Www.ggf.org OGSA SEC WG [OGSA= Open Grid Services Architecture] Co-chairs: Nataraj Nagaratnam, IBM, USA Marty Humphrey University of Virginia, USA GGF9.

Slides:

Advertisements

Similar presentations

© 2006 Open Grid Forum Security Area OGF19 Standard All Hands.

Advertisements

OGSA-WG charter discussion Dec. 3, 2003 F2F meeting at ANL.

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.

GT 4 Security Goals & Plans Sam Meder

Supporting further and higher education Grid Security: Present and Future Alan Robiette, JISC Development Group.

A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.

OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007.

Security Standards (…and Competing Standards … and Implementations … and Interoperability) Marty Humphrey Assistant Professor Computer Science Department.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

Christopher Irish David Orr Sophya Kheim Adam Lange Daniel Palma

WS-Security TC Christopher Kaler Kelvin Lawrence.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Web Service Standards, Security & Management Chris Peiris

Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”

SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.

SAML support in VOMS Valerio Venturi EGEE JRA1 AH Meeting, Amsterdam 20/23 February 2008.

17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.

Andrew McNab - GGF Authz - 16 Dec 2003 GGF Authorization work Andrew McNab, University of Manchester

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

January 19, 2005 Andrew Nash Chief Technology Officer, Reactivity xmlCoP Interoperable Trust Networks.

Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.

W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.

OGSA Security Roadmap Discussion GGF5 – 7/24/02. Outline l Introduction l Architecture Goal l Roadmap Goal l Proposed Specs l Challenges l Next Steps.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

Supporting education and research Security and Authentication for the Grid Alan Robiette, JISC Development Group.

Open Pluggable Edge Services (opes) 61st IETF Meeting Washington, D.C., USA.

Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.

CaGrid 2.0 Security Prototype 1. Goals Prototype some proposed security solutions – Ensure interoperability across programming models – Ensure interoperability.

Prabath Siriwardena – Software Architect, WSO2. Patterns Standards Implementations Plan for the session.

Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.

Grid Security: What is it? Where is it going? Why? Von Welch National Center for Supercomputing Applications Globus Alliance.

Grid Authorization Landscape and Futures Von Welch NCSA

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.

© 2004 IBM Corporation ICSOC2004 Panel Discussion: Grid Systems: What is needed from web service standards? Jeffrey Frey IBM.

Using WS-I to Build Secure Applications Anthony Nadalin Web Services Interoperability Organization (WS-I) Copyright 2008, WS-I, Inc. All rights reserved.

Andrew McNabGESA/Authz, GGF9, 7 Oct 2003Slide 1 Authorization status Andrew McNab High Energy Physics University of Manchester

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

Wednesday, 3:30 PM – 5:00 PM Telecom SOA Profile  WS Addressing  WS reliable messaging  WS security  SOAP over JMS  General improvement of specs with.

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

GEONET Brainstorming Document. Content Purpose of the document Brainstorming process / plan Proposed charter Assumptions Use cases Problem description.

Web Services Security Mike Shaw Architectural Engineer.

August 3, 2004WSRP Technical Committee WSRP v2 leveraging WS-Security 1. Motivation 2. WS-Securtiy Roadmap and Status 3. WSRP Use Cases 4. Strawman/Issues.

ESRIN, 15 July 2009 Slide 1 Web Service Security support in the SSE Toolbox HMA-T Phase 2 FP 14 December 2009 S. Gianfranceschi, Intecs.

Eclipse Foundation, Inc. Eclipse Open Healthcare Framework v1.0 Interoperability Terminology HL7 v2 / v3 DICOM Archetypes Health Records Capture Storage.

Access Policy - Federation March 23, 2016

Firewall Issues Research Group GGF-15 Oct Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks.

OGSA-WG Basic Profile Session #1 Security

Usecases and Requirements for OGSA-Security

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

University of Virginia, USA GGF9, Chicago, Illinois, US

Unit 8 Network Security.

Presentation transcript:

OGSA SEC WG [OGSA= Open Grid Services Architecture] Co-chairs: Nataraj Nagaratnam, IBM, USA Marty Humphrey University of Virginia, USA GGF9 WG session: Oct 7, 2003, Chicago, Illinois GGF OGSA SEC WG History & Status Presentation Edited and Modified: Alan J Weissberger Data Communications Technology

OGSA SEC WG Charter “Enumerate and address the Grid Security requirements in the context of the OGSA” “Leverage… WS-Security… and… WS Security Roadmap” Primary outcome:  doc #1: The Security Architecture for Open Grid Services  doc #2: OGSA Security Roadmap Secondary outcome:  Creation of new GGF WGs to address “gaps” identified by #2 Synergistic with other efforts (e.g., OASIS, W3C)??? But…no incorporation of IETF Security specs (IP Sec or SSL), no recognition of IEEE 802.1X or knowledge of IEEE Link Security!

