Policy-driven Negotiation for Authorization in the Grid 8 th IEEE POLICY Bologna, Italy, 15 th June 2007 Ionut ConstandacheDuke University Daniel OlmedillaL3S.

Slides:



Advertisements
Similar presentations
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Advertisements

GT 4 Security Goals & Plans Sam Meder
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.
SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.
The VOMS Attribute Authority and its relation with Shibboleth Presenter: Vincenzo Ciaschini 8 th TF-EMC2 Meeting Firenze, March 2007.
Administrative Policies in XACML Erik Rissanen Swedish Institute of Computer Science.
This product includes material developed by the Globus Project ( Introduction to Grid Services and GT3.
New Challenges for Access Control April 27, Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.
Grid Security. Typical Grid Scenario Users Resources.
Authz work in GGF David Chadwick
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research.
Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Technical Introduction to caGrid Service Development caGrid 1.3 Justin Permar caGrid Knowledge Center
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch
CGW 2003 Institute of Computer Science AGH Proposal of Adaptation of Legacy C/C++ Software to Grid Services Bartosz Baliś, Marian Bubak, Michał Węgiel,
1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.
Data Management Kelly Clynes Caitlin Minteer. Agenda Globus Toolkit Basic Data Management Systems Overview of Data Management Data Movement Grid FTP Reliable.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.
GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
Grid Security 1. Grid security is a crucial component Need for secure communication between grid elements  Authenticated ( verify entities are who they.
1 Grid Security. 2 Grid Security Concerns Control access to shared services –Address autonomous management, e.g., different policy in different work groups.
Secure Systems Research Group - FAU Using patterns to compare web services standards E. Fernandez and N. Delessy.
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
Shannon Hastings Multiscale Computing Laboratory Department of Biomedical Informatics.
Introduce Grid Service Authoring Toolkit Shannon Hastings, Scott Oster, Stephen Langella, David Ervin Ohio State University Software Research Institute.
Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.
1 Globus Toolkit Security Rachana Ananthakrishnan Frank Siebenlist Argonne National Laboratory.
Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.
The Globus Authorization Processing Framework New Challenges for Access Control Workshop April 27, 2005, Ottawa, Canada Frank Siebenlist (Argonne National.
JISC Middleware Security Workshop 20/10/05© 2005 University of Kent.1 The PERMIS Authorisation Infrastructure David Chadwick
EMI is partially funded by the European Commission under Grant Agreement RI Argus Policies Tutorial Valery Tschopp - SWITCH EGI TF Prague.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
June 24-25, 2008 Regional Grid Training, University of Belgrade, Serbia Introduction to gLite gLite Basic Services Antun Balaž SCL, Institute of Physics.
Institute For Digital Research and Education Implementation of the UCLA Grid Using the Globus Toolkit Grid Center’s 2005 Community Workshop University.
1 GT XACML Authorization Rachana Ananthakrishnan Argonne National Laboratory.
Grid Security: Authentication Most Grids rely on a Public Key Infrastructure system for issuing credentials. Users are issued long term public and private.
SSH & GSI-X.509 Happily Living Together in Harmony Frank Siebenlist - Dec 6, 2007.
Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.
SecPAL Presented by Daniel Pechulis CS5204 – Operating Systems1.
Grid Authorization Landscape and Futures Von Welch NCSA
Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,
Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.
Rights Management in Globus Data Services Ann Chervenak, ISI/USC Bill Allcock, ANL/UC.
EMI INFSO-RI Argus Policies in Action Valery Tschopp (SWITCH) on behalf of the Argus PT.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
Policy-Based Dynamic Negotiation for Grid Services Authorization Ionut Constandache, Daniel Olmedilla, Wolfgang Nejdl Semantic Web Policy Workshop, ISWC’05.
Policy Management for OGSA Applications as Grid Services Lavanya Ramakrishnan.
INFSO-RI Enabling Grids for E-sciencE Policy management and fair share in gLite Andrea Guarise HPDC 2006 Paris June 19th, 2006.
Distributed Data Access Control Mechanisms and the SRM Peter Kunszt Manager Swiss Grid Initiative Swiss National Supercomputing Centre CSCS GGF Grid Data.
DataGrid is a project funded by the European Commission EDG Conference, Heidelberg, Sep 26 – Oct under contract IST OGSI and GT3 Initial.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks OpenSAML extension library and API to support.
EMI is partially funded by the European Commission under Grant Agreement RI Argus Policies Tutorial Valery Tschopp (SWITCH) – Argus Product Team.
1 Globus Toolkit Security Java Components Rachana Ananthakrishnan Frank Siebenlist.
INFSO-RI Enabling Grids for E-sciencE GUMS vs. LCMAPS Oscar Koeroo.
Trygve Aspelien and Yuri Demchenko
Grid Security.
A gLite Authorization Framework
Update on EDG Security (VOMS)
Protecting Privacy During On-line Trust Negotiation
Presentation transcript:

