1 / 13

PKI in Practice: The Open Science Grid

PKI in Practice: The Open Science Grid. Michael Fenn CPSC 620, Fall 09. What is grid computing?. Grid computing is the process of allowing loosely-coupled virtual organizations to share resources over a wide area network. What does this mean? I’m at Prestigious University I have some jobs

chars
Download Presentation

PKI in Practice: The Open Science Grid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PKI in Practice: The Open Science Grid Michael Fenn CPSC 620, Fall 09

  2. What is grid computing? • Grid computing is the process of allowing loosely-coupled virtual organizations to share resources over a wide area network. • What does this mean? • I’m at Prestigious University • I have some jobs • I want to run them • Well-known State University has idling computers • Grid computing lets me get my jobs there • (Foster, Kesselman and Tuecke, The Anatomy of the Grid: Enabling Scalable Virtual Organzations 2001)

  3. Motivations • My usage is bursty • Big paper deadline • End of semester • Etc. • Their usage is bursty • Our bursts don’t coincide • Let’s share • (Armbrust, et al. 2009)

  4. OSG • Many grids, let’s pick one • 2 realities • Loosely federated Virtual Organizations (VOs) • Loosely federated sites • 2 elements of security • Public Key Infrastructure (PKI) • Web of trust model

  5. Virtual Organizations • A group of users who share a “common interest” • Definition of “common interest” is flexible • Examples: • High-energy physicists: ATLAS, STAR, CMS, Alice • Bioinformatics: CompBioGrid • Nanotechnology: Nanohub • Just learning: Engagement, OSG-EDU

  6. Sites • Sites are collections of resources • Compute Elements • Globus gatekeeper for authentication • Batch scheduler (PBS, Condor) for getting jobs to compute nodes • Monitoring and accounting to keep the higher-ups happy • Storage Elements • Storage Resource Manager (SRM) for authentication • Big bit bucket for storage • Monitoring and accounting here too

  7. How it works together

  8. Securing the grid • Public-key infrastructure • Users are affiliated with VOs • VOs issue certificates • Sites trust certificates issued by particular VOs • Confidentiality and Integrity are maintained

  9. Web of trust • Sites choose which VOs to trust • Resources also have certificates • Users can be confident that the resource is what it claims to be • Sites generally trust the VO that issued their cert • This is not required however!

  10. Types of trust • 3 main types: • VO-User trust • VOs establish criteria for membership • Site-VO trust • Factors in deciding whom to trust • VO requirements • Trust reciprocity • OSG-VO trust • OSG maintains a list of trusted VOs • Trusted VOs have their CA certificates included in the OSG software distribution

  11. Security Implications • Users have been “accredited” by a VO • If things do go wrong, I have his cert • I know his name • I know who vouched for him • VOs have incentive to maintain well-behaved membership

  12. Conclusions • OSG runs securely due to: • PKI • Web of trust • Flexible and scalable • I don’t have to make a UNIX user account for everybody • Users are still accountable

  13. Questions, Comments? • Thank you for listening!

More Related