Download presentation
Presentation is loading. Please wait.
Published bySibyl Garrison Modified over 8 years ago
1
WP3 Security and R-GMA Linda Cornwall, RAL
2
WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 2 Current Status Currently, no security in R-GMA. We have looked at Spitfire Security Currently this is being removed from Spitfire, and turned into a separate package Their TrustManager should be used for Authentication for testbed 2. Their Authorization is not really suitable for us.
3
WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 3 Security for TB2 Access via https, no http access allowed. –Partly due to limited Authorization functionality. A certificate acceptable to EDG will be needed to do anything. Mutual Authentication must take place between between all components. Authentication will take place between users and R-GMA.
4
WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 4 Security for TB2 - continued Authorization will be limited to job control information Access to job control information will be restricted such that users can only see information on their own jobs. All other information, including both read and write access, will be open to everyone with EDG authentication
5
WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 5 Get a certificate! All users will need a user certificate All services will need a service certificate. –SCG decided to go for CA signed service certificates for TB2. We expect this is the way we will go. All users and developers who don’t have a certificate from a CA accepted by EDG should apply for one. We recommend users and developers also register with an EDG VO
6
WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 6 Security in the Future – Authentication http or https will be allowed. https – if authentication either of the service, or of the user, is needed. http – to avoid overhead of https.
7
WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 7 Security in the Future - Authorization Authorization will need to apply to any action e.g. –Setup a table –Read from a table –Read a specific item of information –Find what information producers exist
8
WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 8 Authorization dependency Nothing – e.g. some information may be visible to anyone. Authentication of the user only User’s VO membership User’s Role Individual DN or list of DN’s (See D7.5)
9
WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 9 Authorization implementation Need to pass user’s DN, VO membership and Role to R-GMA. Whenever a user makes a request – it will be necessary to decide whether they are authorized to carry out that action. Authorization policy will need to go with each table, and with each row of each table. Authorization policy goes with the data.
10
WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 10 R-GMA – TB2 Sensor Code Producer API Application Code Consumer API Registry “Event Dictionary” Consumer Instance Registry API Registry API Producer Instance Schema API Schema If job info –does DN match?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.