The Grid, Globus Security

Document Sample
The Grid, Globus Security Powered By Docstoc
					The Grid, Globus &
     Security
InfoLunch Seminar - 12:00pm, Wed, Aug 3, 2005
     L3S Research Center, Hannover, Germany


                       Frank Siebenlist
(Globus Alliance / Argonne National Laboratory / University of Chicago)
             franks@mcs.anl.gov   -   http://www.globus.org/
                    The Globus Alliance
                       Making Grid computing a reality

      Close collaboration with real Grid projects in science and industry

      Development and promotion of standard Grid protocols (e.g.
       OGSA) to enable interoperability and shared infrastructure

      Development and promotion of standard Grid software APIs and
       SDKs to enable portability and code sharing

      The Globus Toolkit®: Open source, reference software base for
       building Grid infrastructure and applications

      Global Grid Forum: Development of standard protocols and APIs
       for Grid computing




Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security         2
                                Outline
        Part One
        Globus Toolkit Introduction
        The Big Security Picture
        What is Grid Security?
        Current Grid/Globus Security

        Part Two
        2004: The year we lost control of the desktop
        Leverage Security Service Implementations
        GT’s Authorization Processing Framework

        Futures and Conclusion
        Discussion

Aug 3, 2005           L3S InfoLunch: The Grid, Globus and Security   3
          On April 29, 2005 the
         Globus Alliance released
         the finest version of the
          Globus Toolkit to date!


               GT-4.0
Aug 3, 2005   L3S InfoLunch: The Grid, Globus and Security   4
     The Application-Infrastructure Gap

                               Dynamic
                                and/or
                              Distributed
                              Applications



              Shared Distributed Infrastructure
                                                       A               B


                                                   1               1



                                                             9             9
Aug 3, 2005         L3S InfoLunch: The Grid, Globus and Security               5
                  Bridging the Gap:
                  Grid Infrastructure
                                                           Users
      Service-oriented applications                               Composition
          Wrap applications as
                                                       Workflows
           services                                           Invocation
          Compose applications
           into workflows                         Appln              Appln
                                                 Service            Service
      Service-oriented Grid
       infrastructure                                   Provisioning
          Provision physical
           resources to support
           application workloads
Aug 3, 2005         L3S InfoLunch: The Grid, Globus and Security              6
              Globus is Grid Infrastructure
        Software for Grid infrastructure
             Service enable new & existing resources
             E.g., GRAM on computer, GridFTP on storage
              system, custom application service
             Uniform abstractions & mechanisms
        Tools to build applications that exploit Grid
         infrastructure
             Registries, security, data management, …
        Open source & open standards
             Each empowers the other
        Enabler of a rich tool & service ecosystem




Aug 3, 2005            L3S InfoLunch: The Grid, Globus and Security   7
   A Typical eScience Use of Globus:
Network for Earthquake Eng. Simulation




Links instruments, data,
     computers, people The Grid, Globus and Security
 Aug 3, 2005    L3S InfoLunch:                         8
                                  LHC Data Distribution
                                    ~PBytes/sec
                                                                                                               1 TIPS is approximately 25,000
                                                       Online System          ~100 MBytes/sec
                                                                                                               SpecInt95 equivalents
                                                                                   Offline Processor Farm
         There is a “bunch crossing” every 25 nsecs.                                      ~20 TIPS
         There are 100 “triggers” per second                                                            ~100 MBytes/sec
         Each triggered event is ~1 MByte in size
                                                                         Tier 0               CERN Computer Centre
                                                      ~622 Mbits/sec
                                       or Air Freight (deprecated)
Tier 1
         France Regional                   Germany Regional                  Italy Regional                     FermiLab ~4 TIPS
             Centre                            Centre                           Centre
                                                                                                                              ~622 Mbits/sec


                                                           Tier 2            Caltech                  Tier2    Tier2 Centre
                                                                                              Tier2 Centre Centre        Tier2 Centre
                                                                             ~1 TIPS            ~1 TIPS ~1 TIPS ~1 TIPS ~1 TIPS
                                            ~622 Mbits/sec


                               Institute
                                       Institute Institute       Institute
                              ~0.25TIPS                                                       Physicists work on analysis “channels”.

     Physics data cache                                                                       Each institute will have ~10 physicists working on one or more
                                                ~1 MBytes/sec                                 channels; data for these channels should be cached by the
                                                                                              institute server
                                                                Tier 4
                   Physicist workstations


Aug 3, 2005                                 L3S InfoLunch: The Grid, Globus and Security                                                                  9
                          Globus Toolkit
        Core Web services
             Infrastructure for building new services
        Security
             Apply uniform policy across distinct systems
        Execution management
             Provision, deploy, & manage services
        Data management
             Discover, transfer, & access large data
        Monitoring
             Discover & monitor dynamic services



Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security   10
Globus Toolkit version 4 (GT4)                                                Core

                                                                             Contrib/
                                  Grid                                       Preview
                               Telecontrol                                   Depre-
                                 Protocol                                    cated
                               Community
                   Data                                       Python
 Delegation                    Scheduling       WebMDS
                 Replication                                  WS Core
                               Framework

 Community Data Access       Workspace                          C
                                                 Trigger                      Web
Authorization & Integration Management                        WS Core
                                                                            Services
                  Reliable     Grid Resource                              Components
Authentication                                                 Java
Authorization
                    File        Allocation &     Index
                                Management                    WS Core
                  Transfer

   Pre-WS                          Pre-WS        Pre-WS
                                                             C Common
Authentication    GridFTP      Grid Resource   Monitoring
Authorization                  Alloc. & Mgmt                  Libraries
                                               & Discovery                  Non-WS
                                                                          Components
 Credential        Replica                                   eXtensible
   Mgmt           Location     www.globus.org                 IO (XIO)

                                Execution         Info       Common
  Security       Data Mgmt
                                  Mgmt          Services     Runtime
                             GT4 Components
                         Your         Your       Your                          Your                   Your
                                                                                                     Your               Your
                                                                                                                       Your
CLIENT                  Your         Your       Your                          Your
                         Java           C      Python                          Java                    CC             Python
                                                                                                                      Python
                        Java           C       Python                         Java
                         Client       Client    Client                         Client                 Client
                                                                                                     Client            Client
                                                                                                                      Client
                        Client       Client    Client                         Client




