150 likes | 268 Views
LionShare & USHER. Derek Morr Spring ’06 MM. Overview. LionShare is an academic peer-to-peer filesharing system. Strong emphasis on on identity management: Users must be identified to share files. Optional attribute-based authorization. Authentication.
E N D
LionShare & USHER Derek Morr Spring ’06 MM
Overview • LionShare is an academic peer-to-peer filesharing system. • Strong emphasis on on identity management: Users must be identified to share files. • Optional attribute-based authorization.
Authentication • To identify themselves, users digitally sign certain protocol messages and XML fragments. • Users obtain short-term certs from an online CA, called the SASL-CA. • Think kx509, but with SASL and in Java.
Certificate Types • Identity: CN=DEREK VAUGHAN MORR(dvm105@psu.edu)/dvm105@psu.edu, OU=ACADEMIC SERV & EMERGING TECH, O=Pennsylvania State University, L=UNIVERSITY PARK, ST=Pennsylvania, C=US • Opaque: CN=6ZYEBU6OPVQSCQLEKEM463QVLLQXTUU2PTCSYDLK2VHZA3FJR27UJFUJXB5ZSEVUL3US2FZ5O4LZWIR3737THCFTX4B2RJMWC27LB2DMQFL7ZQAXMD4Q
Authorization • Users can create attribute-based ACLs. • LS 1.1 supports a subset of eduPerson; this may be expanded in a later release. • We use a custom SAML profile to obtain and exchange attributes. This requires a plugin to Shib 1.3.
Split Roots • AuthN (the SASL-CA) is rooted in USHER. • AuthZ (Shib) is rooted in InCommon. • Fortunately, the two CAs have similar policies.
Bridging the Roots • Users obtain an USHER-rooted opaque cert from the SASL-CA with a CryptoShibHandle in the DN: CN=6ZYEBU6OPVQSCQLEKEM463QVLLQXTUU2PTCSYDLK2VHZA3FJR27UJFUJXB5ZSEVUL3US2FZ5O4LZWIR3737THCFTX4B2RJMWC27LB2DMQFL7ZQAXMD4Q • This is a symmetrically encrypted identifier that the IdP can interpret.
Bridging the Roots • Open a mutually authenticated SSL tunnel to IdP with the opaque cert to obtain an InCommon-rooted SAML AttributeAssertion. • The AttributeAssertion is bound to the USHER-rooted opaque cert via Holder-of-Key Confirmation
Holder-of-Key Confirmation <SubjectConfirmation> <ConfirmationMethod> urn:lionshare-test:holder-of-key </ConfirmationMethod> <SubjectConfirmationData> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate> Base64-encoded opaque cert here… </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </SubjectConfirmationData> </SubjectConfirmation>
Security Model USHER Foundation
“Friendly Trust” • AuthZ (Shib) has extensive metadata about each node that supplements PKIX. • AuthN (SASL-CA) does not. Anything from USHER is trusted. • No one wants to run a LS-specific federation.
Deployment • 1.0 - Sept ’05 • 1.1 - April/May ’06 • Penn State got its USHER CA cert last week. • In last stages of testing, should go live “soon.”
SASL-CA Future • Version 0.4 almost ready (rc5 is being prepped). • Version 0.5: • Pluggable cert types, possibly based on HEPKI-TAG certprofiles • May introduce backwards-incompatible protocol changes