Download presentation
Presentation is loading. Please wait.
Published byChristine Jordan Modified over 9 years ago
1
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester
2
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 2 Overview Security in EDG/GridPP-1 Currently deployed (EDG 2.0) Being integrated (EDG 2.1) GridPP-2 requirements GridPP-2 proposal GGF Involvement Research Areas
3
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 3 Security in EDG / GridPP-1 When proposals were written, Security mostly just seen as Authentication (CAs etc) –From Globus, we inherited the static, manually edited /etc/grid-security/grid-mapfile Better Authorization mechanisms were needed to make the Testbed actually work. In EDG, security effort split between WP7 (networking) and WP6 (“getting things to work”), but also components inside WP1-5. –In GridPP, security middleware effort from WP6.
4
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 4 Currently deployed middleware Pool accounts (from GridPP) –an short term measure that’s become long term and ubiquitous. XML Grid Access Control Lists (from GridPP) –used by Storage Element, but grew out of GridPP GridSite work. Other components: –INFN’s VO-LDAP server (GridSite implementation of this used for GridPP+BaBar) –WP2 Java Security packages. –Specific security pieces inside each WP.
5
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 5 Middleware being integrated INFN-WP6/WP2 Virtual Organisation Membership Service is major component –(GACL support for VOMS attribute certs already present in EDG 1.x/2.0) GACL support in WP4 LCAS/EDG Gatekeeper –so can write XML site access policies, rather than use grid-mapfile VOMS, and new GSI + X509v3 support added to GridSite and mod_ssl-gridsite –HTTPS servers controlled by VOMS+GACL WP1 Logging and Bookkeeping using GACL
6
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 6 GridPP2 Security Middleware GridPP2 focuses on practical requirements of production systems (LCG + EGEE) Many gaps in functionality of security systems –eg accounting / usage control Based on WP6 + WP8 + LCG requirements documents, identified 8 tasks –extend GridPP 1 work to address urgent gaps Research rather than implementation areas left out of this –aim to get funding for these elsewhere
7
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 7 GridPP2 Proposal GridPP2 Security Middleware Proposal –Java and C++ APIs for GACL library –Add Usage Control (quotas etc) handling –Improve/generalise GridSite user interface –VO access and usage management service(s) –Support for other systems: CAS, VOM etc –Grid level Auditing/Intrusion Detection –Porting to other Unix/Windows flavours This was estimated at 4 FTE, but with 2.5 FTE in GridPP2 proposal as submitted.
8
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 8 GGF Involvement Participating / influencing / following GGF standards clearly helps our work: –less effort supporting multiple protocols –our implementation attractive to more projects I’m co-chair of Authz WG and now the OGSA-Authz WG –aim to standardise policy language (cf GACL) –assertion protocol (eg SAML, LCAS callout) –attribute formats (eg VOMS) Also contacts with Accounting GGF groups, via Manchester Computing / eSNW.
9
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 9 Research areas PPARC-funded e-Science Studentship –Starting now, on Authorization/Accounting. –Aim to get involved in GGF WGs’ protocols and models work, and apply to HEP contexts. –This may feed into GridPP2 implementations. Other research proposals underway: –How to support ad-hoc, short term VOs –Using SlashGrid to create on-demand security contexts and sandboxes for native binaries –Medical Applications, including extensions of PPARC/MRC project at Manchester
10
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 10 Summary GridPP has made significant security middleware contributions to EDG –More will be deployed when EDG 2.1 released For GridPP-2, we identified key practical requirements –wait to see how many can be addressed Direct involvement in GGF standards process Other funding obtained (studentship) or being sought (EU and MRC/DoH) for further research rather than implementation
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.