                 Interoperable
                                                             X.509 credentials =
               WS-I-compliant
                                                             common authentication
              SOAP messaging


                                                          Your       Your




                                                                                                                                     Pre-WS MDS
                                                                                                                      Pre-WS GRAM
     Your
                                          OGSA-DAI
                        Delegation




    Your




                                                                                          SimpleCA
                         Archiver




                                                                                                      MyProxy
                                                                                GridFTP
                                                         Python       C
                         Trigger




     Java
                 GRAM




                                           GTCP


    Java
                          Index



                                            CAS
                  RFT




                                                                                                                RLS
   Service                                               Service    Service
   Service
                                                         pyGlobus   C WS
                                                         WS Core    Core


               Java Services in Apache Axis Python hosting,                      C Services using GT
SERVER
              Plus GT Libraries and Handlers GT Libraries                       Libraries and Handlers
Aug 3, 2005                       L3S InfoLunch: The Grid, Globus and Security                                                      12
                      Our Goals for GT4
        Usability, reliability, scalability, …
             Web service components have quality equal or
              superior to pre-WS components
             Documentation at acceptable quality level
        Consistency with latest standards (WS-*, WSRF,
         WS-N, etc.) and Apache platform
             WS-I Basic Profile compliant
             WS-I Basic Security Profile compliant
        New components, platforms, languages
             And links to larger Globus ecosystem




Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security   13
              GT4 Common Runtime                                                 Core

                                                                                Contrib/
                                     Grid                                       Preview
                                  Telecontrol                                   Depre-
                                    Protocol                                    cated
                                  Community
                      Data                                       Python
    Delegation                    Scheduling       WebMDS
                    Replication                                  WS Core
                                  Framework

    Community Data Access       Workspace                          C
                                                    Trigger                      Web
   Authorization & Integration Management                        WS Core
                                                                               Services
                     Reliable     Grid Resource                              Components
   Authentication                                                 Java
   Authorization
                       File        Allocation &     Index
                                   Management                    WS Core
                     Transfer

      Pre-WS                          Pre-WS        Pre-WS
                                                                C Common
   Authentication    GridFTP      Grid Resource   Monitoring
   Authorization                  Alloc. & Mgmt                  Libraries
                                                  & Discovery                  Non-WS
                                                                             Components
    Credential        Replica                                   eXtensible
      Mgmt           Location     www.globus.org                 IO (XIO)

                                   Execution         Info        Common
     Security       Data Mgmt
                                     Mgmt          Services      Runtime
Aug 3, 2005                L3S InfoLunch: The Grid, Globus and Security             14
                        GT4 Web Services Core

                                       User Applications



                                       Custom     GT4




                                                                             Administration
                                      WSRF Web WSRF Web




                                                                               Registry
                        Custom
        GT4 Container




                                       Services Services
                         Web
                        Services
                                        WS-Addressing, WSRF,
                                           WS-Notification

                               WSDL, SOAP, WS-Security

Aug 3, 2005                   L3S InfoLunch: The Grid, Globus and Security                    15
                 GT4 Web Services Core
        Supports both GT (GRAM, RFT, Delegation, etc.) &
         user-developed services
        Redesign to enhance scalability, modularity,
         performance, usability
        Leverages existing WS standards
             WS-I Basic Profile: WSDL, SOAP, etc.
             WS-Security, WS-Addressing
        Adds support for emerging WS standards
             WS-Resource Framework, WS-Notification
        Java, Python, & C hosting environments
             Java is standard Apache




Aug 3, 2005            L3S InfoLunch: The Grid, Globus and Security   16
                 WSRF & WS-Notification
   Naming and bindings (basis for virtualization)
        Every resource can be uniquely referenced, and has one or more associated
         services for interacting with it
   Lifecycle (basis for fault resilient state mgmt)
        Resources created by services following factory pattern
        Resources destroyed immediately or scheduled
   Information model (basis for monitoring, discovery)
        Resource properties associated with resources
        Operations for querying and setting this info
        Asynchronous notification of changes to properties
   Service groups (basis for registries, collective svcs)
        Group membership rules & membership management
   Base Fault type




Aug 3, 2005               L3S InfoLunch: The Grid, Globus and Security         17
                        GT4 Security                                             Core

                                                                                Contrib/
                                     Grid                                       Preview
                                  Telecontrol                                   Depre-
                                    Protocol                                    cated
                                  Community
                      Data                                       Python
    Delegation                    Scheduling       WebMDS
                    Replication                                  WS Core
                                  Framework

    Community Data Access       Workspace                          C
                                                    Trigger                      Web
   Authorization & Integration Management                        WS Core
                                                                               Services
                     Reliable     Grid Resource                              Components
   Authentication                                                 Java
   Authorization
                       File        Allocation &     Index
                                   Management                    WS Core
                     Transfer

      Pre-WS                          Pre-WS        Pre-WS
                                                                C Common
   Authentication    GridFTP      Grid Resource   Monitoring
   Authorization                  Alloc. & Mgmt                  Libraries
                                                  & Discovery                  Non-WS
                                                                             Components
    Credential        Replica                                   eXtensible
      Mgmt           Location     www.globus.org                 IO (XIO)

                                   Execution         Info        Common
     Security       Data Mgmt
                                     Mgmt          Services      Runtime
Aug 3, 2005                L3S InfoLunch: The Grid, Globus and Security             18
                         Globus Security
        Control access to shared services
             Address autonomous management, e.g., different
              policy in different work-groups
        Support multi-user collaborations
             Federate through mutually trusted services
             Local policy authorities rule
        Allow users and application communities to set up
         dynamic trust domains
             Personal/VO collection of resources working together
              based on trust of user/VO




Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security   19
                              GT4 Security
        Public-key-based authentication
        Extensible authorization framework based on Web
         services standards
             SAML-based authorization callout
                  As specified in GGF OGSA-Authz WG
             Integrated policy decision engine
                  XACML policy language, per-operation policies, pluggable
        Credential management service
             MyProxy (One time password support)
        Community Authorization Service
        Standalone Delegation Service




Aug 3, 2005                L3S InfoLunch: The Grid, Globus and Security       20
        GT4’s Use of Security Standards




