330 likes | 440 Views
Virtual Organisations in Grids TERENA TF-EMC2, Barcelona 8 September 2005. David Kelsey CCLRC/RAL, UK d.p.kelsey@rl.ac.uk. Introduction. Who am I? Head of Particle Physics Computing at Rutherford Appleton Laboratory Member of 3 Grid projects UK GridPP (Chair of Deployment Board)
E N D
Virtual Organisations in GridsTERENA TF-EMC2, Barcelona8 September 2005 David KelseyCCLRC/RAL, UKd.p.kelsey@rl.ac.uk
Introduction • Who am I? • Head of Particle Physics Computing at Rutherford Appleton Laboratory • Member of 3 Grid projects • UK GridPP (Chair of Deployment Board) • EU EGEE (Chair of Joint Security Policy Group) • Global LCG (Chair of Security Group) • Why am I here? • Pleasure to have been invited! • In Particle Physics, no desire to run networking services that can be provided by others • Disclaimer • These are my personal views • Not official views of the projects or RAL David Kelsey, VOs/Grids, TF-EMC2
Outline • The LCG and EGEE projects • What is a Grid VO? • The Security Model • Authentication (AuthN) • Authorization (AuthZ) • Policy issues • AuthZ Technology • Legal issues • NRENs and Grid VOs • Final words David Kelsey, VOs/Grids, TF-EMC2
The LHC Computing Grid Project (LCG)& Enabling Grids for EsciencE (EGEE) David Kelsey, VOs/Grids, TF-EMC2
LCG LHC Computing Grid Project – LCG LCG Project Overview June 2005 Les Robertson – CERN
Which are recorded on disk and magnetic tapeat 100-1,000 MegaBytes/sec ~15 PetaBytes per year LHC DATA The LHC Accelerator This is reduced by online computers that filter out a few hundred “good” events per sec. The LHC accelerator – • the largest superconducting installation in the world • 27 kilometres of magnets cooled to – 300o C • colliding proton beams at an energy of 14 TeV The accelerator generates 40 million particle collisions (events) every second at the centre of each of the four experiments’ detectors
30 sites 3200 cpus 25 Universities 4 National Labs 2800 CPUs Grid3 • Inter-operation EGEE, Open Science Grid in the US and NorduGrid: • Very early days for standards – still getting basic experience • Focus on baseline services to meet specific experiment requirements July 2005 140 Grid sites 34 countries 12,000 CPUs
The EGEE Project Status Ian Bird EGEE Operations Manager CERN Geneva, Switzerland ISGC, Taipei 27thApril 2005
EGEE goals • Goal of EGEE: develop a service grid infrastructure which is available to scientists 24 hours-a-day • The project concentrates on: • building a consistent, robust and secure Grid network that will attract additional computing resources • continuously improve and maintain the middleware in order to deliver a reliable service to users • attracting new users from industry as well as science and ensure they receive the high standard of training and support they need David Kelsey, VOs/Grids, TF-EMC2
EGEE EGEE is the largest Grid infrastructure project in Europe: • 70 leading institutions in 27 countries, federated in regional Grids • Leveraging national and regional grid activities • ~32 M Euros EU funding for initially 2 years starting 1st April 2004 • EU review, February 2005 successful • Preparing 2nd phase of the project – proposal to EU Grid call September 2005 • Promoting scientific partnership outside EU David Kelsey, VOs/Grids, TF-EMC2
Pilot New Deployment of applications • Pilot applications • High Energy Physics • Biomed applications http://egee-na4.ct.infn.it/biomed/applications.html • Generic applications –Deployment under way • Computational Chemistry • Earth science research • EGEODE: first industrial application • Astrophysics • With interest from • Hydrology • Seismology • Grid search engines • Stock market simulators • Digital video etc. • Industry (provider, user, supplier) • Many users • broad range of needs • different communities with different background and internal organization David Kelsey, VOs/Grids, TF-EMC2
