1 / 13

GGF OGSA SEC WG History & Status

GGF OGSA SEC WG History & Status. Presentation Edited and Modified: Alan J Weissberger Data Communications Technology ajwdct@technologist.com. OGSA SEC WG [OGSA= Open Grid Services Architecture] Co-chairs: Nataraj Nagaratnam, IBM, USA Marty Humphrey University of Virginia, USA

hao
Download Presentation

GGF OGSA SEC WG History & Status

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GGF OGSA SEC WG History & Status Presentation Edited and Modified: Alan J Weissberger Data Communications Technology ajwdct@technologist.com OGSA SEC WG [OGSA= Open Grid Services Architecture] Co-chairs: Nataraj Nagaratnam, IBM, USA Marty Humphrey University of Virginia, USA GGF9 WG session: Oct 7, 2003, Chicago, Illinois

  2. OGSA SEC WG Charter • “Enumerate and address the Grid Security requirements in the context of the OGSA” • “Leverage… WS-Security… and… WS Security Roadmap” Primary outcome: • doc #1: The Security Architecture for Open Grid Services • doc #2: OGSA Security Roadmap • Secondary outcome: • Creation of new GGF WGs to address “gaps” identified by #2 • Synergistic with other efforts (e.g., OASIS, W3C)??? • But…no incorporation of IETF Security specs (IP Sec or SSL), no recognition of IEEE 802.1X or knowledge of IEEE 802.1 Link Security!

  3. [GGF6] OGSA Security WG Methodology 1st WG meeting at GGF6 (Oct 2002) • What requirements are unique/necessary in Grids? • Do the Architecture/Roadmap cover these? • If not, how to extend documents? • What components need to be built based on these requirements? • Are any specifications not listed? [AW: IP Sec, SSL, LinkSec?] • Are any of these “boxes” actively being constructed outside of the GGF? • What are these? Where are these? Who are building them? • Which of the (inactive/pending) boxes are urgent? • Based on the identified set of specifications that we need to work on, try to prioritize the list and come up with a dependency/deliverable graph • Suggest spinning off workgroups based on specs identified to be started under GGF

  4. Current/proposed specs Building on the WS/ SOAP Foundation AW Note: This is the IBM-MSFT WS Roadmap for Security Protocols. Only WS-Security is a standard. This is a composable Architecture “only use what you need” WS-Secure Conversation WS-Federation WS-Authorization WS-Policy WS-Trust WS-Privacy OASIS standard WS-Security time SOAP Foundation

  5. OGSA Security Components

  6. Building Blocks

  7. Roadmap: Proposed Specs. (1)

  8. Roadmap: Proposed Specs. (2) Proposed Specs. (2)

  9. Roadmap: Proposed Specs. (3) Proposed Specs. (3)

  10. Web Services Security Progress Since GGF6 (Oct 2002) • Dec 18, 2002: WS-Policy, WS-PolicyAttachment, WS-PolicyAssertions, WS-SecurityPolicy, WS-Trust, WS-SecureConversation from IBM-MSFT • WS-Policy 1.1 et. al. May 28 • July 2003: WS-Federation • OASIS WS SEC docs for public review (Sept 9) • SOAP Message Security, Username Token Profile, X.509 Cert Token Profile • XACML ratified as OASIS Open Standard • SAML v1.1 (Sept, 2003) • WS-I creates Basic Profiles for Web Services

  11. OGSA SEC WG progress(?) since Oct 2002 • Need to let non-GGF activities progress…. (AW: this is a tacit acknowledgement that there has been no progress since 1st WG Meeting- Oct 2002) • Focus is on Authorization (OGSA AuthZ WG) • OGSA SEC WG is “idle” at the moment= hibernating now • How to get the OGSA SEC WG active again? • Should they consider IEEE 802.1 Link Sec?

  12. AW: What is missing/ wrong? • Dependence on a set of WS consortium specs for • Security protocols. Only one of those has been • Worked in OASIS; others may never be submitted to • an open standards body for peer review and approval • 2. What if Grid data types are not compatible with • WS encoding format (SOAP/XML messages)? For • example: floating point numbers, binary data, medical • images, real time video, storage area network data, etc • 3. No consideration of when to use IP Sec, SSL, IEEE • 802.1x, or even knowledge of IEEE 802.1 Link Security • No assumptions as to whether the LAN/MAN link, which • connects servers, is secure or has been authenticated.

  13. How to get Link Sec->OGSA Sec WG? • Objective: Include 802.1 Link Sec in WG “Bindings • Security” (see OGSA Security Components slide) as 1st • layer of transport (below IP and WS bindings- HTTP, • SMTTP, MIME, etc). Defer on IPSec and SSL.Security Components • How to do this? [Assuming WG goes into active mode] • - Could establish a liaison between IEEE 802 and GGF • - Convey IEEE 802.1 position on need to consider • LinkSec in Grid network environment • Individuals may participate in GGF WGs at no charge • - Join email reflector and create a new thread(s) • - Participate in conference calls and interim meetings • Grid Forge web site will get you to all GGF WGs • http://forge.gridforum.org/

More Related