Grid Security Infrastructure

Abstract: Grid portals, based on standard Web technologies, are increasingly used to provide user interfaces for computational and data grids. However, such Grid portals do not integrate cleanly with existing Grid security systems such as the Grid Security Infrastructure (GSI), due to lack of delegation capabilities in Web security mechanisms. We solve this problem using an online credentials repository system, called MyProxy. MyProxy allows Grid portals to use the GSI to interact with Grid resources in a standard, secure manner. We examine the requirements of Grid portals, give an overview of the GSI, and demonstrate how MyProxy enables them to function together. The architecture and security of the MyProxy system are described in detail.

Abstract: SUMMARY The MyProxy online credential repository has been used by the grid computing community for over four years for managing security credentials in the grid public key infrastructure. MyProxy improves usability by giving users access to their credentials over the network using password authentication, allowing users to delegate their credentials via web browser interfaces to the grid, and supporting credential renewal for long-running jobs. MyProxy helps administrators secure users’ private keys by providing an online service from which users retrieve short-lived credentials without distributing long-lived keys to potentially vulnerable end-systems. This paper describes the MyProxy system and its use.

Abstract: About the Author. Preface.Acknowldegments. 1. Introduction. 1.1 What Is Grid Computing And What Are The Key Issues? 1.2 Potential Applications and Financial Benefits of Grid Computing. 1.3 Grid Types, Topologies, Components, Layers -- A Preliminary View. 1.4 Comparison With Other Approaches. 1.5 A First View at Grid Computing Standards. 1.6 A Pragmatic Course of Investigation. 2. Grid Benefits and Status of Technology. 2.1 Motivations For Considering Computational Grids. 2.2 Brief History of Computing, Communications, and Grid Computing. Communication. Computation. Grid Technology. 2.3 Is Grid Computing Ready for Prime Time? 2.4 Early Suppliers and Vendors. 2.5 Possible Economic Value. 2.5.1 Possible Economic Value: One Statea s Positioning. 2.5.2 Possible Economic Value: Extrapolation. 2.6 Challenges. 3. Components of Grid Computing Systems/Architectures. 3.1 Overview. 3.2 Basic Constituent Elements -- A Functional View. Portal/User Interface Function/Functional Block. The Grid Security Infrastructure: User Security Function/Functional Block. Node Security Function/Functional Block. Broker Function/Functional Block And Directory. Scheduler Function/Functional Block. Data Management Function/Functional Block. Job Management And Resource Management Function/Functional Block. User/Application Submission Function/Functional Block. Resources. Protocols. 3.3 Basic Constituent Elements -- A Physical View. Networks. Computation. Storage. Scientific Instruments. Software and licenses. 3.4 Basic Constituent Elements -- Service View. 4. Standards Supporting Grid Computing: OGSI. 4.1 Introduction. 4.2 Motivations for Standardization. 4.3 Architectural Constructs. 4.3.1 Definitions. 4.3.2 Protocol Perspective. 4.3.3 Going From "Art" To "Science". 4.4 What is OGSA/OGSI? A Practical View. 4.5 OGSA/OGSI Service Elements and Layered Model. 4.5.1 Key Aspects. 4.5.2 Ancillary Aspects. 4.5.3 Implementations of OGSI. 4.6 What is OGSA/OGSI? A More Detailed View. 4.6.1 Introduction. 4.6.2 Setting the Context. 4.6.3 The Grid Service. 4.6.4 WSDL Extensions and Conventions. 4.6.5 Service Data. 4.6.6 Core Grid Service Properties. 4.6.7 Other Details. 4.7 A Possible Application Of OGSA/OGSI To Next--Generation Open--Source Outsourcing. 4.7.1 Opportunities. 4.7.2 Outsourcing Trends. 5. Standards Supporting Grid Computing: OGSA. 5.1 Introduction. 