1 / 10

Security and R-GMA

Security and R-GMA. Linda Cornwall, RAL. Current Status. Currently, no security in R-GMA. We have looked at Spitfire Security Currently this is being removed from Spitfire, and turned into a separate package Their TrustManager should be used for Authentication for testbed 2.

homerbrown
Download Presentation

Security and R-GMA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and R-GMA Linda Cornwall, RAL

  2. Current Status • Currently, no security in R-GMA. • We have looked at Spitfire Security • Currently this is being removed from Spitfire, and turned into a separate package • Their TrustManager should be used for Authentication for testbed 2. • Their Authorization is not really suitable for us. Security and R-GMA,DataGrid Workshop, Budapest

  3. Security for TB2 • Access via https, no http access allowed. • Partly due to limited Authorization functionality. A certificate acceptable to EDG will be needed to do anything. • Mutual Authentication must take place between between all components. • Authentication will take place between users and R-GMA. Security and R-GMA,DataGrid Workshop, Budapest

  4. Security for TB2 - continued • Authorization will be limited to job control information • Access to job control information will be restricted such that users can only see information on their own jobs. • All other information, including both read and write access, will be open to everyone with EDG authentication Security and R-GMA,DataGrid Workshop, Budapest

  5. Get a certificate! • All users will need a user certificate • All services will need a service certificate. • SCG decided to go for CA signed service certificates for TB2. We expect this is the way we will go. • All users and developers who don’t have a certificate from a CA accepted by EDG should apply for one. • We recommend users and developers also register with an EDG VO Security and R-GMA,DataGrid Workshop, Budapest

  6. Security in the Future – Authentication • http or https will be allowed. • https – if authentication either of the service, or of the user, is needed. • http – to avoid overhead of https. Security and R-GMA,DataGrid Workshop, Budapest

  7. Security in the Future - Authorization • Authorization will need to apply to any action e.g. • Setup a table • Read from a table • Read a specific item of information • Find what information producers exist Security and R-GMA,DataGrid Workshop, Budapest

  8. Authorization dependency • Nothing – e.g. some information may be visible to anyone. • Authentication of the user only • User’s VO membership • User’s Role • Individual DN or list of DN’s (See D7.5) Security and R-GMA,DataGrid Workshop, Budapest

  9. Authorization implementation • Need to pass user’s DN, VO membership and Role to R-GMA. • Whenever a user makes a request – it will be necessary to decide whether they are authorized to carry out that action. • Authorization policy will need to go with each table, and with each row of each table. Authorization policy goes with the data. Security and R-GMA,DataGrid Workshop, Budapest

  10. R-GMA – TB2 Application Code Consumer Instance Consumer API Registry API Registry Schema API If job info –does DN match? Producer API Registry API Schema Producer Instance Sensor Code “Event Dictionary” Security and R-GMA,DataGrid Workshop, Budapest

More Related