Securing the Grid Nataraj (Raj) Nagaratnam
advertisement
Securing the Grid Nataraj (Raj) Nagaratnam Overview ♦ Grid Security characteristics ♦ Categorizing the Grid Security ♦ Web services security roadmap ♦ Building blocks ♦ Securing the Grid ♦ Summary 2 Grid Security Characteristics ♦ Heterogeneous Distributed Environment – Middleware (J2EE, .NET) – Server platform (NT, AIX, Solaris, Linux, z/OS, OS/400) ♦ Federated Security – Federated Identity • Single Sign-On – Federated Trust – Identity Management ♦ End-to-end security – Multi-hop scenarios - multiple (un)trusted intermediaries – Security in hosting environment and its effect on the Grid ♦ Dynamic interactions – Dynamic policies, grouping, authorization, etc ♦ Support for multiple security mechanisms – Authentication: Kerberos, PKI.. – Authorization: ACL, Capability, role based, .. 3 Categorizing Security ♦ Securing Grid Services – Credential/Identity Propagation – Policy – Integrity – Confidentiality – Authorization – Privacy ♦ Grid Security Services – Identity Mapping – Authentication or Identity Service – Authorization – Profile/Wallet – Audit – Notary 4 Web Services Security Roadmap ♦ IBM-Microsoft joint proposal (announced: April 11th) ♦ The roadmap presents our strategy for addressing security issues within a Web Services environment. ♦ It consists of one defined specification (WS-Security) and several planned composable specifications along with example scenarios. ♦ The proposed specifications build upon foundational technologies such as SOAP, WSDL, XML Digital Signatures, XML Encryption and SSL/TLS. ♦ This is the first Web services security model that brings together formerly incompatible security technologies such as public key infrastructure, Kerberos, and others. 5 Scenarios ♦ To make the issues and solutions discussed in the roadmap as concrete as possible, several scenarios that reflect current and anticipated applications of web services. Authorized Requester Firewall ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ Direct Trust using Username/Password and Transport-Level Security Direct Trust using Security Tokens Security Token Acquisition Firewall Processing Issued Security Token Enforcing Business Policy Privacy Smart Clients Web Clients Mobile Clients Enabling Federation Validation Service Supporting Delegation Access Control Auditing Web Service Unauthorized Requester 6 Current/proposed specs Building on the SOAP Foundation WS-Security Today: describes SOA extensions for secure messaging, provides foundation for other building blocks SOAP Foundation 7 WS-Security details ♦ Enhancements to SOAP messaging – Provides quality of protection – Is a general purpose mechanism for associating security tokens with SOAP messages. ♦ Builds upon and interoperates with existing standards – – – – SSL/TLS (transport) IPSEC (network) W3C XML Digital Signatures W3C XML Encryption ♦ What is addressed? – – – – Message integrity Message confidentiality Message authentication Encoding security tokens • String subject names • Binary tokens – X.509 certs, Kerberos tickets – Other token formats (including XMLencoded tokens) – keys 8 Current/proposed specs Building on the SOAP Foundation WS-Policy WS-Security Planned: will define how to express capabilities and constraints of securit policies SOAP Foundation 9 Current/proposed specs Building on the SOAP Foundation WS-Policy WS-Trust WS-Security Planned: will describe the model for establishing both direct and brokered trust relationships (including third parties and intermediaries) SOAP Foundation 10 Current/proposed specs Building on the SOAP Foundation WS-Policy WS-Trust WS-Security WS-Privacy Planned: will be a model for how users state privacy preferences, and for how Web Services state and implement privacy practices SOAP Foundation 11 Current/proposed specs Building on the SOAP Foundation WS-Secure Conversation WS-Policy WS-Trust WS-Security WS-Privacy Planned: will describe how to manage and authenticate message exchanges between parties including security context exchange and establishing and deriving