DJRA3.1 issues Olle Mulmo.

Slides:



Advertisements
Similar presentations
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Advertisements

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
GT 4 Security Goals & Plans Sam Meder
EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.
Installing and Configuring a Secure Web Server COEN 351 David Papay.
Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.
1 Developing Rules Driven Workflows in Windows Workflow Foundation Jurgen Willis COM318 Program Manager Microsoft Corporation.
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
A PERMIS-based Authorization Solution between Portlets and Back-end Web Services Hao Yin 1, Sofia Brenes-Barahona 2, Donald F. McMullen * 2, Marlon Pierce.
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy
Blueprint Meeting Notes Feb 20, Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
Mar 28, 20071/9 VO Services Project Gabriele Garzoglio The VO Services Project Don Petravick for Gabriele Garzoglio Computing Division, Fermilab ISGC 2007.
EGEE is a project funded by the European Union under contract IST Common Security Components Olle Mulmo JRA3 JRA1 all-hands meeting, June 29.
1 Globus Toolkit Security Rachana Ananthakrishnan Frank Siebenlist Argonne National Laboratory.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
EGEE is a project funded by the European Union under contract IST Gap analysis draft v2 Olle Mulmo, David Groep, Joni Hahkala JRA3 Gap, 10.
1 GT XACML Authorization Rachana Ananthakrishnan Argonne National Laboratory.
Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
EGEE is a project funded by the European Union under contract IST Gap Analysis JRA3 12/7/2015
INFSO-RI Enabling Grids for E-sciencE LCAS/LCMAPS and WSS Site Access Control boundary conditions David Groep et al. NIKHEF.
Grid Authorization Landscape and Futures Von Welch NCSA
VO Privilege Activity. The VO Privilege Project develops and implements fine-grained authorization to grid- enabled resources and services Started Spring.
Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.
Jun 12, 20071/17 AuthZ Interoperability – Status and Plan Gabriele Garzoglio AuthZ Interoperability Status and Plans June 12, 2007 Middleware Security.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
Andrew McNab - Security issues - 4 Mar 2002 Security issues for TB1+ (some personal observations from a WP6 and sysadmin perspective) Andrew McNab, University.
XACML Showcase RSA Conference What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.
INFSO-RI Enabling Grids for E-sciencE - II SLCS, VASH, and LCAS/LCMAPS Plugins All-Hands Meeting Helsinki Placi Flury, SWITCH 19.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
Ákos FROHNER – DataGrid Security n° 1 Security Group TODO
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks OpenSAML extension library and API to support.
1 Globus Toolkit Security Java Components Rachana Ananthakrishnan Frank Siebenlist.
INFSO-RI Enabling Grids for E-sciencE GUMS vs. LCMAPS Oscar Koeroo.
Web and mobile access to digital repositories Mario Torrisi National Institute of Nuclear Physics – Division of
Database Principles: Fundamentals of Design, Implementation, and Management Chapter 1 The Database Approach.
Lesson 14: Configuring File and Folder Access MOAC : Configuring Windows 8.1.
EGEE Data Management Services
ArcGIS for Server Security: Advanced
Trygve Aspelien and Yuri Demchenko
Joy Rathnayake Senior Architect – Virtusa Pvt. Ltd.
Bob Jones EGEE Technical Director
AuthN and AuthZ in StoRM A short guide
Containers as a Service with Docker to Extend an Open Platform
OGSA-WG Basic Profile Session #1 Security
StoRM: a SRM solution for disk based storage systems
JRA3 Introduction Åke Edlund EGEE Security Head
AAI … but This talk is about the second 'A': Authorisation.
Deployment Planning Services
Policy Based Management: Introduction & implementation
A gLite Authorization Framework
Security for Open Science
Study course: “Computing clusters, grids and clouds” Andrey Y. Shevel
Security in OSG Rob Quick
Exam : Implementing Microsoft Azure Infrastructure Solutions
BY: SHIVI AGRAWAL ( ) CSE-(6)C
The Extensible Tool-chain for Evaluation of Architectural Models
Hao Yin1, Sofia Brenes-Barahona2, Donald F. McMullen
Security & .NET 12/1/2018.
Public Key Infrastructure from the Most Trusted Name in e-Security
Systems Analysis and Design in a Changing World, 6th Edition
Scott Thorne & Chuck Shubert
Presentation transcript:

