1 / 8

GT4 Delegation Service and credential {renewal,refresh}

GT4 Delegation Service and credential {renewal,refresh}. Olle Mulmo. Background. Two conflicting requirements: Long-term, distributed services that operate in a given (user) security context No long-term credentials. Credential renewal, take 1. What we did to address this:

honorato-hurley
Download Presentation

GT4 Delegation Service and credential {renewal,refresh}

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GT4 Delegation Serviceand credential {renewal,refresh} Olle Mulmo

  2. Background • Two conflicting requirements: • Long-term, distributed services that operate in a given (user) security context • No long-term credentials

  3. Credential renewal, take 1 • What we did to address this: • Augment existing delegation service with renewal capabilities • No change to existing code, just addition

  4. Delegate Delegate EPR(p2) EPR(p3) EPR(p2) EPR(p3) Stuff happens Use case DS DS p2 p3 DelegationResources DelegationResources Service Service p1 Container 2 Container 1 What to do if • p2 is destroyed • p2,p3,p4 expires • If p2 gets refreshed, we want p3 and p4 refreshed as well • transient errors occur(network outage or container downtime) DS p4 DelegationResources Service Container 3

  5. Listener Renewal Service Renewalthread What to do if • p2 is destroyed • Cascading destroy • p2,p3,p4 expires • Periodical refresh and non-defaul resource termination time • If p2 gets refreshed, we want p3 and p4 refreshed as well • Cascading refresh • transient errors occur(network outage or container downtime) • Failure retry interval DS DS p2 p3 DelegationResources DelegationResources Service Service p1 Container 2 {p2,p3} Container 1 {p2,p4} RenewalResources DS p4 DelegationResources Service Container 3

  6. Renewal resource These are mandatory,all other are optional(container-wide defaults) • EndpointReferenceType parent • EndpointReferenceType child • Subject subject • Boolean cascadingDestroy • Boolean cascadingRefresh • Boolean periodicRenewal • int refreshMargin • int retryInterval • int expirationMargin • Boolean fullDelegation • X509Certificate serverCert • int validity • Calendar terminationTime • … and a few runtime variables such as failure count, last renewal attempt, child termination time …

  7. Intervals and margins Child credential Child credential resource expiration margin validity refresh margin refresh margin retry interval Time t0 t1 t2 t3 t4 t5

  8. Notes • Renewal must be co-located with parent credential • Push model • If parent or child resource is destroyed or terminated, we can’t recover • By default, delegation resource termination time is set to credential.notAfter() • Currently no access control on renewal resources • Ability to circumvent delegation resource protection for credential access (parent EPR + subject) • Needs discussion

More Related