              Supported,           Supported,                     Fastest,
               but slow            but insecure                  so default
Aug 3, 2005       L3S InfoLunch: The Grid, Globus and Security            21
                  GT-XACML Integration
        eXtensible Access Control Markup Language
             OASIS standard, open source implementations
        XACML: sophisticated policy language
        Globus Toolkit ships with XACML runtime
             Included in every client and server built on GT
             Turned-on through configuration
        … that can be called transparently from runtime
         and/or explicitly from application …
        … and we use the XACML-”model” for
         our Authz Processing Framework



Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security   22
      Other Security Services Include …
        MyProxy
             Simplified credential management
             Web portal integration
             Single-sign-on support
        KCA & kx.509
             Bridging into/out-of Kerberos domains
        SimpleCA
             Online credential generation
        PERMIS
             Authorization service callout




Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security   23
              GT4 Data Management                                                Core

                                                                                Contrib/
                                     Grid                                       Preview
                                  Telecontrol                                   Depre-
                                    Protocol                                    cated
                                  Community
                      Data                                       Python
    Delegation                    Scheduling       WebMDS
                    Replication                                  WS Core
                                  Framework

    Community Data Access       Workspace                          C
                                                    Trigger                      Web
   Authorization & Integration Management                        WS Core
                                                                               Services
                     Reliable     Grid Resource                              Components
   Authentication                                                 Java
   Authorization
                       File        Allocation &     Index
                                   Management                    WS Core
                     Transfer

      Pre-WS                          Pre-WS        Pre-WS
                                                                C Common
   Authentication    GridFTP      Grid Resource   Monitoring
   Authorization                  Alloc. & Mgmt                  Libraries
                                                  & Discovery                  Non-WS
                                                                             Components
    Credential        Replica                                   eXtensible
      Mgmt           Location     www.globus.org                 IO (XIO)

                                   Execution         Info        Common
     Security       Data Mgmt
                                     Mgmt          Services      Runtime
Aug 3, 2005                L3S InfoLunch: The Grid, Globus and Security             24
                  GT4 Data Management
        Stage/move large data to/from nodes
             GridFTP, Reliable File Transfer (RFT)
             Alone, and integrated with GRAM
        Locate data of interest
             Replica Location Service (RLS)
        Replicate data for performance/reliability
             Distributed Replication Service (DRS)
        Provide access to diverse data sources
             File systems, parallel file systems, hierarchical
              storage: GridFTP
             Databases: OGSA DAI




Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security   25
                                                                           Bandwidth Vs Striping
                                                          20000
                                                          18000
                                                                       Disk-to-disk on
                                                          16000
                                                                       TeraGrid




                                       Bandwidth (Mbps)
     GridFTP in GT4
                                                          14000
                                                          12000
                                                          10000

   100% Globus code                                      8000
                                                          6000
        No licensing issues                              4000
                                                          2000
        Stable, extensible                                  0

    IPv6 Support
                                                                  0   10      20     30      40    50      60          70

                                                  Degree of Striping

   XIO for different transports     # Stream = 1     # Stream = 2                                      # Stream = 4
                                     # Stream = 8     # Stream = 16                                     # Stream = 32
   Striping  multi-Gb/sec wide area transport
        27 Gbit/s on 30 Gbit/s link
   Pluggable
        Front-end: e.g., future WS control channel
        Back-end: e.g., HPSS, cluster file systems
        Transfer: e.g., UDP, NetBLT transport



Aug 3, 2005            L3S InfoLunch: The Grid, Globus and Security                                             26
                         Reliable File Transfer:
                          Third Party Transfer
    Fire-and-forget transfer                                       RFT Client
    Web services interface
                                                       SOAP                       Notifications
    Many files & directories                         Messages                     (Optional)

    Integrated failure recovery                                    RFT Service

    Has transferred 900K files
GridFTP Server                                                                 GridFTP Server

       Master       Protocol      Data                     Data          Protocol     Master
        DSI       Interpreter    Channel                  Channel      Interpreter     DSI

           IPC Link                                                            IPC Link

        IPC           Slave       Data                     Data           Slave        IPC
      Receiver         DSI       Channel                  Channel          DSI       Receiver



    Aug 3, 2005                 L3S InfoLunch: The Grid, Globus and Security                    27
              Replica Location Service
   Identify location of files via
    logical to physical name map                  Index           Index
   Distributed indexing of
    names, fault tolerant update
    protocols
   GT4 version scalable & stable
   Managing ~40 million files            Local Update Bloom Bloom
    across ~10 sites                       DB    send   filter filter
                                                (secs) (secs) (bits)
                                           10K        <1          2       1M
                                           1M           2         24      10 M
                                           5M           7         175     50 M
Aug 3, 2005        L3S InfoLunch: The Grid, Globus and Security             28
                         Reliable Wide Area Data
                                Replication
                       LIGO Gravitational Wave Observatory




                                                          Birmingham•
                                                                        Cardiff




                                                                   AEI/Golm




Replicating >1 Terabyte/day to 8 sites
>30 million replicas so far
MTBF = 1 month InfoLunch: The Grid, Globus and Security
 Aug 3, 2005   L3S www.globus.org/solutions                                29
      GT4 Execution Management                                                   Core

                                                                                Contrib/
                                     Grid                                       Preview
                                  Telecontrol                                   Depre-
                                    Protocol                                    cated
                                  Community
                      Data                                       Python
    Delegation                    Scheduling       WebMDS
                    Replication                                  WS Core
                                  Framework

    Community Data Access       Workspace                          C
                                                    Trigger                      Web
   Authorization & Integration Management                        WS Core
                                                                               Services
                     Reliable     Grid Resource                              Components
   Authentication                                                 Java
   Authorization
                       File        Allocation &     Index
                                   Management                    WS Core
                     Transfer

      Pre-WS                          Pre-WS        Pre-WS
                                                                C Common
   Authentication    GridFTP      Grid Resource   Monitoring
   Authorization                  Alloc. & Mgmt                  Libraries
                                                  & Discovery                  Non-WS
                                                                             Components
    Credential        Replica                                   eXtensible
      Mgmt           Location     www.globus.org                 IO (XIO)