What are Grid VOs? David Kelsey, VOs/Grids, TF-EMC2
Grid VOs • Several different views! • The original Globus definition included resources • A Virtual Organisation is a set of individuals and/or institutions that are defined according to a set of rules • The EGEE View – just people • A grouping of individuals, often not bound to a single institution or enterprise, who, by reason of their common member ship of the VO, and in sharing a common goal, are granted rights to use a set of resources on the Grid • There are many Grids • Defined by shared services and common policy • Single Information System • Common operations (distributed) • Politics and/or Funding David Kelsey, VOs/Grids, TF-EMC2
V i r t u a l C o m m u n i t y C P e r s o n E ( R e s e a r c h e r ) P e r s o n B F i l e s e r v e r F 1 ( A d m i n i s t r a t o r ) ( d i s k A ) C o m p u t e S e r v e r C 1 ' P e r s o n A P e r s o n D ( P r i n c i p a l I n v e s t i g a t o r ) ( R e s e a r c h e r ) P e r s o n B P e r s o n E ( S t a f f ) F i l e s e r v e r F 1 P e r s o n D ( F a c u l t y ) ( d i s k s A a n d B ) C o m p u t e S e r v e r C 2 C o m p u t e S e r v e r C 1 ( S t a f f ) P e r s o n A P e r s o n F ( F a c u l t y ) ( F a c u l t y ) P e r s o n C C o m p u t e S e r v e r C 3 ( S t u d e n t ) O r g a n i z a t i o n A O r g a n i z a t i o n B Virtual vs. Organic structure Graphic by Frank Siebenlist, ANL & Globus Alliance
The Security Model David Kelsey, VOs/Grids, TF-EMC2
Security Model • Users have single electronic identity • They register once per VO (and renew) • Can belong to more than one VO • Users do not register at sites/resources • VOs register with Grid (again once per Grid) • Aim for single instance of VO membership database • To be used across multiple Grids • Sites/Resource decide which VOs to support • Grid Operations facilitates this support • Configuration etc David Kelsey, VOs/Grids, TF-EMC2
The Security Model (2) • Authentication – proof of identity • GSI: Globus Grid Security Infrastructure (interoperate) • Single sign-on via X.509 certificates (PKI) • Delegation (via short-lived proxy certs) to services • Global Authorization – right to access resources • Virtual Organisation (VO) – e.g. a Biomed experiment • Maintains list of registered users • Allocates users to groups and/or roles • Controls global policy and allocations • Local Authorization –site access control • Via local (e.g. Unix) mechanisms or • Callouts to local AuthZ enforcement (Grid developments) • Grid ACL’s - global identity or VO AuthZ attributes • Policy • Grids (e.g. EGEE, OSG) define security policy • Many stakeholders also contribute to “policy” David Kelsey, VOs/Grids, TF-EMC2
Security Policy Policy comes from many stakeholders Graphics from Globus Alliance& GGF OGSA-WG David Kelsey, VOs/Grids, TF-EMC2
Authentication David Kelsey, VOs/Grids, TF-EMC2
Authentication • Keep Authentication and Authorization separate • Authentication best done at Institute level • Authorization best done at VO level • Provide the User with one (Grid) electronic identity • For use in many Grids or VOs • For user convenience • Have successfully built a global PKI (X.509) • Mutual Authentication of people and services • What is the most appropriate scale? • One CA per country/region (ideally for all eScience) • EU Grid PMA has coordinated the (global) CA’s • “minimum requirements” for accredited CA’s • Now three worldwide PMA’s for Authentication • Asia/Pacific, The Americas and EU • International Grid Trust Federation coordinates these • Using TACAR for roots of trust David Kelsey, VOs/Grids, TF-EMC2
Policy issues David Kelsey, VOs/Grids, TF-EMC2
EGEE/LCG Security Policy Under Revision picture from Ian Neilson Incident Response Certification Authorities Audit Requirements User AUP VO AUP Security & Availability Policy Application Development & Network Admin Guide User Registration & VO Management http://cern.ch/proj-lcg-security/documents.html David Kelsey, VOs/Grids, TF-EMC2
