Ákos FROHNER – DataGrid Security Requirements n° 1 Security Group D7.5 Document and Open Issues

Ákos FROHNER – DataGrid Security Requirements n° 2 D7.5: Overview u What is Security? (Chapter 3): general description u Assumptions (Section 3.7): what will we not do u 3  3.7 = 4: Security Requirements u Achieved goals (Chapter 5): what is done u Plans (Chapter 6): not a consistent design yet! u Checklists (Chapter 7): summary of 4 & 5 & 6

Ákos FROHNER – DataGrid Security Requirements n° 3 Requirements u AUTAuthentication requirements u AUZAuthorization requirements u AUDAuditing requirements u NRPNon-Repudiation requirements u DLGDelegation requirements u CNFConfidentiality requirements u INTIntegrity requirements u NETNetwork requirements u ADDAdditional requirements u MNGManageability requirements u USRUsability requirements u IOPInteroperability u SCAScalability requirements u PER Performance requirements

Ákos FROHNER – DataGrid Security Requirements n° 4 Requirements - Authentication GSI – certificate based authentication u AUT-02 symmetric u AUT-05 lives beside existing authentication systems u AUT-14 no associated VO in a cert u AUT-15 no authorization information in a certificate Questions from me: u certificate revocation: n immediate vs. authorization? n large scale CRL handling? u certificate authorities: should not be bound to DataGrid or to grid

Ákos FROHNER – DataGrid Security Requirements n° 5 Requirements/Authorization: Role/Group/VO u principal (service or user) is identified by a certificate from a CA (not part of any VO) u group: n organizational structure or common interest inside a VO n no default group n e.g: Security and WP7 in DataGrid u role: n administrative tool n default role n password for extra role n e.g.: user and admin see AUZ-21 CA it CA ch CA fr VO Alice authz VO CMS authz RA ldap INFN RA ldap CERN RA ldap CNRS membership

Ákos FROHNER – DataGrid Security Requirements n° 6 Requirements/Authorization: 2. u AUZ-05 based on various info (id, CRL, role, group, lightweight...) u AUZ-16 disconnected operation u AUZ central access control – immediate disable? u AUZ-23,24 authorize the resource, not the user – whom to trust? u AUZ granularity: controlled operations and objects Questions: u listing accessible resources vs. checking permission case-by-case u central control (policy?) vs. disconnected operation

Ákos FROHNER – DataGrid Security Requirements n° 7 Requirements u Auditing+Non-repudiation: „trustable log” u Delegation: traceable delegation – original identity preserved u Confidentiality: protecting the data from unwanted access (before) u Integrity: check for possible manipulations and errors (after) u Network: firewalls (no more detail – yet) u Management/Usability: make it simple u Interoperability: with other „grids” u Scaleable/Robust (user/machine/institute/country): 1000/200/10/5 –> /1.000/100/10 –> /10.000/100/10

Ákos FROHNER – DataGrid Security Requirements n° 8 Testbed-1 you probably already know it

Ákos FROHNER – DataGrid Security Requirements n° 9 CA/RA u 11 CA u well defined practices u focus on only one VO: DataGrid u CA = RA ? u membership info in VO/LDAP goal: „production deployment” Certificate Management: u scaleable revocation list handling u user cert storage (central?) u roaming access: web portals u long term/renewable proxy certificates for long jobs

Ákos FROHNER – DataGrid Security Requirements n° 10 Data Management / Storage Element in Tomcat configuration files: u certificate checking u certificate -> identity u identity -> role Goals: u Short term: local authorization DB u Long term: general solutions for other services as well Testbed-1: only local filesystem with gridftp for remote access u pool of local userids u VO = groupid group-level access permissions

Ákos FROHNER – DataGrid Security Requirements n° 11 Castor (MSS) with the GSI library u certificate checking u certificate -> identity u identity -> local userid Access control uses the local authorization system: every grid- user have a corresponding local userid. u Short term: n thread-safe GSI n local userid not exposed to client u Long term: SE solution

Ákos FROHNER – DataGrid Security Requirements n° 12 Networking u Detailed firewall configuration guide for light/medium/heavy config. u VPN: use application level encryption Plans: u Network Address Translation for large CEs u dynamic firewall configuration for interactive jobs

Ákos FROHNER – DataGrid Security Requirements n° 13 Open Issues gridmap file: authentication & authorization & map to local userid u authentication: configurable trust (trusted CAs from VO?) u authorization: central vs. local service (CAS?) u mapping: n single userid: grid service does everything (SE) n pool of userids: local enforcement system (CE) n 1-1: local authorization system (maybe as an extra step)