| Globus Toolkit Security Projects |
|
Security is often a preferred target for fear, uncertainty, and doubt (FUD) around new enterprise technologies. Recent FUD suggests that research / science Grids don't have a handle on security. Read about four open source security efforts underway in e-Science and academia that suggest otherwise. Grid-Shibboleth Integration (Grid Shib) The Shibboleth project (out of Internet2) is a middleware effort that lets different universities collaborate and share Web resources. It employs 'campus identity and access management infrastructures' to control individual authentication, essentially serving as a broker service with which resource providers can connect to verify that requesters meet criteria for access. It's a compelling identity federation effort that has some historic success under its belt, and new efforts exist to link it into grids based on the Globus Toolkit. "Shibboleth was designed and deployed in a browser-centric world," siad Frank Siebenlist, Senior Software Architect in the Distributed Systems Laboratory at Argonne National Laboratory. "What the Grid-Shib project does is to make that same Shibboleth attribute service available to more Web service and Globus-oriented deployments. So the clients are no longer just browsers; they are Web services clients that interact with application services across administrative domains, and those application services can then call back to the Shibboleth services of the client to obtain attributes that can be used for the access control authorization requirements. Grid-Shib will essentially leverage all of the good work that Shibboleth has done and make it available to a Web services-based community. We have received NSF funding to make this happen." The Globus Toolkit and the Handle System Another interesting new area for grid security is the growing discussion around developing a handle system for the grid. This Handle System could be an alternative implementation that you could use for attribution servers and naming servers in general. The handle system, which is being worked on by the Corporation for National Research Initiatives (CRNI), would not only provide attribute services but it would also serve as an infrastructure and root service able to resolve resource names globally. It is very much a domain name system (DNS) type of model. You have a global naming system and values or attributes that are bound to that name. It's like the DNS on steroids -- security is truly integrated into the whole fabric. It will have all the good features of transparent applications, and it allows individuals to administer their own bindings, so you can push the access rights of the bindings down to the individual names. The concept of having a centralized root system for registering grid resources is interesting, as we consider the future of 'extra-grids,' where coordinated resource sharing requires us to think about distributed policy requirements and resource discovery issues. David Holtzman, former CTO of Network Solutions (acquired by Verisign for $20 billion in '00), led the team that ran the DNS in the late '90s and oversaw the growth of the Internet from 500,000 domain names to more than 20 million. Network Solutions' contract with the National Science Foundation meant that anyone who wanted to have a domain name and participate in the Internet had to go through the Network Solutions domain name registrar system. Holtzman sees the grid handle system as the logical next step in the grid evolution, and he thinks the collective body of vendors with commercial interests in grid would be smart to stand behind it. "Managing millions of domain names was a tremendous challenge, but the idea of accounting for billions of resources participating in a global grid is mind-numbing," Holtzman said. "Having the inventory of resources consolidated in a central broker seems like a logical step to solving the issues. One lesson I've learned from the bad-boy days of the early commercial Internet is that harnessing distributed power is not so much a matter of leveraging the sum of the individual components but of building an appropriate framework so that each constituent can derive value from the whole without being forced to make one-off tactical decisions in the enterprise. Building a handle system empowers the lowest management point in the organization to fully utilize the technology without constantly building organizational consensus. I believe that the DNS system, for this reason, was the prime catalyst for the rapid adoption of the commercial Internet in the late '90s." This Globus handle system project intends to provide a Web services interface to the handle system leveraging standard interfaces, like SAML attribute query interfaces, XKMS queries, with simple name/value resolutions. "When you collaborate between virtual organizations, you need a way to manage the group membership and add more people to it, and add resources to it," Siebenlist said. "This handle system will be a place to manage that information and manage the attributes that we assign to the different entities and individuals." The Earth System Grid The Earth System Grid II is a research project that's leveraging grid to make it easier for scientists to securely access the massive amounts of distributed data they need to do complex collaborative work around climate modeling. With the Earth System Grid, data is stored at different administrative sites and different organizations. They keep a central database of meta-information about the available data, so scientists can browse through and decide what kind of information they want. Grid security comes into the picture when the data itself is retrieved from these different sites. "It becomes a real authorization challenge," Siebenlist said. "All these different sites can't know about the individuals that access their data because that would push the administrative burden to all of these organizations that maintain the data." So the organizations trust the Earth System Grid to do the access control for them and make sure that the access is only granted to users with appropriate rights. It's an example of a delegation of rights: When the users want to get the big files from the other organizations, they have to bring with them an authorization assertion from the Earth System Grid authority that tells the external organizations that this individual is allowed to retrieve this file. It's a type of authorization assertion -- a statement that says that this individual can retrieve those files if it's signed by the Earth System Grid authority. "That authority is known by the external organization, and it will honor those statements," Siebenlist said. "When the users browse through the metadata, they are known to the system through authentication. They must have been given the right through group memberships, and they're only allowed to see certain types of files. But that access control knowledge is all confined to the Earth System Grid portal. It is not known to all of the external sites. They don't want to be burdened with all that administrative knowledge. The only thing these external sites know is the authority of the Earth Systems Grid. And they trust that authority to make access control authorizations." IBM's Work with the University of Virginia Last year, IBM completed a sponsorship of an effort called CredEx with the University of Virginia to build an infrastructure based on open source (contributing to Apache), as a starting point for grid security frameworks. The problem it set to address was the need to bridge different computing systems. "Increasingly, users demand access to a wide range of different computing systems," said Nataraj Nagaratnam, senior technical staff member and lead architect, On demand security infrastructure, IBM. "The problem is that each system usually uses its own authentication system. Who doesn't have a ton of different passwords for all of the Web sites they access? Often, the type of security token used for authentication isn't even the same. Some systems use user names and passwords. Others use X.509-based public key cryptography. Still others use the Kerberos network authentication protocol. The challenge for users involves storing and managing this wide range of tokens so that the right token in the right format is available when they want to use a certain system. CredEx focuses on standards-based compliant credential exchange, using Web services for security token management and exchange in grid environments. By building on open standards like WS-Security (for SOAP-message security) and WS-Trust (for security token exchange), CredEx maximizes interoperability with existing and emerging systems. Users upload credentials (which could be in one or more formats), stored on the server. Then, when users need to be authenticated by other systems, they can retrieve their stored credentials by exchanging a security token, like a user name and password." The CredEx effort helped the university bridge Globus with WebSphere and .NET, based on WS-Security and WS-Trust. Key features of the CredEx security model include:
|