DJRA3.1 issues Olle Mulmo

1.1 Security architecture definition “A set of features and services that tackles a set of requirements and can handle a set of use cases” ...yuck... service == almost anything in this context Not only enabling stuff, but also disabling stuff Application sandboxing Incident response propagation Logging & auditing ??? <event>, <date> - 2

1.2 Our philosophy Be modular Be agnostic Be standard To what extent are we considering out-of-the-box interoperability with others? OMII going the SAML-behind-PERMIS route (GT3.3 callout) OSG ? My take on this: Have the hooks ready, but others have to provide plugins for alternatives to proxy certs and VOMS <event>, <date> - 3

Section 2: Background Not sure about this whole section at all Section 2.1 motivates VO vs federation Sections 2.2 and 2.3 could go away 2.2 be part of something else Is it all introduction? <event>, <date> - 4

3. AUP and SLAs Where do we introduce them? <event>, <date> - 5

3.3 footnote GGF says < 0.1 MSec for this type of creds (~24 hours) LCG maximum allowed proxy validity? <event>, <date> - 6

3.4 Communicate AuthN Remove <event>, <date> - 7

3.7 Security Considerations, AuthN CA operations Revocation timeliness <event>, <date> - 8

4. User key management Outline: Missing 4.1 Repudiation Concerns of SIPS services 4.2 Credential Stores 4.3 Security Consideration Move 4.1 content here? Missing Key hygiene Reference to OTP work Other? <event>, <date> - 9

5. Data key management Scenario getting clearer? The big issue is with long-term storage Transient or OOB copies not considered as bad Key servers: M-of-N solutions Support 1-of-1 but think M-of-N from the start Can existing software <event>, <date> - 10

5. Data key management Data has owner (the creator) Owner creates, registers and manages encryption keys Data will be enveloped XML signature? References to key server(s) locations embedded in envelope (+) Self-contained, No additional metadata (-) Data size increase 33% + header (-) Harder to stream the data encryption/decryption process <event>, <date> - 11

5. Data key management M-of-N key servers owners give access control to “community” metadata data + = data Stored using “normal” data management owner <event>, <date> - 12

Is this OK? Solves the problem of plaintext long-term data storage No way to improve this system in the future Is this OK with app people anyhow? Issues with key servers Is it a VO or infrastructural service? Other concerns? <event>, <date> - 13

6. AuthZ Problems / issues? Need to resolve IETF agent/pull/push terminology... do we explain them correctly and are we really using the agent model? <event>, <date> - 14

7.1 AuthZ framework design Yuri has issues... chaining of PIP/PDP “evidence” vs “context” ... <event>, <date> - 15

7.2 TODO: Need a volunteer “Make sure the components here fulfil the requirements and allow us to do as much as we can do with LCG2 today” <event>, <date> - 16

7.2.3 Service AuthZ chains TODO: Is permit-override the right construct? In general, people use deny-overrides. A permit-overrides chain will be provided as the default policy-combining algorithm. If a permit decision is found in the chain, further evaluation stops and the user is granted access. More elaborate chains may be implemented in the future allowing a more declarative rule combining configuration where AND, OR, and NOT operators may be utilized on the result of PDPs. <event>, <date> - 17

8.1 Securing hosted-to-native interface setuid functionality stressed on in text Exactly what do we need here? If we can circumvent reinventing sudo, we should Lots of (bad) experience in GT development – leverage <event>, <date> - 18

8.2 Data sandboxing Meta-Q: Is it possible to make sure that Access via GridFTP Access via submitted job Access via DM APIs ... always generate the same access privileges? <event>, <date> - 19

8.3 Networking <event>, <date> - 20

9. Logging and audit No explicit audit tooling Bad? <event>, <date> - 21

10. Use cases and control flows Good examples? <event>, <date> - 22

11. Security Considerations Have to work with the assumption that the system WILL break or be broken What should we stress on? “Cutting of the arm” abilities incident response propagation local site policy configuration possibilities <event>, <date> - 23