1 / 12

Authentication Services in Open Grid Services

Authentication Services in Open Grid Services. by Manish Mehta April 27, 2004. Overview. Grid applications are Distributed Heterogeneous environments Within dynamic “virtual organizations”. OGSA aims at. Interoperable and Usable Grids for industry, e-science, and e-business.

rane
Download Presentation

Authentication Services in Open Grid Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Authentication Services in Open Grid Services by Manish Mehta April 27, 2004 Manish Mehta, CS 590L

  2. Overview • Grid applications are • Distributed • Heterogeneous environments • Within dynamic “virtual organizations” Manish Mehta, CS 590L

  3. OGSA aims at .. • Interoperable and Usable Grids for industry, e-science, and e-business. • This demands … • Trust Relationship • Secure Communication Manish Mehta, CS 590L

  4. What Security Services are required? • Authentication • Authorization • Confidentiality • Integrity • Non-repudiation • Secure Delegation Manish Mehta, CS 590L

  5. What is current status? • OGSA-Sec-WG has a draft out (June 2003) • Web Services (WS) Architecture has gained more attention • The Grid security is going to be based on WS security Architecture. • GGF has not yet accepted the WS architecture fully. But seems that they don’t have choice. Manish Mehta, CS 590L

  6. OGSA Security Architecture Manish Mehta, CS 590L

  7. OGSA Security Architecture (contd.) Manish Mehta, CS 590L

  8. Basic requirements for authentication • Credential processing • Validate authentication tokens • Authorization • Evaluate the request against policy • Credential Conversion • Bridging different Trust Domains • Identity Mapping • Map identities in different domains Manish Mehta, CS 590L

  9. GT2 model • Uses PKI • Kerberos, SSH, CRISIS were also reviewed. • Claims to introduce “proxy certificates” • Single entity decides its own Trust Domain (consequence of PKI) • Uses SSL Manish Mehta, CS 590L

  10. GT3 Model • 2 main advantages over GT2 • Use of WS security protocol • Tight least-privilege model • Main Difference • Uses SOAP as opposed to TCP Manish Mehta, CS 590L

  11. What are the problems? (Mainly due to WS security architecture) • Extension of the existing SSL infrastructure and use of authentication tokens at service level. • Need for authentication and authorization demands more than SSL. (Two-way) • Due to dynamic creation of services, key management becomes an issue. Manish Mehta, CS 590L

  12. What is needed in future? • The WS security architecture is also immature and ill defined. Concrete specification needed. • OGSA does not fully adopt the WS security. GGF has to patch the holes in Architecture. Manish Mehta, CS 590L

More Related