5.2 Functionality Requirements. 5.2.1 Basic Functionality Requirements. 5.2.2 Security Requirements. 5.2.3 Resource Management Requirements. 5.2.4 System Properties Requirements. 5.2.5 Other Functionality Requirements. 5.3 OGSA Service Taxonomy. 5.3.1 Core Services. 5.3.2 Data Services. 5.3.3 Program Execution. 5.3.4 Resource Management. 5.4 Service Relationships. 5.4.1 Service Composition. 5.4.2 Service Orchestration. 5.4.3 Types of Relationships. 5.4.4 Platform Services. 5.5 OGSA Services. 5.5.1 Handle Resolution. 5.5.2 Virtual Organization Creation and Management. 5.5.3 Service Groups and Discovery Services. 5.5.4 Choreography, Orchestration and Workflow. 5.5.5 Transactions. 5.5.6 Metering Service. 5.5.7 Rating Service. 5.5.8 Accounting Service. 5.5.9 Billing and Payment Service. 5.5.10 Installation, Deployment, and Provisioning. 5.5.11 Distributed Logging. 5.5.12 Messaging and Queuing. 5.5.13 Event. 5.5.14 Policy and Agreements. 5.5.15 Base Data Services. 5.5.16 Other Data Services. 5.5.17 Discovery Services. 5.5.18 Job Agreement Service. 5.5.19 Reservation Agreement Service. 5.5.20 Data Access Agreement Service. 5.5.21 Queuing Service. 5.5.22 Open Grid Services Infrastructure. 5.5.23 Common Management Model. 5.6 Security Considerations. 5.7 Examples of OGSA Mechanisms in Support of VO Structures. 6. Grid System Deployment Issues and Approaches. 6.1 Generic Implementations: Globus Toolkit. 6.1.1 Globus Toolkit tools and APIs. 6.1.2 Details on Key Tookit Protocols. 6.1.3 Globus Toolkit Version 3. 6.1.4 Applications. 6.2 Grid Computing Environments. 6.3 Basic Grid Deployment and Management Issues. 6.3.1 Products Categories. 6.3.2 Business Grid Types. 6.3.3 Deploying a Basic Computing Grid. 6.3.4 Deploying More Complex Computing Grids. 6.3.5 Grid Networking Infrastucture Required for Deployment. 6.3.6 Grid Operation -- Basic Steps. 6.3.7 Deployment Challenges and Approaches. 6.4 Grid Security Details -- Deployment Peace of Mind. 6.4.1 Basic Approach and Mechanisms. 6.4.2 Additional Perspectives. 6.4.3 Conclusion. 7. Grid System Economics. 7.1 Introduction. 7.2 Grid Economic Services Architecture. 7.2.1 Introduction. 7.2.2 Overview. 7.2.3 The Chargeable Grid Service (CGS). 7.2.4 The Grid Payment System. 7.2.5 GPSHold Service. 7.2.6 The Grid CurrencyExchange Service. 7.2.7 An Example. 7.2.8 Security Considerations. 8. Communication Systems for Local Grids. 8.1 Introduction and Positioning. 8.2 SAN--related Technology. 8.2.1 Fibre Channel Technology -- Native Mode. 8.2.2 Fibre Channel Technology -- Tunneled Modes. 8.3 LAN--related Technology. 8.3.1 Standards. 8.3.2 Key concepts. 9. Communication systems for national grids. 9.1 MLF. 9.1.1 Motivations and Scope. 9.1.2 Multilink Frame Relay. 9.2 MPLS Technology. 9.2.1 Approaches. 9.2.2 MPLS Operation. 9.2.3 Key Mechanisms Supporting MPLS. 9.2.4 Service Availability. 10. Communication Systems for Global Grids. 10.1 The Basics of Layer 2 and layer 3 VPNs. 10.2 The Layer 3 Approach. 10.3 Layer 2 MPLS VPNs--A Different Philosophy. 10.4 Which Works Better Where?. 10.5 A Grid Computing Application. References. Glossary. Index.

Abstract: Grids support dynamically evolving collections of resources and users, usually spanning multiple administrative domains. The dynamic and crossorganizational aspects of Grids introduce challenging management and policy issues for controlling access to Grid resources. In this paper we show how to extend the Grid Security Infrastructure to provide better support for the dynamic and cross-organizational aspects of Grid activities, by adding facilities for dynamic establishment of trust between parties. We present the PeerTrust language for access control policies, which is based on guarded distributed logic programs, and show how to use PeerTrust to model common Grid trust needs.