Why Web Services Should Care About Grid Security

1. Why Web services should care about grid security Taavi Hupponen, CSC

2. Background • Web services enable efficient access to services that have traditionally been accesses through web pages • This puts more load on service providers • Grid middleware is being implemented with Web Services

3. Reason 1: Who is using my resources? • With increased resource usage, the service providers will get interested on who is using their resources • There will be need for identification, authentication, authorization and accounting • Not necessarily at individual level but at least in some level • This is stuff that is hard to get right • Grids have been dealing with these issues for quite a while

4. Reason 2: Grids can provide resources for your services • There is need for more resources, grids can provide them • If you are using grids as backend for your services, you end up identifying the users or yourself with the grid security mechanisms • Maybe you could avoid having two different mechanisms, by using grid stuff also for the Web service

5. Reason 3: Using grids through Web Services interface • Grid middleware is being implemented as Web Services • For example Globus Toolkit 4 • This may enable use of grid features and services through Web Services interfaces • Web Services interface or not, grid security mechanisms will be there

6. Reason 4: Certificates • Grid users already have certificates • Imagine having different username and password for all those 3000+ Web Services seen in Taverna • Web services are used by programs • It is easier for programs to use certificates than usernames and passwords

7. Reason 5: You want to concentrate on functionality!