

 

 

Sponsor Links
IBM Virtualization Engine Grid Toolbox for Multiplatforms - ( v. 1.x ) - media
HP/Compaq Proliant BL20p G3 Blade Server
IBM eserver BladeCenter HS20 8832 - Xeon 3.2 GHz
logo_88x31
HP StorageWorks Modular SAN Array 1000, includes one controller and one single-port Fibre Channel I/O Module
Hotwire.com
Intel Server Compute Blade SBXL52 - no CPU
Red Hat Linux Advanced Server
Intel Cluster Math Kernel Library for Linux - ( v. 7.x ) - complete package
Dell Outlet
Intel Blade Server Chassis SBCE - desktop - 7 U
iBook G4
HP Installer Kit for Linux - media
HP StorageWorks Continuous Access EVA - ( v. 1 ) - complete package
HP Fabric Manager Enterprise - ( v. 4.x ) - complete package
IBM Cluster Systems Management Base for Xlinux/EServer - ( v. 1.4 ) - media
HP F500 Cluster for EVA Basic
S/W Integration Kit for HP OpenView NNM SNMP MGMT
HP StorageWorks 300mx MO Jukebox 2 Drives , 291.2 GB
Novanet Microsoft Clusters
HP StorageWorks Magneto-Optical Storage 2200mx , 2.17TB

Secure Services, Secure Grids
Architecture
OGSA
OGSI
WSRF

Technology
 GSI authentication
Kerberos
PKI
Trust Models
X.509 v3, CRL
X.509 CRMF
X.509 Token Profile

Podcasts
GSI
Secure SSL auditing
Security Taxonomy
SAML
WS-Security

Webcasts
GSI
Secure SSL auditing
Security Taxonomy
SAML
WS-Security
 

 

 

 

Ken North

The purpose of grids is to provide utility computing, but organizations such as the Global Grid Forum, Enterprise Grid Alliance and Globus Alliance recognize the need for security. As grid technology emerged, an important research paper defined an open architecture for grid services. That paper provided the genesis for further refinement of the services model, with security services playing an important role.

Several generations of technical documents have emerged to describe an architecture and infrastructure for grid services. A de facto model has emerged for grid services authentication. There have also been parallel developments in security for web services and several releases of a tool set for grid developers.

OGSA

Ian Foster, Joseph Kesselman, Jeffrey Nick and Steve Tuecke wrote an important paper about the Physiology of the Grid and the Open Grid Services Architecture (OGSA). The Global Grid Forum's OGSA 1.0 document specifies security services for enforcing the security policy related to authentication, message integrity, confidentiality and privacy, auditing, intrusion prevention, access control and so on.

For user authentication, delegation and single sign-on, the OGSA uses the Grid Security Infrastructure (GSI) protocol. GSI provides a vehicle for using X.509 certificates with public key-based authentication protocols, such as the Transport Layer Security (TLS) protocol. Another key OGSA characteristic is the use of the Web Services Description Language (WSDL) and the Simple Object Access Protocol (SOAP) for grid services.

OGSI

Building on OGSA, the Globus Alliance chartered a working group that defined the Open Grid Services Infrastructure (OGSI). The OGSI 1.0 proposed recommendation defines how to create, manage and communicate among grid services. It excludes details of grid services security and refers the reader to other specifications for communication protocols, policy management and platform-specific security.

As OGSA and OGSI were evolving, there was much work being done in the web services community to define specifications related to the creation of secure, interoperable web services. Key participants in the Globus Alliance and grid community recognized the merit of aligning grid services technologies with the work being done to evolve web services technology.

WSRF and Web Services Security Technology

By 2004, Globus announced the Web Services Resource Framework (WSRF) would be a re-factoring of OGSI to exploit the standards being developed for web services. Because the OGSA, OGSI and WSRF leverage XML-based technologies (e.g., SOAP), it's possible to exploit technologies for creating web services when building grid services.

OASIS published the WS-Security specification as a standard for creating secure message exchanges that offer authentication, confidentiality, encryption and message integrity. OASIS also published the Security Assertions Markup Language (SAML)

The WS-Policy specification defines fundamentals used for creating security policies, such as the type of security tokens a service will accept.

IBM and Microsoft have submitted the WS-Trust, WS-SecureConversation and WS-SecurityPolicy specifications to OASIS for standardization.  WS-Trust provides for the issuing and exchange of tokens for establishing trust among communicating parties, including Kerberos tickets and X.509 certificates. WS-SecurityPolicy provides a vehicle for expressing policy assertions.

Globus Toolkit

The Globus Alliance has provided several release of a toolkit for developing grid software. Globus Toolkit 4.0 provide an authorization framework, message-level security and transport-level security. To protect the security of SOAP messages, GT4 provides an implementation of the WS-Security standard and the WS-SecureConversation specification.

The authorization and authentication tools are suitable for using with or without web services frameworks. Globus provides Java classes and libraries that support certificate-based authentication. It also provides components for access controls and managing credentials.

More reading:

Sponsored Links

Intrusion Detection and Prevention

IDS Network Module for Cisco 2600, 3600, 3700 routers

icon iconCisco IDS 4250-XL Sensor - network monitoring device

icon iconCyberguard SG580 Firewall VPN Appliance

icon icon WatchGuard Firebox® V100

 

 

Home ] Up ]

Send mail to with questions or comments about this web site.
Copyright © 2005-7 GridSummit.com
Last modified: 10/30/07