Presentation is loading. Please wait.

Presentation is loading. Please wait.

Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.

Similar presentations


Presentation on theme: "Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004."— Presentation transcript:

1 Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004

2 Manish Mehta, CS 590L Overview Grid applications are  Distributed  Heterogeneous environments  Within dynamic “virtual organizations”

3 Manish Mehta, CS 590L OGSA aims at.. Interoperable and Usable Grids for industry, e-science, and e-business. This demands …  Trust Relationship  Secure Communication

4 Manish Mehta, CS 590L What Security Services are required? Authentication Authorization Confidentiality Integrity Non-repudiation Secure Delegation

5 Manish Mehta, CS 590L What is current status? OGSA-Sec-WG has a draft out (June 2003) Web Services (WS) Architecture has gained more attention The Grid security is going to be based on WS security Architecture. GGF has not yet accepted the WS architecture fully. But seems that they don’t have choice.

6 Manish Mehta, CS 590L OGSA Security Architecture

7 Manish Mehta, CS 590L OGSA Security Architecture (contd.)

8 Manish Mehta, CS 590L Basic requirements for authentication Credential processing  Validate authentication tokens Authorization  Evaluate the request against policy Credential Conversion  Bridging different Trust Domains Identity Mapping  Map identities in different domains

9 Manish Mehta, CS 590L GT2 model Uses PKI  Kerberos, SSH, CRISIS were also reviewed. Claims to introduce “proxy certificates” Single entity decides its own Trust Domain (consequence of PKI) Uses SSL

10 Manish Mehta, CS 590L GT3 Model 2 main advantages over GT2  Use of WS security protocol  Tight least-privilege model Main Difference  Uses SOAP as opposed to TCP

11 Manish Mehta, CS 590L What are the problems? (Mainly due to WS security architecture) Extension of the existing SSL infrastructure and use of authentication tokens at service level. Need for authentication and authorization demands more than SSL. (Two-way) Due to dynamic creation of services, key management becomes an issue.

12 Manish Mehta, CS 590L What is needed in future? The WS security architecture is also immature and ill defined. Concrete specification needed. OGSA does not fully adopt the WS security. GGF has to patch the holes in Architecture.


Download ppt "Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004."

Similar presentations


Ads by Google