Policy-driven Negotiation for Authorization in the Grid 8 th IEEE POLICY Bologna, Italy, 15 th June 2007 Ionut ConstandacheDuke University Daniel OlmedillaL3S Research Center Frank SiebenListArgonne National Laboratory

Daniel Olmedilla June 15th, 20078th IEEE POLICY2 Outline Introduction Motivation Policy-driven Negotiations Negotiations in the Grid Implementation Conclusions and Further Work

Daniel Olmedilla June 15th, 20078th IEEE POLICY3 Introduction Virtual Organization Policy Org 1 Org 2 Org 3

Daniel Olmedilla June 15th, 20078th IEEE POLICY4 Introduction Why Grid Security is Hard? Resources being used may be valuable & the problems being solved sensitive Both users and resources need to be careful Dynamic formation and management of virtual organizations (VOs) Large, dynamic, unpredictable… VO Resources and users are often located in distinct administrative domains Can’t assume cross-organizational trust agreements Different mechanisms & credentials Interactions are not just client/server, but service-to-service on behalf of the user Requires delegation of rights by user to service Services may be dynamically instantiated

Daniel Olmedilla June 15th, 20078th IEEE POLICY5 Motivation Local Administrative Domain Ivan Mallory Alice Can I have glass of lemonade? Ivan’s policy: Alice is my friend and I ’ ll share my lemonade with her Mallory is not my friend and he can go #$%^& Sure, here is a glass Can I have glass of lemonade? No way, I don ’ t like you Resource Owner decides! (ultimate source of authority for access)

Daniel Olmedilla June 15th, 20078th IEEE POLICY6 Motivation Distinct Administrative Domains ? Ivan Ivan’s policy: Carol is my friend and I ’ ll share my lemonade with her I ’ ll share my lemonade with any friend of Carol I don ’ t know any Bob … (?) Can I have glass of lemonade? Bob

Daniel Olmedilla June 15th, 20078th IEEE POLICY7 Motivation Distinct Administrative Domains – Pull (I) Sure, here is a glass Can Bob have glass of lemonade? Sure, Bob is my friend Ivan Ivan’s policy: Carol is my friend and I ’ ll share my lemonade with her I ’ ll share my lemonade with any friend of Carol I don ’ t know any Bob … (?) Can I have glass of lemonade? Bob Carol Carol’s policy: Bob is my friend and I ’ ll share my lemonade with him

Daniel Olmedilla June 15th, 20078th IEEE POLICY8 Motivation Distinct Administrative Domains – Pull (& II) Can Bob have glass of lemonade? Sure, Bob is my friend Ivan Ivan’s policy: I don ’ t know any Bob … (?) I do know John, Mary, Carol, Olivia, … Can I have glass of lemonade? Bob Carol Carol’s policy: Bob is my friend and I ’ ll share my lemonade with him Olivia’s policy: If Carol likes Bob, I hate him! Mary’s policy: I like Bob a little bit Lucy’s policy: I sometimes like Carol Ann’s policy: I like Ivan very much! Jogger’s policy: I ’ d like a glass too John’s policy: I don ’ t like girls Bill’s policy: Lemonade is bad for you Frosty’s policy: Only share lemonade with ice Aunt’s policy: Sharing is good Laura’s policy: Share if he pays! David’s policy: Ask Laura Accountant’s policy: Only if he signs here Rita’s policy: No lemonade after eight Neighbor's policy: Let ’ s party! Emma’s policy: Only on his birthday Ivan: HELP Ivan

