1. Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, 12-15 May 2003

2. Overview of the New Security Model - n° 2 Overview MyProxy user CA certificate: dn, ca, Pkey proxy cert: dn, cert, Pkey, VOMS cred. (short lifetime) TrustManager doit pre-process: parameters-> obj.id + req. op. obj.id -> acl dn,attrs,acl, req.op ->yes/no authz auth WebServices Authz dn,attrs,acl, req.op ->yes/no doit auth authz map dn -> DB role TrustManager LCMAPS dn -> userid, krb ticket GSI LCAS dn,attrs,acl, req.op ->yes/no doit auth authz map GSI doit pre-process: parameters-> obj.id + req. op. GACL: obj.id -> acl dn,attrs,acl, req.op ->yes/no authz auth coarse grained (e.g. Spitfire) coarse grained (e.g. gatekeeper) fine grained (e.g. RepMec) fine grained (e.g. SE, /grid) Java proxy cert mod_ssl doit pre-process: parameters-> obj.id + req. op. GACL: obj.id -> acl dn,attrs,acl, req.op ->yes/no authz auth C web fine grained (e.g. GridSite) proxy cert VOMS VOMS cred: VO, group(s), role(s) certificate proxy cert delegation: cert+key (long lifetime) delegation: cert+key (short lifetime) re-newal request focus is on VOMS details are in D7.6 Security Design

3. Overview of the New Security Model - n° 3 User’s Authorization in EDG 1.4.x VO-LDAP user service grid-mapfile authentication info user cert (long life ) proxy cert (short life ) VO-LDAP CA mkgridmap crl update low frequency high frequency host cert (long life ) registration grid-proxy-init

4. Overview of the New Security Model - n° 4 User’s Authorization in EDG 2.x VO-VOMS user service authentication & authorization info user cert (long life ) VO-VOMS CA low frequency high frequency host cert (long life ) authz cert (short life) service cert (short life) authz cert (short life) proxy cert (short life) voms-proxy-init crl update registration LCAS edg-java-security

5. Overview of the New Security Model - n° 5 VOMS Overview  Provides info about the user’s relationship with his VO(‘s) n groups, roles (admin, student,...), capabilities (free form string), temporal bounds  Features n single login: voms-proxy-init only at the beginning of the session (replaces grid-proxy-init); n expiration time: the authorization information is only valid for a limited period of time (possibly different from the proxy certificate itself); n backward compatibility: the extra VO related information is in the user’s proxy certificate, which can be still used with non VOMS-aware services; n multiple VO’s: the user may authenticate himself with multiple VO’s and create an aggregate proxy certificate; n security: all client-server communications are secured and authenticated.

6. Overview of the New Security Model - n° 6 VOMS Architecture DB JDBC GSI https Tomcat & java-sec axis VOMS impl servlet vomsd Perl CLI Web interface voms-proxy-init mkgridmap DBI https VOMS server soap + SSL MySQL db – with history and audit records  User query server and client (C++)  Java Web Service based administration interface n Perl client (batch processing) n Web browser client (generic administrative tasks)  Web server interface for mkgridmap

7. Overview of the New Security Model - n° 7 Migration to VOMS VO-LDAPVOMS userservice proxy grid-mapfile voms-ldap-sync grid-proxy-init phase 0. VOMS userservice proxy (voms) grid-mapfile phase 2. VO-LDAPVOMS userservice proxy grid-mapfile voms-ldap-sync grid-proxy-init phase 1. VOMS userservice phase 3. proxy (voms) testing the VOMS serversuser management on VOMS compatibility mode: mixed servicesfully migrated: only VOMS-aware services VO-LDAP grid-proxy-init edg-mkgridmap voms-proxy-init edg-mkgridmap voms-proxy-init

8. Overview of the New Security Model - n° 8 Auth/Authz in Services  GSI based or compatible authentication  grid-mapfile or VOMS based authorization (can be both)  policy or ACL based access control n coarse and fine grained solutions n access control description’s syntax is not standard  implemented alternatives: n edg-java-security for Java web services n GSI/LCAS/LCMAPS for native C/C++ services n mod_ssl/GACL for Apache based web services n (Slahgrid for transparent filesystem ACLs)

9. Overview of the New Security Model - n° 9  Local Centre Authorization Service (LCAS) n Handles authorization requests to local fabric s authorization decisions based on proxy user certificate and job specification; s supports grid-mapfile mechanism. n Plug-in framework (hooks for external authorization plugins) s allowed users (grid-mapfile or allowed_users.db), banned users (ban_users.db), available timeslots (timeslots.db) s plugin for VOMS (to process authorization data)  Local Credential Mapping Service (LCMAPS) n provides local credentials needed for jobs in fabric n mapping based on user identity, VO affiliation, local site policy Local Site Authorization

10. Overview of the New Security Model - n° 10 edg-java-security  Trust manager n GSI compatible authentication n Adapters to HTTP and SOAP n Currently deployed for Tomcat4  Authorization Manager n Authorization and mapping for Java services n Plug-in framework for maps: database, XML file and for backward compatibility: gridmap-file n Handles VOMS attributes

11. Overview of the New Security Model - n° 11 TODO  Test the pieces in the Testbeds  Implement the missing pieces and Discarding the unused  Common syntax and semantics for access control configurations  Substitution of VOMS certificates by Attribute Certificates (RFC3281)  Support for time cyclic/bound permissions and roles  Database replication  Use the security model -> get real life use cases