grid security work in 2006 andrew mcnab grid security research fellow university of manchester
TRANSCRIPT
Grid Security work in 2006
Andrew McNabGrid Security Research Fellow
University of Manchester
21 December 2006 A.McNab – Grid Security
December 2005
• Security Group had started GridPP2 and JISC funded work
• GridSite had been taken up by several HEP / Grid projects for managing web pages
• GridSiteWiki in use by GridPP (New Scientist mention etc)
• Big push was still to get GridSite into “programmatic” use.
• GridSite web service hosting and delegation taken up by EGEE Workload Management
• htcp bulk file transfers used by EGEE WMS
• Had designed SiteCast file location system
21 December 2006 A.McNab – Grid Security
GridSite
● GridSite is our key piece of grid security technology● Adds support for grid security “objects” to Apache web server● Identity certificates and GSI proxies● VOMS attribute certificates for group membership● GACL policy language● Credentials from Shibboleth
● Allows Apache to host Web Services for Grids.● Library functions can be reused in other services– including GridSite proxy delegation used by EGEE
21 December 2006 A.McNab – Grid Security
“New for 2006”
• EGEE File Transfer System has taken up GridSite delegation protocol and library for C/C++ components
• SlashGrid resurrected and rewritten– provides an HTTP(S) network filesystem, with the
option to use multicast to find replicas of files.
• With Joseph, Shibboleth added to credentials framework– Distributed password-based authentication– NIST Level of Assurance added to policy language
• Support for access control for 3rd party virtual “websites” – eg the Subversion version control system
21 December 2006 A.McNab – Grid Security
Summary
• Continue to support GridPP website and Wiki– Also used by other Grid websites, and NGS Wiki
• Continue to track agreed changes in delegation protocol, VOMS attributes etc and update library in response
• EGEE FTS has adopted GridSite components– WMS continues to use GridSite to host services
• SlashGrid bulk file storage system produced and being finalised
• Shibboleth support added to GridSite framework– for when JISC uses Shibboleth to replace ATHENS