[GGF6] OGSA Security WG Methodology 1 st WG meeting at GGF6 (Oct 2002) What requirements are unique/necessary in Grids? Do the Architecture/Roadmap cover these?  If not, how to extend documents? What components need to be built based on these requirements? Are any specifications not listed? [AW: IP Sec, SSL, LinkSec?] Are any of these “boxes” actively being constructed outside of the GGF?  What are these? Where are these? Who are building them? Which of the (inactive/pending) boxes are urgent?  Based on the identified set of specifications that we need to work on, try to prioritize the list and come up with a dependency/deliverable graph  Suggest spinning off workgroups based on specs identified to be started under GGF

Current/proposed specs Building on the WS/ SOAP Foundation This is a composable Architecture “only use what you need” SOAP Foundation WS-Security WS-PolicyWS-TrustWS-Privacy WS-SecureConversationWS-FederationWS-Authorization time OASIS standard AW Note: This is the IBM-MSFT WS Roadmap for Security Protocols. Only WS-Security is a standard.

OGSA Security Components

Building Blocks

CategorySpecifications NamingOGSA Identity OGSA Target/Action Naming OGSA Attribute and Group Naming Transient Service Identity Acquisition Translation between Security Realms Identity Mapping Service Generic Name Mapping Policy Mapping Service Credential Mapping Service Authentication Mechanism Agnostic OGSA Certificate Validation Service OGSA-Kerberos Services Pluggable Session Security GSSAPI-SecureConversation Pluggable Authorization Service OGSA-Authorization Service Roadmap: Proposed Specs. (1)

CategorySpecifications Authorization Policy Management Coarse-grained Authorization Policy Management Fine-grained Authorization Policy Management Trust Policy Management OGSA Trust Service Privacy Policy Management Privacy Policy Framework VO Policy ManagementVO Policy Service DelegationIdentity Assertion Profile Capability Assertion Profile Proposed Specs. (2) Roadmap: Proposed Specs. (2)

CategorySpecifications Firewall FriendlyOGSA Firewall Interoperability Security Policy Expression and Exchange Grid Service Reference and Service Data Security Policy Decoration Secure Service Operation Secure Service’s Policy and Processing Service Data Access Control Audit and Secure Logging OGSA Audit Service OGSA Audit Policy Management Proposed Specs. (3) Roadmap: Proposed Specs. (3)

Web Services Security Progress Since GGF6 (Oct 2002) Dec 18, 2002: WS-Policy, WS-PolicyAttachment, WS- PolicyAssertions, WS-SecurityPolicy, WS-Trust, WS- SecureConversation from IBM-MSFT  WS-Policy 1.1 et. al. May 28 July 2003: WS-Federation OASIS WS SEC docs for public review (Sept 9)  SOAP Message Security, Username Token Profile, X.509 Cert Token Profile XACML ratified as OASIS Open Standard SAML v1.1 (Sept, 2003) WS-I creates Basic Profiles for Web Services

OGSA SEC WG progress(?) since Oct 2002 Need to let non-GGF activities progress…. (AW: this is a tacit acknowledgement that there has been no progress since 1 st WG Meeting- Oct 2002) Focus is on Authorization (OGSA AuthZ WG) OGSA SEC WG is “idle” at the moment= hibernating now How to get the OGSA SEC WG active again? Should they consider IEEE Link Sec?

AW: What is missing/ wrong? 1.Dependence on a set of WS consortium specs for Security protocols. Only one of those has been Worked in OASIS; others may never be submitted to an open standards body for peer review and approval 2. What if Grid data types are not compatible with WS encoding format (SOAP/XML messages)? For example: floating point numbers, binary data, medical images, real time video, storage area network data, etc 3. No consideration of when to use IP Sec, SSL, IEEE 802.1x, or even knowledge of IEEE Link Security 4.No assumptions as to whether the LAN/MAN link, which connects servers, is secure or has been authenticated.

How to get Link Sec->OGSA Sec WG? Objective: Include Link Sec in WG “Bindings Security” (see OGSA Security Components slide) as 1 st layer of transport (below IP and WS bindings- HTTP, SMTTP, MIME, etc). Defer on IPSec and SSL.Security Components How to do this? [Assuming WG goes into active mode] - Could establish a liaison between IEEE 802 and GGF - Convey IEEE position on need to consider LinkSec in Grid network environment Individuals may participate in GGF WGs at no charge - Join reflector and create a new thread(s) - Participate in conference calls and interim meetings Grid Forge web site will get you to all GGF WGs