Research and development efforts within the Grid community have produced protocols, services, and tools that address the challenges arising when we seek to build scalable virtual organizations (VOs). For the purpose of this paper, a virtual organization is defined as a set of individuals and/or institutions sharing resources and services under a set of rules and policies governing the extent and conditions for that sharing. As stated in [ANA], “the sharing that Grid environments are concerned with is not primarily file exchange but rather direct access to computers, software, data, and other resources, as is required by a range of collaborative problem-solving and resource-brokering strategies emerging in industry, science, and engineering. This sharing is, necessarily, highly controlled, with resource providers and consumers defining clearly and carefully just what is shared, who is allowed to share, and the conditions under which sharing occurs.”
What distinguishes a VO from a classical organization is that it may gather individuals and/or institutions that have agreed to share resources and otherwise collaborate on an ad-hoc, dynamic basis, while they continue to belong to different real organizations, each governed by their own set of internal rules and policies. This poses a challenge when combined with the fact that an individual or institution may be a member of several VOs simultaneously. From a security point of view, one is thus confronted with protection domains that may superpose, straddle, and intersect one another in many different ways. Within this context, we require interoperability among domains while maintaining a clear separation of the security policies and mechanisms deployed by both virtual and real organizations.
The technologies that have evolved from the Grid community include security solutions that support management of credentials and policies when computations span multiple institutions; resource management protocols and services that support secure remote access to computing and data resources and the co-allocation of multiple resources; information query protocols and services that provide configuration and status information about resources, organizations, and services; and data management services that locate and transport datasets between storage systems and applications. These core technologies are evolving to include a programming model as proposed by the Open Grid Services architecture (OGSA) [PSY], which describes a set of characteristics that an OGSA service provider must adhere to and how service requestors should interact with it. These technologies take into account the fact that Grid service application topologies include a broad combination of mobile devices, gateways, proxies, load balancers, demilitarized zones (DMZs), outsourced data centers, and globally distributed, dynamicallyconfigured systems. Many of these systems rely on the ability for message processing intermediaries to forward messages.
A fundamental construct underlying many of the required attributes of the Grid services architecture is that of service virtualization. It is virtualization of Grid services that underpins the ability to map common service semantic behavior seamlessly onto native platform facilities. Current OGSA design work focuses on the adaptation of the Web Services Description Language (WSDL) for this purpose [PSY], although other interface definition languages (IDLs) could also be used.
Controlling access to services through robust security protocols and security policy is paramount to controlling access to VO resources and assets. Thus, authentication mechanisms are required so that the identity of individuals and services can be established, and service providers must implement authorization mechanisms to enforce policy over how each service can be used. The requirement for composition complicates issues of policy enforcement, as one must be able to apply and enforce policy at all levels of composition and to translate policies between levels of composition. For example, when running a data mining query against a distributed collection of databases, we might need to enforce not only database-specific access control policies based on the identity of the requestor but also resource consumption policies associated with the VO.
To address these challenges, this paper proposes an evolutionary approach to creating secure, integrated and interoperable Grid services based on a set of security abstractions that unify formerly dissimilar technologies. The following sections discuss the security challenges encountered in Grid environments (Section 2), and translate those challenges into requirements (Section 3). The paper then presents an architecture for a Grid security model that addresses the identified security challenges and requirements.
Contents
Abstract
1 Introduction
2 Security Challenges in a Grid Environment
- 2.1 The Integration Challenge
2.2 The Interoperability Challenge
2.3 The Trust Relationship Challenge
3 Grid Security Requirements
4 Grid Security Model Principles
- 4.1 Secure Invocation of Grid Services
4.2 Grid Security Services
5 Grid Security Model
- 5.1 Binding Security
5.2 Policy Expression and Exchange
5.3 Secure Association
5.4 Identity and Credential Mapping/Translation
5.5 Authorization Enforcement
5.6 Privacy Enforcement
5.7 Trust
5.8 Secure Logging
5.9 Management of Security
6 Relationship to Security Standards
7 Security as Services
8 Use Patterns
- 8.1 Typical e-business Use Pattern
8.2 Scenario Involving Intermediaries
9 Summary
10 Terminology
11 Acknowledgements
12 References
13 Contact Information