session keys SOAP Foundation 12 Current/proposed specs Building on the SOAP Foundation WS-Secure Conversation WS-Federation WS-Policy WS-Trust WS-Security WS-Privacy Planned: will describe how to manage and broker the trust relationships in a heterogeneous federated environment including support for federated identities SOAP Foundation 13 Current/proposed specs Building on the SOAP Foundation WS-Secure Conversation WS-Policy WS-Federation WS-Authorization WS-Trust WS-Privacy Planned: will define how Web services manage authorization data and policies WS-Security SOAP Foundation 14 Current/proposed specs Building on the SOAP Foundation WS-Federation WS-Authorization WS-Policy WS-Trust WS-Privacy WS-Security SOAP Foundation This is a composable Architecture “only use what you need” today time WS-Secure Conversation 15 Distributed Security Triangle Integrate Extensible architecture Using existing services Federation Implementation agnostic WS-Federation WS-Authorization Interoperate Secure interoperability Protocol mapping Publishing QoP WS-Security WS-Policy WS-SecurityConversation Trust Trust relationships Trust establishment Presumed trust Assertions WS-Trust 16 Building Blocks AppServer security Exploiters Security services (TBD) AuthnService Federation layer Policy layer ProfileService Web services standards WSDL Protocol layer security Platform resource security XML Signature ... AuditService WS-Authorization WS-Trust xenc: EncryptedData SOAP XML Encryption IIOP https CSIv2 Solaris WS-Privacy ... ... SecurityToken Linux ... XKMS ... AIX WS*L WS-Routing Assertion Language HTTP NT (on top of app server) AuthzService WS-Policy ds: Signature Application security WS-SecureConversation WS-Federation Message Security XML security standards Platform (OS) security OS/400 XACML JMS (MQ) z/OS 17 Securing Grid Environment ♦ Securing OGSI ♦ Securing OGSA services ♦ Web services bindings – Other than SOAP/HTTP, SOAP/JMS or RMI/IIOP? ♦ Dynamic Grid service deployment 18 Authorization ♦ Server Side – Access policy – Can a given client access a specific resource – consult a policy authority ♦ Client Side – Invocation policy – can a given server trusted to provide a specific service – consult a policy authority ♦ Authorization model – Role based authorization – Instance based authorization (e.g., business rules) – ACLs, Capability list, etc 19 Inter Domain Flow PA Identity Mapping A Proxy Identity Mapping Proxy PB B 20 How the roadmap maps! WS-Authorization WS-Privacy PA Identity Mapping WS-Security WS-SecureConversation A Proxy WS-Authorization WS-Privacy WS-Policy WS-Federation WS-Trust Identity Mapping Proxy WS-Federation WS-Trust PB B WS-Policy 21 End to end security flow service request web server authentication challenge bob, password 2 OGSI Authorization (staging: J2EE, .NET, resource specifc, later: WS-Authorization) service1 1 SSL, WS-Security Policy (dynamic, WS-Policy) 3 5 Secure Association (CSIv2, pre-defined, later: WS-SecureConversation) EJB method request delegation (e.g., use caller) bob service2 admin alice, password 7 6 4 Java Connectors OGSI service invocation native/legacy services login 22 Secure resource sharing Host Env A Sa 3. start service Sa* 5. communicate without policy change for A or B ** Host Env B Sb 4. start service Sb* Application 1. app starts 2. needs to distribute work * associate policy, establish identity, specify trust ** credentials exchanged (WS-Security) based on policy (WS-Policy), identity validated and mapped (WS-Federation); then context/session established (WS-SecureConversation) 23 Security Services Model ♦ Implementation agnostic – WSDL definition for security services – WSEL - QoP for security services ♦ Accommodates different authentication – Kerberos – PKI – other ♦ Should allow Federation – Federated Identity – Federated Profile 24 Summary ♦ Securing Grid Services – Web services security roadmap – Grid security requirements ♦ Scenarios and request flows ♦ OGSA Security – Web services security roadmap – Applying Grid security characteristics to web services security 25