Daniel Olmedilla June 15th, 20078th IEEE POLICY9 Motivation Distinct Administrative Domains – Push approach Sure, here is a glass Ivan Ivan’s policy: Carol is my friend and I ’ ll share my lemonade with her I ’ ll share my lemonade with any friend of Carol I don ’ t know any Bob … (?) Can I have glass of lemonade? And BTW, Carol is my friend Bob either Bob provides a list of all his friends or  Privacy problems, superfluous disclosure Bob knows in advance the friends from Ivan  static  service instances to be used may be selected at run-time

Daniel Olmedilla June 15th, 20078th IEEE POLICY10 Motivation Example Scenario – Grid Limitations

Daniel Olmedilla June 15th, 20078th IEEE POLICY11 Policy-Driven Negotiations Example: Security & Privacy Step 1: Alice requests a service from Bob Step 5: Alice discloses her VISA card credential Step 4: Bob discloses his BBB credential Step 6: Bob grants access to the service Service BobAlice Step 2: Bob discloses his policy for the serviceStep 3: Alice discloses her policy for VISA

Daniel Olmedilla June 15th, 20078th IEEE POLICY12 Negotiations in the Grid Revisiting the example scenario With only one certificate to access the online repository The delegated certificate is used to retrieve the requested certificates Server informs the client about its access control policy

Daniel Olmedilla June 15th, 20078th IEEE POLICY13 Policy-Driven Negotiations Characteristics Both client and servers are semantically annotated with policies Annotations specify constraints and capabilities – access control requirements  which certificates must be presented to gain access to it  who is responsible for obtaining and presenting these certificates are used during a negotiation  to reason about and to communicate the requirements  to determine whether credentials can be obtained and revealed. User involvement is drastically reduced – automated interactions If required, for sensitive resources, negotiation can be longer To obtain (access to) a certificate, I must satisfy its access control policy, which specifies … --and so on, recursively—

Daniel Olmedilla June 15th, 20078th IEEE POLICY14 Implementation Current GT4’s new authZ framework

Daniel Olmedilla June 15th, 20078th IEEE POLICY15 Implementation Architecture Service wsdl file Service Deployment Descriptor

Daniel Olmedilla June 15th, 20078th IEEE POLICY16 Implementation Integration on Globus Toolkit 4.0 Directed integrated with the grid services paradigm Extension to GSI pluggable to any GT4.0 compliant grid service or client Only requirement: Java based grid services We use:  Custom PDP as part of the Client Call Interceptor -Redirects to a negotiation if required  Asynchronous negotiations are achieved through WS- Base Notification and WS-Topics CAS integration into negotiations API for easy integration within client code

Daniel Olmedilla June 15th, 20078th IEEE POLICY17 Conclusions & Future Work Conclusions Main Features Self-describing resources for access requirements  Based on properties Negotiation for service authorization Dynamic credential fetching  Now possible to use discovery and scheduling services to locate the best available resources  Otherwise, impossible to predict before hand what exact service instances would be used and which certificates required Monitoring and explanation of authorization decision Implementation in Java Extension of GSI in GT4.0 Backwards compatible

Daniel Olmedilla June 15th, 20078th IEEE POLICY18 Conclusions & Future Work Further Work Study performance impact of negotiations And approaches to minimize the extra load  Limit number of iterations -E.g. 2 steps negotiations  Advertise policies before the service is invoked Investigate the use of XACML  Delegation not yet supported but planned

Daniel Olmedilla June 15th, 20078th IEEE POLICY19 Questions? - Thanks!