                                   Execution         Info        Common
     Security       Data Mgmt
                                     Mgmt          Services      Runtime
Aug 3, 2005                L3S InfoLunch: The Grid, Globus and Security             30
         Execution Management (GRAM)
        Common WS interface to schedulers
             Unix, Condor, LSF, PBS, SGE, …
        More generally: interface for process
         execution management
          Lay down execution environment
          Stage data

          Monitor & manage lifecycle

          Kill it, clean up

        A basis for application-driven provisioning


Aug 3, 2005          L3S InfoLunch: The Grid, Globus and Security   31
                       GT4 WS GRAM
        2nd-generation WS implementation
         optimized for performance, flexibility,
         stability, scalability
        Streamlined critical path
             Use only what you need
        Flexible credential management
             Credential cache & delegation service
        GridFTP & RFT used for data operations
             Data staging & streaming output



Aug 3, 2005           L3S InfoLunch: The Grid, Globus and Security   32
                    GT4 WS GRAM Architecture
                                 Service host(s) and compute element(s)

                                            Job events
                                                               SEG
                     GT4 Java Container                                     Compute element
                             GRAM
                            GRAM              Local job control
                            services                                              Local
                           services




                                                       sudo
                                                              GRAM              scheduler
Client




                                 Transfer                     adapter
                    Delegation   request
         Delegate
                                                              GridFTP          User
                          RFT File
                                             FTP                                job
                          Transfer
                                             control
                                                                  FTP data
                                                                               Remote
                                                              GridFTP          storage
                                                                               element(s)


Aug 3, 2005                  L3S InfoLunch: The Grid, Globus and Security                   33
        GT4 Information Services                                                 Core

                                                                                Contrib/
                                     Grid                                       Preview
                                  Telecontrol                                   Depre-
                                    Protocol                                    cated
                                  Community
                      Data                                       Python
    Delegation                    Scheduling       WebMDS
                    Replication                                  WS Core
                                  Framework

    Community Data Access       Workspace                          C
                                                    Trigger                      Web
   Authorization & Integration Management                        WS Core
                                                                               Services
                     Reliable     Grid Resource                              Components
   Authentication                                                 Java
   Authorization
                       File        Allocation &     Index
                                   Management                    WS Core
                     Transfer

      Pre-WS                          Pre-WS        Pre-WS
                                                                C Common
   Authentication    GridFTP      Grid Resource   Monitoring
   Authorization                  Alloc. & Mgmt                  Libraries
                                                  & Discovery                  Non-WS
                                                                             Components
    Credential        Replica                                   eXtensible
      Mgmt           Location     www.globus.org                 IO (XIO)

                                   Execution         Info        Common
     Security       Data Mgmt
                                     Mgmt          Services      Runtime
Aug 3, 2005                L3S InfoLunch: The Grid, Globus and Security             34
                Monitoring and Discovery
        “Every service should be monitorable and
         discoverable using common mechanisms”
             WSRF/WSN provides those mechanisms
        A common aggregator framework for collecting
         information from services, thus:
             MDS-Index: Xpath queries, with caching
             MDS-Trigger: perform action on condition
             (MDS-Archiver: Xpath on historical data)
        Deep integration with Globus containers &
         services: every GT4 service is discoverable
             GRAM, RFT, GridFTP, CAS, …



Aug 3, 2005            L3S InfoLunch: The Grid, Globus and Security   35
                           GT4
                  Monitoring & Discovery                                 Clients
                                                                    (e.g., WebMDS)
                     GT4 Container
WS-ServiceGroup
                           MDS-
                           Index
 Registration &
WSRF/WSN Access
                            adapter

                                                                GT4 Cont.
    GT4 Container
           MDS-                Custom protocols
                                                                    MDS-
           Index             for non-WSRF entities                  Index
    Automated
   registration                             GridFTP
   in container
                                                                    RFT
    GRAM          User
 Aug 3, 2005         L3S InfoLunch: The Grid, Globus and Security             36
                                               GT4
                                           Documentation
                                                is
                                            Extensive!




Aug 3, 2005   L3S InfoLunch: The Grid, Globus and Security   37
                    Working with GT4
        Download and use the software, and provide
         feedback
             Join gt4friends@globus.org mail list
        Review, critique, add to documentation
             Globus Doc Project: http://gdp.globus.org
        Tell us about your GT4-related tool, service,
         or application
             Email info@globus.org



Aug 3, 2005          L3S InfoLunch: The Grid, Globus and Security   38
                                   Silver Bullet Hype-Curve…
                               OGSA: Open Grid Services Architecture
 Success/Maturity/Acceptance




                               WSRF: WebServices Resource Framework       Globus + OGSA
                                                                             + WSRF
                                                                          + WebServices

                                                   CORBA
                                                                                  WebServices
                                         DCE




                                                              Time
Aug 3, 2005                                      L3S InfoLunch: The Grid, Globus and Security   39
                                Outline
        Part One
        Globus Toolkit Introduction
        The Big Security Picture
        What is Grid Security?
        Current Grid Security

        Part Two
        2004: The year we lost control of the desktop
        Leverage Security Service Implementations
        GT’s Authorization Processing Framework

        Futures and Conclusion
        Discussion

Aug 3, 2005           L3S InfoLunch: The Grid, Globus and Security   40
                    Objective:
     Enable Cross-Organizational Collaboration




Aug 3, 2005    L3S InfoLunch: The Grid, Globus and Security   41
                           Security of
                     Grid Brokering Services
                                                                         Compute Facility


                                                                      Input
                                      Raw                             Data
                                      Data      Bandwidth
                                                   Svc
                  Data Source

                                                                    Compute
                                    Data Src                         Facility             Output
                                      Svc                             Svc                  Data




                                                     Scheduling
                                                        Svc                             Bandwidth
                        Requester                                                          Svc




• It is expected brokers will handle resource
coordination for users
• Each Organization enforces its own access policy                                        Result
                                                                                           Data
                                                                                Svc X
• User needs to delegate rights to broker which may
                                                                                  Post-Processing
need to delegate to services                                                          Facility


•QoS/QoP Negotiation and multi-level delegation
Aug 3, 2005                 L3S InfoLunch: The Grid, Globus and Security                            42
                 Security Objective:
              Forceful Enforcement (?)




