NSFMAGIC Globus Security Perspective

1
Panel Controlled and Dynamic Delegation of
Rights Frank Siebenlist, ANL (moderator)Von
Welch, NCSACarl Ellison, MicrosoftRavi Pandya,
MicrosoftKent Seamons, Brigham Young University
3rd Annual PKI RD Workshop April 12, 2004 NIST,
Gaithersburg, MD
2
Outline

• X.509 Proxy-Certificates
• Von Welch
• (Grid) Use Cases for Delegation of Rights
• Frank Siebenlist
• SPKI (UPnP)
• Carl Ellison
• XrML
• Ravi Pandya
• TrustBuilder
• Kent Seamons

3
(Grid) Use Cases for Delegation of Rights
4
LHC Data Distribution
PBytes/sec
100 MBytes/sec
Offline Processor Farm 20 TIPS
There is a bunch crossing every 25 nsecs. There
are 100 triggers per second Each triggered
event is 1 MByte in size
100 MBytes/sec
Tier 0
CERN Computer Centre
622 Mbits/sec
or Air Freight
(deprecated)
Tier 1
FermiLab 4 TIPS
France Regional Centre
Italy Regional Centre
Germany Regional Centre
622 Mbits/sec
Tier 2
622 Mbits/sec
Institute 0.25TIPS
Institute
Institute
Institute
Physics data cache
1 MBytes/sec
Tier 4
Physicist workstations
5
(No Transcript)
6
Multi-Institution Issues
Certification
Certification
Authority
Authority
Domain B
Domain A
Policy
Policy
Authority
Authority
Task
Server Y
Server X
Sub-Domain A1
Sub-Domain B1
7
Grid SolutionUse Virtual Organization as Bridge
No Cross- Domain Trust
Certification
Domain A
Federation
Service
GSI
Virtual
Organization
Domain
8
Virtual Organization Enables Access
9
Security ofGrid Brokering Services

• It is expected brokers will handle resource
  coordination for users
• Each Organization enforces its own access policy
• User needs to delegate rights to broker which
  may need to delegate to services
• QoS/QoP Negotiation and multi-level delegation

10
Propagation of Requesters Rights through Job
Scheduling and Submission Process
Virtualization complicates Least Privilege
Delegation of Rights
Dynamically limit the Delegated Rights more as
Job specifics become clear
Trust parties downstream to limit rights for
youor let them come back with job specifics
such that you can limit them
11
Dynamic Resource Management

• Compute job are run in newly created accounts
• Any account creds are created on the fly
• Dynamic account/sandbox creation
• X.509 identity registration procedure doesnt
  work
• Identity assertion not very useful
• Newly created key pair are the identity creds
• Only Host key is long-lived
• Only Host can be used to derive authz from
• Currently use proxy-certs to issue
  authz-assertions
• Host asserts that requester can be trusted by
  account
• Host asserts account can be trusted by
  requester
• Requester asserts account can work on behalf of
  requester

12
(Grid) Use Cases for Delegation of Rights

• Grid applications traverse admin boundaries
• Services work on behalf of others
• Authz-assertion chains are built dynamically
• Combination of multiple assertions decides
  decisions
• Need for the right policy language
• with industrial strength open source toolkit
• Policy engine should be present at all control
  points
• Embed engine in our Globus Toolkit
• Industry lags 2-3 years behind, but will face
  the exact, same requirements

13
Outline

• ProxyCertificates
• Von Welch
• (Grid) Use Cases for Delegation of Rights
• Frank Siebenlist
• SPKI
• Carl Ellison
• XrML
• Ravi Pandya
• TrustBuilder
• Kent Seamons