Policy • Acceptable Use Policy • One simple common User AUP • for EGEE and OSG • And other national Grids • Applies to all registered VOs • Binds user to VO AUP • Each VO defines its own aims and AUP • Sites can then decide to support or not • User accepts these during registration • And regular renewal (every 12 months) • Robust User Registration procedures are required • Sites have delegated user registration to VOs David Kelsey, VOs/Grids, TF-EMC2
AuthZ Technology David Kelsey, VOs/Grids, TF-EMC2
Authorization & VO Management • In EGEE gLite and LCG middleware • Global AuthZ (VOMS) • Virtual Organization Membership Service • VO members, their groups and roles • Provides digitally signed AuthZ attribute certificate • Included in the grid proxy certificate • A “PUSH” model (user can select roles and VOs) • Local AuthZ • Local Centre Authorization Service (LCAS) • A framework to handle local policy (e.g. banned users) • Local Credential Mapping (LCMAPS) • Provides local credentials (Kerberos/AFS, ldap nss…) • Local policy decisions (CE and SE) • Can decide and enforce policy on VOMS attributes • n.b. LCAS/LCMAPS is just one local AuthZ service David Kelsey, VOs/Grids, TF-EMC2
AuthZ – VOMS & LCAS high frequency low frequency CA CA CA PUSH Model host cert(long life) service user crl update user cert(long life) VO-VOMS registration registration VO-VOMS voms-proxy-init VO-VOMS proxy cert(short life) service cert(short life) VO-VOMS authz cert(short life) authz cert(short life) authentication & authorization info LCAS David Kelsey, VOs/Grids, TF-EMC2
Legal issues David Kelsey, VOs/Grids, TF-EMC2
(some) Legal issues • Sites/Resources require • Auditing at individual user level • Read access to User registration data in VO • VOs require • Accounting (usage) data from resources • At individual user level • Privacy & data protection laws forbid sites publicly identifying individual users • No solution to this conflict yet! • VOs are not (in general) legal entities • Makes life interesting! David Kelsey, VOs/Grids, TF-EMC2
NRENs and Grids? David Kelsey, VOs/Grids, TF-EMC2
NRENs and Grids? • No desire to run net services that can be provided by others • AuthN/Identity services • Currently constrained to be X.509 PKI • Several NRENs run Certification Authorities • For Grids today, e.g. CESNET • AuthN best done by home institute • We should continue to work together here • For large/long-lived VOs • Global AuthZ must be managed by the VO • Role/Group names must be defined by VO and understood by Sites/Resources (across all Grids) • Dynamic/Short-lived VOs • Small groups of collaborating scientists • “Laymen rather than experts” • VO cannot register with Grid Infrastructure • Interesting to explore possibilities for NRENs here David Kelsey, VOs/Grids, TF-EMC2
References • LCG/EGEE Joint Security Policy Group http://proj-lcg-security.web.cern.ch/ • EGEE JRA3 (Security)http://egee-jra3.web.cern.ch/ • Open Science Grid Securityhttp://www.opensciencegrid.org/techgroups/security/ • EU DataGrid Securityhttp://hep-project-grid-scg.web.cern.ch/ • LCG Guide to Application, Middleware and Network Securityhttps://edms.cern.ch/document/452128 • EU Grid PMA (CA coordination)http://www.eugridpma.org/ • TERENA Tacar (CA repository)http://www.terena.nl/tech/task-forces/tf-aace/tacar/ David Kelsey, VOs/Grids, TF-EMC2
Final Words • Grids require robust AuthN • Government issued photo-ID • There are technology constraints • Today’s Grid middleware (e.g. X.509) • Standards are essential • For interoperability between Grids • GGF is important body • Grid Security will implement new standards • WS-Security, SAML, XACML, etc • People aspects even more important • Building International Trust takes time • Between Grids, Sites and VOs • We (Grids and NRENs) must keep talking to each other David Kelsey, VOs/Grids, TF-EMC2