Aug 3, 2005       L3S InfoLunch: The Grid, Globus and Security   43
              Security Services Objectives
        It’s all about “Policy”
             (Virtual) Organization’s Security Policy
             Security Services facilitate the enforcement


        Security Policy to facilitate “Business
         Objectives”
             Related to higher level “agreement”


        Security Policy often delicate balance
             More security  Higher costs
             Less security  Higher exposure to loss
             Risk versus Rewards
             Legislation sometimes mandates minimum security
Aug 3, 2005            L3S InfoLunch: The Grid, Globus and Security   44
              Security: Risk versus Reward




                                 QuickTime™ and a
                       TIFF (Uncompressed) decompressor
                          are needed to see this picture.




Aug 3, 2005         L3S InfoLunch: The Grid, Globus and Security   45
              Agreement  VO Security Policy
(Business) Agreement                                       Dynamic
   Price                                               VO Security Policy
   Cost                                                 members
   Obligations                                          resources
   QoS                 Static Initial
                    VO Security Policy                  roles
   T&Cs
   ……………            trust anchors
   Security                                             Attribute mgmt
   ……………
                    (initial) members
                                                        Authz mgmt
                    (initial) resources
                    (initial) roles

                    Access rules
                    Privacy rules


Aug 3, 2005         L3S InfoLunch: The Grid, Globus and Security         46
       Virtual Organization (VO) Concept
                                                            Virtual Community C


                                                                                                             Person E
                                                    Person B                       File server F1
                                                                                                           (Researcher)
                              Compute Server C1' (Administrator)                       (disk A)
                    Person A
                                                                           Person D
            (Principal Investigator)
                                                                         (Researcher)




                                                     Person B
                                                                                                            Person E
                                                      (Staff)              Person D File server F1          (Faculty)
   Compute Server C2           Compute Server C1                            (Staff) (disks A and B)
                       Person A                                                                       Person F
                       (Faculty)                                                                      (Faculty)
                                                Person C
                                                (Student)     Compute Server C3
                         Organization A                                           Organization B


               VO for each application/workload/collaboration
               Carve out and configure resources for a particular
                use and set of users

Aug 3, 2005                            L3S InfoLunch: The Grid, Globus and Security                                       47
               Effective Policy Governing
              Access Within A Collaboration




Aug 3, 2005         L3S InfoLunch: The Grid, Globus and Security   48
          Why Grid Security is Hard…(1)
        Resources being used may be valuable &
         the problems being solved sensitive
             Both users and resources need policy enforcement
        Dynamic formation and management of
         Virtual Organizations (VOs)
             Large, dynamic, unpredictable…
        VO Resources and Users are often located in
         distinct administrative domains
             Can’t assume cross-organizational trust agreements
             Different mechanisms & credentials
                  X.509 vs Kerberos, SSL vs GSSAPI,
                   X.509 vs. X.509 (different domains),
                  X.509 attribute certs vs SAML assertions


Aug 3, 2005                L3S InfoLunch: The Grid, Globus and Security   49
          Why Grid Security is Hard…(2)
     Interactions are not just client/server,
       but service-to-service on behalf of the user
         Requires delegation of rights by user to service
         Services may be dynamically instantiated
     Standardization of interfaces to allow for discovery,
      negotiation and use of resources/services
     Implementation must be broadly available & applicable
         Standard, well-tested, well-understood protocols;
          integrated with wide variety of tools
     Policy from sites, VO, users need to be combined
         Varying formats
     Want to hide as much as possible from applications!



Aug 3, 2005           L3S InfoLunch: The Grid, Globus and Security   50
                  The Grid Trust solution
        Instead of setting up trust relationships at
         the organizational level
         (lots of overhead, possible legalities - expensive!)
         => set up trust at the user/resource level
        Virtual Organizations (VOs) for multi-user
         collaborations
           Federate through mutually trusted services
           Local policy authorities rule

        Users able to set up dynamic trust domains
             Personal collection of resources working
              together based on trust of user
Aug 3, 2005               L3S InfoLunch: The Grid, Globus and Security   51
                         GT4 Security
     AuthZ Policy                SSL/WS-Security
     Enforcement              with Proxy Certificates         Services
                                                       (running on user’s behalf)

                         Access

      Compute                  CAS or VOMS
                                                                        Rights
       Center                  issuing SAML
                               or X.509 ACs

                                                                      Users
                Rights

  Local policy                                                          MyProxy
  on VO identity              VO
  or attribute
  authority                                        Rights’
                                                                        KCA
Aug 3, 2005         L3S InfoLunch: The Grid, Globus and Security               52
                Propagation of Requester’s Rights through
                 Job Scheduling and Submission Process

                                                     Virtualization complicates Least
                                                     Privilege Delegation of Rights

                                                         Compute
                                                         Resource
                                                                         Dynamically limit the
                                                                         Delegated Rights
                                      Only compute cluster ABC
                                                                         more as Job specifics
                                      Scheduler                          become clear
                              Only NCSA resources


                          Scheduler
                                                                               Trust parties
                                                                               downstream to limit
                          Only DOE approved sites                              rights for you…
              Scheduler                                                        or let them come
                                                                               back with job
                                                                               specifics such that
 Requester
                                      All User's Rights & Capabilities         you can limit them

Aug 3, 2005                       L3S InfoLunch: The Grid, Globus and Security                   53
              Grid Security must address…
        Trust between resources without organization support
        Bridging differences between mechanisms
             Authentication, assertions, policy…
        Allow for controlled sharing of resources
             Delegation from site to VO
        Allow for coordination of shared resources
             Delegation from VO to users, users to resources
        ...all with dynamic, distributed user communities and
         least privilege.




