Docstoc

serge_durais

Document Sample
serge_durais Powered By Docstoc
					                                      Grid Security @ Thales Services
                                      serge.druais@thales-is.com
May 31st, 2005




                 High-Tech Services
                                                            Agenda


                            Grid & security :
                                Definition and Challenges
                            Grid security infrastructure
                            Thales involvements
                                SEASIDE
                                Security SOA : Call5
© Thales 2005




           1    High-Tech Services
                                                      Grid Security: Definition

                Grid definition
                “Grid computing is concerned with coordinated resource sharing and
                problem solving in dynamic, multi-institutional virtual organizations.”
                                                                                 Ian Foster
© Thales 2005




           2    High-Tech Services
                                                         Grid Security: Definition

                Grid definition
                “Grid computing is concerned with coordinated resource sharing and
                problem solving in dynamic, multi-institutional virtual organizations.”
                                                                                 Ian Foster



                  Resources being used are still owned by their
                  respective organization and subject to its policies
                           Sharing may be controlled amongst a number of VOS
                           Non-trivial policy in regards to QoS,, etc.
© Thales 2005




           3    High-Tech Services
                                                         Grid Security: Definition

                Grid definition
                “Grid computing is concerned with coordinated resource sharing and
                problem solving in dynamic, multi-institutional virtual organizations.”
                                                                                 Ian Foster



                  Resources contributing to VO (Virtual Organization)
                  need to be coordinated by the VO in order to work
                  together effectively
                           All need to have a coherent policy in order to interoperate
                           Requires policy from VO back to resources
© Thales 2005




           4    High-Tech Services
                                                         Grid Security: Definition

                Grid definition
                “Grid computing is concerned with coordinated resource sharing and
                problem solving in dynamic, multi-institutional virtual organizations.”
                                                                                 Ian Foster

                   Dynamic
                            Users, resources may be large, unpredictable, and changing
                            at any point
                            Roles of both may also be distinct and dynamic (not all users
                            are equal)
                            Doesn’t allow static configuration
© Thales 2005




           5    High-Tech Services
                                                       Grid Security: Definition

                Grid definition
                “Grid computing is concerned with coordinated resource sharing and
                problem solving in dynamic, multi-institutional virtual organizations.”
                                                                                 Ian Foster


                Multi-institutional
                         Each resource and user will have local policies and
                         technologies that cannot be replaced by the VO
                         Cannot assume cross-organizational trust relationships
© Thales 2005




           6    High-Tech Services
                                                            Grid Security: Challenges

                Resources being used may be valuable & the
                problems being solved sensitive
                          Both users and resources need to be careful
                Dynamic creation, configuration and management
                of Virtual Organizations (VOS)
                         Large, dynamic, unpredictable…
                VO Resources and users are often located in
                  distinct administrative domains
                         Can’t assume cross-organizational trust agreements
                         Different mechanisms & credentials
© Thales 2005




                             X.509 vs Kerberos, SSL vs GSSAPI,
                             X.509 vs. X.509 (different domains),
                             X.509 attribute certs vs SAML assertions

           7    High-Tech Services
                                                       Grid Security: Challenges

                Interactions are not just client/server, but service-to-
                 service on behalf of the user
                               Requires delegation of rights by user to service
                               Services may be dynamically instantiated
                         Standardization of interfaces to allow for
                         discovery, negotiation and use
                          Implementation must be broadly available &
                         applicable
                               Standard, well-tested, well-understood protocols; integrated with
                               wide variety of tools
                Policy from sites, VO, users need to be combined
© Thales 2005




                               Varying formats
                Want to hide as much as possible from applications!
           8    High-Tech Services
                                          Grid Security: Component Layering
© Thales 2005




                Components of the Grid Security Model

                       “Good news” – Grid Technologies possesses a Security model

           9    High-Tech Services
                                                       Grid Security: Services

                Globus perspective
© Thales 2005




                         “Good news” – Grid Technologies possesses a Security model

         10       High-Tech Services
                                                Grid Security: Architecture
© Thales 2005




                       “Good news” – Grid Technologies possesses a Security model

         11     High-Tech Services
                                                     Grid Security: Infrastructure

                     Globus Toolkit Grid Security Infrastructure (GSI)
                           Open Source
                           Standards
                           Web Services (and “pre-Web Services”)
                     Transport-level Security
                           Authentication via TLS with support for X.509 proxy certificates
                           Preventing user abuse resources
                     Message-Level Security
                           WS-Security standard and the WS-Secure Conversation (SOAP
                           messages)
                           Compliance with the WS-Interoperability Basic Security Profile
                       Authentication and Delegation
                           X.509 Credentials
                           Username and Password Authentication
© Thales 2005




                       “Good news” – Grid Technologies possesses a Security model
                             Models – Services – Architecture - Infrastructure
         12     High-Tech Services
                                             Thales involvements : SEASIDE


                 Semantic Layer




                                                                                                                            Quality & Reliability
                                                                Security & Trust


                                                                                   Interoperability


                                                                                                      Management Services
                 Service Integration Layer




                 Infrastructure Layer
© Thales 2005




                       “Good news” – Grid Technologies possesses a Security model
                             Models – Services – Architecture - Infrastructure

         13     High-Tech Services
                                 Thales involvements : CALL5 – GRID SOA
                   Security SOA (Call5 STREPS)
                        G2G ID search application :
                            Fingerprints, DNA, Iris…
                        Same application running on each grid node
                        (server or cluster)
                        Distribution of Data across nodes
                                                       Data - Part 1   Data - Part 3




                 Large computing power
                 highly parallel Application           Data - Part 2   Data - Part 4
                 Response time
© Thales 2005




         14     High-Tech Services
                                                       Conclusions

                Grid Security Infrastructure
                   Globus project
                   Mature
                   Many recognized actors
                Thales makes use & supports the Open
                Source Standards through                             Pre-Internet
                                                   Central data processing facility
                   Seaside                                          Post-Internet
                   Call5 project                     Enterprise computing is highly
                                               distributed, heterogeneous, loosely
                                                    coupled, inter-enterprise (B2B)
                                                 Business processes increasingly
                                                                      computing
© Thales 2005




                                                   Outsourcing becomes feasible
                                                  on-demand service providers of
                                                                   various sorts
         15     High-Tech Services

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:19
posted:2/19/2010
language:English
pages:16
Description: grid computing security