Daniel Olmedilla June 15th, 20078th IEEE POLICY20 Implementation in GT4 Easy Integration with Current Grid Services Service - include one jar file containing the policy based trust negotiation engine - minor add-ons to the service wsdl file (import one wsdl file and extend one port type) and wsdd file (add one more provider and install a security descriptor) - have a resource (if not available) - re-deploy the service Client - use one jar file containing the policy based trust negotiation engine - invoke the service as usual / or call directly for a trust negotiation process - look for authorization exceptions and if one triggered by trust negotiation failure make simple calls to the negotiation engine

Daniel Olmedilla June 15th, 20078th IEEE POLICY21 Integration into Globus Toolkit 4.0 (I) Grid Service Descriptor Descriptors: - grid service descriptor (wsdl file): TrustNegotiation.wsdl - defines the data types and functions for exchanging trust negotiation messages The grid service should extend the NotificationProducer port type (used for asynchronous communication with the client) and the TrustNegotiation port type(used for exposing the functions used by the client to push proofs/requirements to the grid service).

Daniel Olmedilla June 15th, 20078th IEEE POLICY22 Integration into Globus Toolkit 4.0 (II) Grid Service Deployment Descriptor Descriptors: - grid service deployment descriptor (wsdd file): Rely on GT4.0 providers for notification usage and use a TrustNegotiationProvider implementing the logic for policy based dynamic negotiation Install a security descriptor specifying the use of a PDP for filtering client calls/managing authorization information.

Daniel Olmedilla June 15th, 20078th IEEE POLICY23 Integration into Globus Toolkit 4.0 (& III) Requirements Resource: - the grid service should use a resource implementing TopicListAccessor - a topic would be added by TrustNegotiationProvider for trust negotiation (using this topic the service pushes proofs/requirements on the client side)

Daniel Olmedilla June 15th, 20078th IEEE POLICY24 Client Service

Daniel Olmedilla June 15th, 20078th IEEE POLICY25 Client Factory Service Instance Service Resource Exposes a topic like TrustNegotiationTopic for asynchronous communication with the client. Notify the client when his requests are fulfilled or further requirements are imposed by the service 9. Notify the client about service policies and further requirements PDP specified in the Instance service descriptor that intercepts operation calls. It checks if operation invoked is authorized. Operations getNegotiationTopic() and trustNegotiate() are permitted by default and all the other operations are denied unless a trust negotiation process has succeeded. Have the instance service extend the standard port types Subscribe and GetMessage (used by notifications) and a port type which we provide TrustNegotiationProvider which is going to expose 2 operations getNegotiationTopic() and trustNegotiation(). Receive through them the client requests and proofs with regard to service authorization 5. Catch the exception 10. Operation executed on resource if the trust negotiation process was successful 3. Operation called on the resource 4. Client is not authorized to make the call throw an exception. 8. Client call trustNegotiation() operation for sending client policies and proofs 1. Requests create resource 2. Creates the resource 7. Register with TrustNegotiation Topic for notifications 6. Client call getNegotiationTopic() receive the QName of the negotiation topic.

Daniel Olmedilla June 15th, 20078th IEEE POLICY26 Policy Assertions from Everywhere CAS Shib LDAP Handle VOMS PERMIS XACML SAML SAZ PRIMA Gridmap XACML ???

Daniel Olmedilla June 15th, 20078th IEEE POLICY27 Policy Evaluation Complexity Single Domain & Centralized Policy Database/Service Meta-Data Groups/Roles membership maintained with Rules Only Pull/push of AuthZ-assertions … Challenge is to find right “balance” (driven by use cases…not by fad/fashion ;-) ) … Split Policy & Distribute Everything Separate DBs for meta-data, rules & attribute mappings Deploy MyProxy, LDAP,VOMS, Shib, CAS, PRIMA, XACML, PRIMA, GUMS, PERMIS, ???

Daniel Olmedilla June 15th, 20078th IEEE POLICY28 Ivan Can I have glass of lemonade? Bob Olivia Mary Lucy Ann Jogger John Bill Frosty Aunt Laura David Accountant Rita Emma Carol Decision Helper Master PDP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.