Aug 3, 2005              L3S InfoLunch: The Grid, Globus and Security   54
                                 Outline
        Part One
        Globus Toolkit Introduction
        The Big Security Picture
        What is Grid Security?
        Current Grid Security

        Part Two
        2004: The year we lost control of the desktop
        Leverage Security Service Implementations
        GT’s Authorization Processing Framework

        Futures and Conclusion




Aug 3, 2005            L3S InfoLunch: The Grid, Globus and Security   55
                          Part 2 Outline
        2004: The year we lost control of the desktop
             MyProxy/GridLogon, OTP/Smart-Cards, Secure-
              Password Protocols, Virtual Machines,…
        Leverage Security Service Implementations
             OpenSSL, OpenSAML, Shibboleth, Permis, Sun’s XACML,
              CNRI’s Handle System, … XKMS
        GT’s Authorization Processing Framework
             VOMS/Permis/X509/Shibboleth/SAML/Kerberos
              identity/attribute assertions
             XACML/SAML/CAS/Permis/ProxyCert/SPKI authorization
              assertions
        Futures and Conclusion




Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security   56
          2004: The Year we lost Control
                 of the Desktop
        Compromised accounts, trojans, sniffers, viruses…
             When compromised … not if…
        New paradigm:
             Try to raise bar … arms race
             It’s about “Detection” and “Limit Consequences” of
              Compromise
        New emphasis:
             No more long-lived secrets with the user…
             MyProxy/GridLogon
             One-Time-Password & Secure Password protocols
             Virtual Machine Sandboxes




Aug 3, 2005              L3S InfoLunch: The Grid, Globus and Security   57
                     MyProxy/GridLogon
        No long-lived secrets on the user’s workstation
         => move secrets to a secure MyProxy-server
             Issue derived short-lived proxy-certificates
         => issue short-lived identity certificates
             On-line Certificate Authority (CA)
        Need for bootstrap authentication…
             Passwords
             One-Time-Passwords
        Need for “true” secure password protocol




Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security   58
              OTP & Trust-Root Provisioning
Bootstrap User’s Trust-Root Config               Enhanced MyProxy/GridLogon Svc
 from Secure OTP Authentication

                Secure mutual OTP-Authentication
                       and Key-Exchange
                                                                 OTP AuthN Server +
                                                                 user’s security config

                                                Short-Lived Cert +
                                                  Provisioning of
                                            CA’s, AuthZ/Attr Authorities
              OTP

                         user-workstation
                    (initially not configured)



Aug 3, 2005            L3S InfoLunch: The Grid, Globus and Security                59
              Virtual Machines to the Rescue
   VM’s provide additional insulation
      Consequences of VM compromise “limited”
      Host compromise “virtually” impossible

   “Frozen” VM-Image of stable, tested,
    uncompromised OS+Services configuration
      Distribution of “safe” VM-images
      Allows for easy restart/resync after compromise

   Interesting open source VM-efforts: Xen
        Exciting & promising first results at ANL
         (Tim Freeman, Kate Keahey)


Aug 3, 2005         L3S InfoLunch: The Grid, Globus and Security   60
      How do Grids and VMs play toghether?
                     request
                                          VM Factory           create new VM image
                     VM EPR

                                                 use existing VM image          Create
                                                                               VM image
       Client




                inspect and manage
                                             VM Repository



                deploy & suspend                                    Resource
                                         VM Manager                       VM

                start program




Aug 3, 2005                     L3S InfoLunch: The Grid, Globus and Security              61
                          Part 2 Outline
        2004: The year we lost control of the desktop
             MyProxy/GridLogon, OTP/Smart-Cards, Secure-Password
              Protocols, Virtual Machines,…
        Leverage Security Service Implementations
             OpenSSL, OpenSAML, Shibboleth, Sun’s XACML,
              Handle System, … Permis, XKMS
        GT’s Authorization Processing Framework
             VOMS/Permis/X509/Shibboleth/SAML/Kerberos
              identity/attribute assertions
             XACML/SAML/CAS/Permis/ProxyCert/SPKI
              authorization assertions
        Futures and Conclusion




Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security   62
                   Leverage (Open Source)
               Security Service Implementations
        OpenSSL
             “native” Proxy Certificate support coming…
              (thanks to OpenSSL hacker Richard Levitte and KTH!)
        Internet2’s OpenSAML
             Part of GT - used by CAS/GridShib/AuthzCallout/…
        Internet2’s Shibboleth
             NSF funded GridShib project to “Grid-enable” Shibboleth
        Sun’s open source XACML effort
             Integrate sophisticated policy decision engine in the GT
        CNRI’s Handle System
             Leverage robust, secure, global naming system for
              resource/subject attribute bindings
        Futures: XKMS, XrML, Permis, …




Aug 3, 2005               L3S InfoLunch: The Grid, Globus and Security   63
              GT - Shibboleth Integration
     NSF-funded “GridShib” Project
         http://grid.ncsa.uiuc.edu/GridShib/
     Leverage Shibboleth implementations and
      deployments
         Sophisticated, policy controlled attribute service
         Client-server interactions through WS-protocols
         (optionally) preserve pseudonymity of client
     GridShib code will become part of GT
         Transparent use of Shib servers in GT-runtime




Aug 3, 2005         L3S InfoLunch: The Grid, Globus and Security   64
       GridShib: Grid-Shibboleth Integration
          (Identity Federation and Grids)
  •   NSF NMI project to allow the use of Shibboleth-issued
      attributes for authorization in NMI Grids built on the Globus
      Toolkit
         Funded under NSF award SCI-0438424
  •   Goal: GT 4.2 & Shibboleth 1.3
     GridShib team: NCSA, U. Chicago, ANL
         Tom Barton, David Champion, Tim Freeman,
          Kate Keahey, Tom Scavo, Frank Siebenlist, Von Welch
     Working in collaboration with Steven Carmody, Scott Cantor,
      Bob Morgan and the rest of the Internet2 Shibboleth Design
      team




Aug 3, 2005            L3S InfoLunch: The Grid, Globus and Security   65
                                    Why?
        Leverage Shibboleth code base
             Someone else is writing and debugging it
        Leverage Shibboleth deployments
             Someone else is supporting them
        Leverage larger issues going on in Identity
         Federation world
             Someone else is helping to write them
             Even more someone else’s will be writing and
              deploying them
             SAML standard, profiles
        Leverage someone else’s attributes?
             Are campus attributes useful to Grids?



Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security   66
              Shibboleth (Simplified)
                                         SAML
              Shibboleth

                Attrs                Attributes

                                          Handle
                IDs

                                  Handle




Aug 3, 2005         L3S InfoLunch: The Grid, Globus and Security   67
               GridShib (Simplified)
                                         SAML
              Shibboleth

                Attrs                Attributes

                                          DN
                IDs


                                      DN
                                               SSL/TLS, WS-Security


                   DN
Aug 3, 2005         L3S InfoLunch: The Grid, Globus and Security      68
               GridShib Integration Goals
        Use Shibboleth 1.3 out of box
             With additional NameMapper module to
              handle mapping X.509 identities to local
              names
             Work with Shib identity provider metadata
             Working with Shib developers to achieve
        Don’t require modification to typical grid
         client applications for simple use cases
        Most of work going into Grid services


Aug 3, 2005           L3S InfoLunch: The Grid, Globus and Security   69
                DOE Earth System Grid
Goal: address
technical
obstacles to the
sharing & analysis
of high-volume
data from
advanced earth
system models




www.earthsystemgrid.org
 Aug 3, 2005              L3S InfoLunch: The Grid, Globus and Security   70
              Major ESG Components
   Grid Services
                                             Other Services
        GRAM resource access
                                                 OpenDAPg
        GridFTP
                                                 HPSS
        PURSE
                                                 SRM
        MDS (+WebSDV,
         +Trigger Service,                       LAS
         +Archiver)                              Apache, Tomcat
        MyProxy credential                  ESG-specific services
         repository                              Workflow Manager
        SimpleCA                                Registration Service
        RLS replica location                    Monitoring Service
         service
        MCS metadata catalog
         service
Aug 3, 2005            L3S InfoLunch: The Grid, Globus and Security      71
              Major ESG Components




Aug 3, 2005      L3S InfoLunch: The Grid, Globus and Security   72
         ESG Authorization requirements
        Access to most data requires that the
         name of the requesting user be logged.
        Access to some private data is restricted to
         specific users.
        Some data is located on mass storage
         systems to which access is restricted to
         users with approved PKI credentials.
        Some data is located on HPSS storage
         behind GridFTP server
        Some data is located on disk storage
         behind HTTPS server.

Aug 3, 2005        L3S InfoLunch: The Grid, Globus and Security   73
         ESG Authorization Requirements
        Access control for data accessed via portal
             Group-based control to data and metadata
        Variety of data return modalities, e.g.:
             From portal as intermediary to servers
             Directly from GridFTP server
        Credentials of a variety of qualities
             Higher quality via formal CA (personal review)
             Lower quality via Web (email verification)
        Easy to use Web sign on
             MyProxy as credential repository
        GSI credentials for GridFTP server access

Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security   74
              ESG data access control




Aug 3, 2005      L3S InfoLunch: The Grid, Globus and Security   75
     Earth Science Grid’s use of CAS-Assertions

                                   MyProxy/GridLogon used for portal authentication


Password | Username
                                               MyProxy/GridLogon used for UserDN mapping

                Username | UserDN
                                                             Group membership assignment

                                 UserDN | Group

  Access Policy expressed with groups,
      actions and logical file names            Group | Operation | LFile

SAML Authorization Assertion             Mapping of logical file names
                                            to physical file paths        LFile | PFile
    signed by PortalId


               User with “UserDN” is allowed to invoke
                  “Operation” on physical file “Pfile”

Aug 3, 2005                L3S InfoLunch: The Grid, Globus and Security                76
              ESG External GridFTP Access
        User browses portal to identify file(s)
        Portal returns
             Physical file location (URL)
             SAML assertion in CAS format: “User can invoke
              requested operation on file(s)”
        User:
             Obtains proxy-certificate from MyProxy
             Embeds SAML-assertion in proxy-cert
             Uses GridFTP client to retrieve physical file(s) from
              CAS-enabled GridFTP server




Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security   77
               ESG External GridFTP Retrieval
                                             username username
                                              userDN  password


                                                 MyProxy

               Group
  userDN                LFile                                                PFile
               Action
   group                PFile
                LFile
                                                                   GridFTP Server
               Portal                                           “CAS” policy enforcement
                                  Login
        policy enforcement      Proxycert
                                Issuance

       login
                                                PFile URL
                                            + authz assertion
              browse


                                                                    gridftp access
                                                                      GSI-creds
                                                                Portal authz assertion
                                            User

Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security                     78
         Reuse of Fabric & Plumbing from
         Community Auth. Service (CAS)
        ESG-Portal uses no CAS server but generates its own
         authorization statements
             Statements are domain specific
        Same assertion format as CAS
             Standard “SAML” assertion signed by PortalId
        User deploys CAS-enabled GridFTP client
             Deploys identical GSI creds and proxy-certs
        Site uses CAS-enabled GridFTP server
        Remote site trusts Portal (instead of CAS)
        Portal makes access control decisions

        Usage Pattern applicable to many more projects…

Aug 3, 2005            L3S InfoLunch: The Grid, Globus and Security   79
                          Part 2 Outline
        2004: The year we lost control of the desktop
             MyProxy/GridLogon, OTP/Smart-Cards, Secure-Password
              Protocols, Virtual Machines,…
        Leverage Security Service Implementations
             OpenSSL, OpenSAML, Shibboleth, Permis, Sun’s XACML,
              CNRI’s Handle System, … XKMS
        GT’s Authorization Processing Framework
             VOMS/Permis/X509/Shibboleth/SAML/Kerberos
              identity/attribute assertions
             XACML/SAML/CAS/Permis/ProxyCert/SPKI
              authorization assertions
        Futures and Conclusion




Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security   80
              Security Services with VO




Aug 3, 2005       L3S InfoLunch: The Grid, Globus and Security   81
     GT’s GGF’s Authorization Call-Out Support

        GGF’s OGSA-Authz WG:
         “Use of SAML for OGSA Authorization”
             Authorization service specification
             Extends SAML spec for use in WS-Grid
             Recently standardized by GGF
        Conformant call-out integrated in GT
             Transparently called through configuration
        Permis interoperability
             Ready for GT4!
        Futures…
             SAML2.0 compliance … XACML2.0-SAML2.0 profile




Aug 3, 2005              L3S InfoLunch: The Grid, Globus and Security   82
                 GT-XACML Integration
      eXtensible Access Control Markup Language (XACML)
          OASIS standard
          Open source implementations
      XACML: sophisticated policy language
      Globus Toolkit ships with XACML runtime
          Integrated in every client and server build on GT
          Turned-on through configuration


      …can be called transparently from runtime and/or
       explicitly from application…

