Before discussing the grid security infrastructure, we need to understand the security requirements that drove the standards body to adopt such an infrastructure. As mentioned earlier, a grid defines a concept called the Virtual Organization (VO). In a VO, different individuals, enterprises, or- ganizations come together to share resources and services under a set of rules or policies guiding and governing the extent and conditions of shar- ing. VO can be formed across different universities, across different enter- prises, as well as within an enterprise also. The level of heterogeneity de-
fines the type of solutions. Therefore, the main aspect that separates grid systems from all the different systems are the heterogeneity involved and policy complications. We will talk about those in subsequent chapters. Here we will concentrate on the information security aspects and how they can be tackled.
Figure 4.1 shows a typical grid scenario consisting of sites which constitute a VO. A user submits a job to the grid which arrives at the entry point or the gatekeeper of the grid system. There should be mechanisms to authenticate the user at that point. When the job gets submitted to the grid then there is a need to provide confidentiality and integrity so that no one is able to see the contents of the information carried and is able to modify the contents. Finally, there should be mechanisms for single sign on and delegation. Discussions about the different information security require- ments are provided below:
• Authentication: Grid security requirements should contain authen- tication mechanisms at the entry points. Different authentication mechanisms should be supported. It is possible to have different authentication mechanisms for different sites within a grid. There- fore, the security protocol should be flexible and scalable to handle all the different requirements and provide a seamless interface to the user. Furthermore, there is a need for management of context and sharing of context.
• Confidentiality: Grid security mechanisms should protect the con- fidentiality of the messages and the documents that flow over the grid infrastructure. The confidentiality requirements should include point-to-point transport as well as store and forward mechanisms. Similar to the authentication mechanisms, there may be a need to define, store, and share security contexts across different entities.
• Integrity: Grid security mechanisms should include message in- tegrity which means that any change made to the messages or the documents can be identified by the receiver.
• Single Sign on: In a grid environment, there may be instances where requests may have to travel through multiple security do- mains. Therefore, there is need for single sign-on facility in the grid infrastructure.
• Delegation: There may be a need for services to perform actions on the user’s behalf. A computational job may require accessing database many times. In that case there is a need to delegate the au- thority to some service which will perform the action on the user’s
52 4 Grid Information Security Architecture
behalf. When dealing with delegation of authority from an entity to another, care should be taken so that the authority transferred through delegation is scoped only to the task(s) intended to be per- formed and within a limited lifetime to minimize the misuse of delegated authority.
4.2.1 Grid Security Model
Grid computing provides a virtualized view of the underlying grid re- sources. Such a virtualization also encompasses the security requirements. Therefore, there is a need for virtualization of security semantics to use standardized ways of segmenting security components like authentication, access control, confidentiality, etc. and to provide a standardized way to enable the federation of multiple security mechanisms. Therefore, this re- quires a loosely-coupled platform independent model of securing applica- tions within and across organizations. Now the question arises about the paradigm involved in implementing such a loosely coupled, platform inde- pendent architecture.
The last few years have seen the gradual adoption of Web services as an emerging architecture which has the ability to deliver integrated, inter- operable services. Since Web services are gradually becoming a default and an industry standard, the OGSA grid computing model uses Web ser- vices as a model reference. Since confidentiality, integrity, policy man- agement, trust management are also integral to Web services, the grid se- curity infrastructure integrates the Web services standards like WS- Security, WS-Policy, WS-Trust, etc. in the specification. However, the Grid Security Infrastructure does not exclude transport layer security like Secure Socket Layer (SSL) on top of HTTP or HTTPs. Users are free to use HTTPs which provides confidentiality, integrity, and authentication. However, if there is a need to traverse multiple intermediaries, WS- Security can be used in conjunction with XML encryption, XML signa- tures and so on.
Fig. 4.3. High level view of GSI
Figure 4.2 shows the different components of the grid security model as described in [65]. As part of the chapter we would be looking at authen- tication, confidentiality, and single sign on/delegation aspects. As shown in Fig. 4.3, in GSI three types of authentication is generally discussed – using X.509 certificates, using passwords, and using Kerberos. For confidentiality
54 4 Grid Information Security Architecture
mainly key based encryption algorithms are used. Sometimes, the need arises for having a session key and therefore, session management. For single sign on/delegation proxy certificates are generally used. Provisions for both transport layer security mechanisms like SSL and message layer mechanisms like WS-Security are provided.