1 / 17

DataGrid Security WS Summary

DataGrid Security WS Summary. Targets: Identify requirements from WP's Define security services/components for M9 How to handle security in the future Listen to what is happening elsewhere. Issues for WP1. Use GSI job submission to LRMS between community scheduler and Condor-G

vianca
Download Presentation

DataGrid Security WS Summary

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DataGrid Security WS Summary Targets: • Identify requirements from WP's • Define security services/components for M9 • How to handle security in the future • Listen to what is happening elsewhere Summary of Security Workshop - DataGRID WP4 workshop

  2. Issues for WP1 • Use GSI • job submission to LRMS • between community scheduler and Condor-G • Between user and scheduler(but may also be a web portal based on `plain’ PKI) • Credentials should be valid for long time (days or weeks) • For re-submission and while waiting for a cluster • Might use MyProxy service (operates like `quasi CA’) • Information needed (from WP4) • Which clusters may be used (M9: publishing grid-mapfiles in GIS?) • (aggregate or approx.) accounting needed for scheduling policy(possible not needed for M9, later definite `yes’) Summary of Security Workshop - DataGRID WP4 workshop

  3. Issues for WP2 • Will co-exist with existing uid/gid mechanisms • Replica Manager will get you the files locally and use uid/gid's from there • The Replica Mngr needs more permissions,but there are only few • Will need access control on • Replica Catalogue • Replica Manager • DataMover • Storage Elements • Problem with all objects in one file (Objectivity) Summary of Security Workshop - DataGRID WP4 workshop

  4. Issues for WP3 • Some of the information is personal → legal requirement to protect: • Accounting information • Grid map file Summary of Security Workshop - DataGRID WP4 workshop

  5. Issues for WP4 See presentation of Lionel for details Some key points: • Host certs for nodes (secure logging/auditing/configure)makes for O(105) host certificates • Mapping of grid to local credentialsmaybe automatically generated but persistent uid’s? • Should cert- or authorization revocation kill job? • User ban lists, propagated through DataGrid? • Site regulations: who is liable for a break-in? • NAT and process access to the outside world Summary of Security Workshop - DataGRID WP4 workshop

  6. Issues for WP5 • WAN access to storage only via Replica Manager • No remote user access from programsthis triggered Ingo who wants jobs to access object databases and remote CEs and SEs from within a job and not specify anything in the JDL! • Will use uid/gid in local fabric (again) • Can use grid map file but will not manage it(maybe except for Replica Manager entries) Summary of Security Workshop - DataGRID WP4 workshop

  7. Issues for Applications • Want single sign-on and authentication once • Authorization, accounting and quota per role • Via experiment secretariat for HEP • people migrate, also physically • Want to apply policies (per role): • e.g. data not to be copied to other side for privacy (bio) • Encryption of job submission (biologists are paranoid) • Encryption of data optional • Marking data read-only • QoS commitments and trust (also in face of local changes) • Light-weight access for O(105) biologists Summary of Security Workshop - DataGRID WP4 workshop

  8. Application status of LHCb MC • Currently 19 different accounts for production • Need manual intervention to get access to resrcs Special for current situation: • Web server and servlets to do job submissionneed write access to local storageweb server should be accessible • Log job info to htdocs directory in central place • Long-lived credentials (>72hrs) Summary of Security Workshop - DataGRID WP4 workshop

  9. Plans for M9 • Authentication • 1 cert per user issues by national CA • Host certs also from national CA • No more Globus certs • Policy checks by CA group • Tools for automatic CA configuration (incl. CRLs) • No support for K5/K4/AFS • Renewal of credentials needed (MyProxy?) • Light-weight access for BioMed Summary of Security Workshop - DataGRID WP4 workshop

  10. Plans for M9 • Authorization • GSI more or less OK • Via Grid map file • No group accounts • Groups and roles are required in some way Globus CAS will not be ready • Access and accounts: via WP management and WP6 • Auditing • Auditing must be there • Write to syslog • Need to keep audit trail Summary of Security Workshop - DataGRID WP4 workshop

  11. Plans for M9 • Incident monitoring • WP6 will (should?) provide the DataGrid CSIRT • Accounting • Shared task of WP4 and WP1 • Information services • Secure MDS from Globus (not critical) • List of allowed clusters needed for schedulingexpose map file?? Summary of Security Workshop - DataGRID WP4 workshop

  12. Plans for M9 • Storage • WAN access to files only by Replica Manager • Experiments (LHCb) want AFS like access,but mean a exp. software install on worker nodes • HEP applications was to update remote DBs from within a job • Firewalls and NAT • Ports should preferably be static Summary of Security Workshop - DataGRID WP4 workshop

  13. Authorization tools • INFN LDAP grid map management • User and group info in directory, used by local admins to generate the grid map file • User DNs associated with groups and domains • OU manager access still problem (standardization!) • gridmapdir patch to Globus • Works like DHCP leases from account pools • Supports multiple pools or groups • Expiry of leases is challenging! • http://www.hep.grid.ac.uk/gridmapdir Summary of Security Workshop - DataGRID WP4 workshop

  14. Agreed Long Term Statements • Local control should always be retained • Authorization and its revocation is key problem • A policy language is needed • Including conditional authorization, e.g. from 9am-5pm • Accounting and auditing infrastructure needed • Aware of firewalls & NAT and of attack risks Summary of Security Workshop - DataGRID WP4 workshop

  15. Aaaarch Research Task Force • Next Generation AAA Architecturebased on mesh of interconnected AAA servers • RFCs 2903 – 2906 & drafts • Provide nice overview of different architectures: • Agents query service to allow user access • Service pulls info from UHO AAA server • UHO AAA pushes tokens for user to access service • Working on policy language http://www.aaaarch.org/ Summary of Security Workshop - DataGRID WP4 workshop

  16. Some Open Issues • Need all channels encryption or integrity? • Does the scheduler need authentication itself(does the scheduler have more rights than its end-user?) • Authorization service universal problem • Who managers authorization information • Revocation of authorization • How often do you check this • Scalability • Access permissions on user or group level (which group) Summary of Security Workshop - DataGRID WP4 workshop

  17. More Open Issues • Files vs. Objects (all data in Objectivity owner by one uid)DataGrid will not bring more security to insecure solutions • Are jobs to use other services than `Grid’ services?Or: how to prevent this! • Attacks, cracking, DDoS, …How to secure the security infrastructure Summary of Security Workshop - DataGRID WP4 workshop

More Related