      …and we’re using the XACML-”model” for
       our Authz Processing Framework…

Aug 3, 2005           L3S InfoLunch: The Grid, Globus and Security   83
         GT’s Assertion Processing “Problem”
        VOMS/Permis/X509/Shibboleth/SAML/Kerberos
         identity/attribute assertions
        XACML/SAML/CAS/XCAP/Permis/ProxyCert
         authorization assertions
        Assertions can be pushed by client,
         pulled from service, or locally available
        Policy decision engines can be local and/or remote
        Delegation of Rights is required “feature” implemented
         through many different means

         GT-runtime has to mix and match all policy
           information and decisions in a consistent
                          manner…


Aug 3, 2005           L3S InfoLunch: The Grid, Globus and Security   84
                Delegation of Rights Complexity
Neighbor's policy:                                 Frosty’s policy:
   Let’s party!                             Only share lemonade with ice
                                                                                     Bill’s policy:
                       Aunt’s policy:                               Ivan’s policy:
                                                                                Lemonade is bad for you
                       Sharing is good                       I don’t know any Bob…(?)
                                                       I do know John, Mary, Carol, Olivia, …

                                      Can I have glass of lemonade?
                                        Laura’s policy:
                                       Share if he pays!
         Bob


                                       HELP
                Jogger’s policy:

                        Ivan:
               I’d like a glass too
                                                                     Mary’s policy:
                                                                 I like Bob a little bit    Ivan
                     Can Bob have glass of lemonade?
                                 Rita’s policy:
         (non-normative evaluated decision)
 John’s policy:
                            No lemonade after eight
                                                                                      Accountant’s policy:
I don’t like girls                                   Olivia’s policy:
                                             If Carol likes Bob, I hate him!          Only if he signs here

                                                     Sure, Bob is my friend
                                                                  Emma’s policy:
                                                                 Only on his birthday

       Ann’s policy:                                         Carol’s policy:
  I like Ivan very much!      Carol         Lucy’s policy:                          David’s policy:
                                        I Bob is my friend and I’ll share my lemonade with him
                                          sometimes like Carol                         Ask Laura
 Aug 3, 2005                     L3S InfoLunch: The Grid, Globus and Security                       85
          What are the Grid/P2P issues with
           “distributed authorization”? (1)
        Many different parties want to express their
         opinion about each other’s access rights
             Anybody can say anything about anyone else
        Expressed in many different languages
             Enforcement of single policy language
              impossible/not-desirable
        Some parties can be asked about their opinion
             Expose themselves as an AuthZ-oracle (PDP)
        Other parties send their opinion as statements
             Authenticated policy/decision statements/assertions
              expressed in their favorite language



Aug 3, 2005            L3S InfoLunch: The Grid, Globus and Security   86
           What are the Grid/P2P issues with
            “distributed authorization”? (2)
      Some of that advise is from parties you’ve never met before
          So they must be empowered by those you do know…
      Some advise does not apply, is mal-formed, malicious, fake,
       erroneous, ….
          …often you do not know that by looking at them…
      Different parties will use different names for the same subject
          Need identity federation for mapping
      Different parties will use different groups/roles in their policy
       expressions
          Only the group/role that is actually used in a relevant policy
           expression is of interest…




Aug 3, 2005             L3S InfoLunch: The Grid, Globus and Security        87
              Attribute Collection Framework




Aug 3, 2005        L3S InfoLunch: The Grid, Globus and Security   88
          GT’s Authorization Processing Model (1)
        Use of a Policy Decision Point (PDP) abstraction that
         conceptually resembles the one defined for XACML.
             Normalized request context and decision format
             Modeled PDP as black box authorization decision oracle
        After validation, map all attribute assertions to
         XACML Request Context Attribute format
        Create mechanism-specific PDP instances for each
         authorization assertion and call-out service
        The end result is a set of PDP instances where the
         different mechanisms are abstracted behind the
         common PDP interface.




Aug 3, 2005              L3S InfoLunch: The Grid, Globus and Security   89
     GT’s Authorization Processing Model (2)
        The Master-PDP orchestrates the querying of each
         applicable PDP instance for authorization decisions.
        Pre-defined combination rules determine how the
         different results from the PDP instances are to be
         combined to yield a single decision.
        The Master-PDP is to find delegation decision chains by
         asking the individual PDP instances whether the issuer
         has delegated administrative rights to other subjects.
        the Master-PDP can determine authorization decisions
         based on delegated rights without explicit support from
         the native policy language evaluators.




Aug 3, 2005           L3S InfoLunch: The Grid, Globus and Security   90
        GT Authorization Framework (1)




Aug 3, 2005    L3S InfoLunch: The Grid, Globus and Security   91
          GT Authorization Framework (2)
  AAA/PERMIS/XACML
        PDP




                           AAA
                           PDP


    AAA
   token


Aug 3, 2005     L3S InfoLunch: The Grid, Globus and Security   92
        GT Authorization Framework (3)




Aug 3, 2005    L3S InfoLunch: The Grid, Globus and Security   93
         GT Authorization Framework (3)
        Master-PDP accessed all mechanism-specific PDPs through
         same Authz Query Interface
             SAML-XACML-2 profile
        Master PDP acts like XACML “Combinator”
             “Permit-Overrides” rules
                  Negative permissions are evil…
        Delegation-chains found through exhaustive search
             …with optimization to evaluate cheap decisions first…
        “Blacklist-PDPs” are consulted separately
             Statically configured, call-out only PDPs
             Deny-Overrides only for the blacklist-PDPs…
                  Pragmatic compromise to keep admin simple




Aug 3, 2005                 L3S InfoLunch: The Grid, Globus and Security   94
                 Big Picture & Conclusion
        GT4 is security buzzword compliant!
             …probably the most full-featured-security ws-toolkit…
        WebServices technologies provide low-level plumbing
             following all relevant standards
        Portals growing as a user interface
             Clients use http-browsers,
              … but portals will use WS-protocols!
             PURSE, ESG, GridSite, LEAD Portal, …
        New Deployment Paradigms (GridLogon, VMs)
             Driven by inability to protect…
        Authorization still the big focus
             “unification framework” needed to support different
              mechanisms and formats => GT4.2
             Required for fine-grained VO-policy

      http://www.mcs.anl.gov/~franks/presentations/GT-Security-Aug-3-2005-L3S.ppt


Aug 3, 2005              L3S InfoLunch: The Grid, Globus and Security               95
Aug 3, 2005   L3S InfoLunch: The Grid, Globus and Security   96