1 / 6

Background information on authorization service

Background information on authorization service. Christoph Witzig, SWITCH (christoph.witzig@switch.ch) TMB - Nov 29, 2008. Quote. “There has never been a design of the authorization system” J "prioritizing the fair scare" T approx. Oct/Nov 2007. A bit of history. Sept. 2007:

azura
Download Presentation

Background information on authorization service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Background information on authorization service Christoph Witzig, SWITCH (christoph.witzig@switch.ch) TMB - Nov 29, 2008

  2. Quote “There has never been a design of the authorization system” J "prioritizing the fair scare" T approx. Oct/Nov 2007 TMB 19.11.2008

  3. A bit of history • Sept. 2007: • C.Grandi assigns a comprehensive review of authZ mechanisms in gLite (-> milestone MJRA1.7) • Goals: • clear set of recommendations to TCG, which - upon acceptance by TCG - will be implemented within EGEE-III • MJRA1.7 milestone document: https://edms.cern.ch/document/887174/1 • Previous discussions in TCG/TMB: • Jan. 16, 2008 • Mar. 12, 2008 • June 18, 2008 TMB 19.11.2008

  4. Key Features of new authZ Service • MUST: • Basis for a long-term solution for the uniform and consistent authorization and policy management in gLite • Standards based (XACML) • Initial focus on use-cases for job management • Data management: see next slide • Be extendable for future development • Eg SAML • Flexible deployment scenarios • Multiple solutions must be possible - need to obtain feedback from SA1/3 • No single point of failure • Integration into new kinds of execution environments • Support for multiple languages • Initially Java and C, but other languages must be easily supported • Ease of use for system administrators • Note: • Joint effort of several institutes active in Grid security -- beneficial for long term support and sustainability TMB 19.11.2008

  5. What about Data Management? • authZ study recommendation #12: • DPM model should be accepted by other storage solutions • Recommendation accepted by TCG • Up to now nobody requested a change in this recommendation (ASAIK) • authZ service is NOT designed to handle authorization requests on thousands of files (e.g. ls-like command) • However, authZ service can be used to authorize access to storage elements (e.g. at the command level) • Will clarify possible use-cases with DPM, FTS developers and others TMB 19.11.2008

  6. Last but not least … • Consider today’s presentation and discussion as a update on the progress of the authZ service • And not as the final presentation on all the authZ issues TMB 19.11.2008

More Related