LionShare & USHER

Derek Morr

Spring ’06 MM

Derek Morr

Overview

• LionShare is an academic peer-to-peer filesharing system.

• Strong emphasis on on identity management: Users must be identified to share files.

• Optional attribute-based authorization.

Derek Morr

Authentication

• To identify themselves, users digitally sign certain protocol messages and XML fragments.

• Users obtain short-term certs from an online CA, called the SASL-CA.

• Think kx509, but with SASL and in Java.

Derek Morr

Certificate Types

• Identity:

CN=DEREK VAUGHAN MORR(dvm105@psu.edu)/dvm105@psu.edu, OU=ACADEMIC SERV & EMERGING TECH, O=Pennsylvania State University, L=UNIVERSITY PARK, ST=Pennsylvania, C=US

• Opaque:

CN=6ZYEBU6OPVQSCQLEKEM463QVLLQXTUU2PTCSYDLK2VHZA3FJR27UJFUJXB5ZSEVUL3US2FZ5O4LZWIR3737THCFTX4B2RJMWC27LB2DMQFL7ZQAXMD4Q

Derek Morr

Derek Morr

Authorization

• Users can create attribute-based ACLs.

• LS 1.1 supports a subset of eduPerson; this may be expanded in a later release.

• We use a custom SAML profile to obtain and exchange attributes. This requires a plugin to Shib 1.3.

Derek Morr

Split Roots

• AuthN (the SASL-CA) is rooted in USHER.

• AuthZ (Shib) is rooted in InCommon.

• Fortunately, the two CAs have similar policies.

Derek Morr

Bridging the Roots

• Users obtain an USHER-rooted opaque cert from the SASL-CA with a CryptoShibHandle in the DN:

CN=6ZYEBU6OPVQSCQLEKEM463QVLLQXTUU2PTCSYDLK2VHZA3FJR27UJFUJXB5ZSEVUL3US2FZ5O4LZWIR3737THCFTX4B2RJMWC27LB2DMQFL7ZQAXMD4Q

• This is a symmetrically encrypted identifier that the IdP can interpret.

Derek Morr

Bridging the Roots

• Open a mutually authenticated SSL tunnel to IdP with the opaque cert to obtain an InCommon-rooted SAML AttributeAssertion.

• The AttributeAssertion is bound to the USHER-rooted opaque cert via Holder-of-Key Confirmation

Derek Morr

Holder-of-Key Confirmation

<SubjectConfirmation> <ConfirmationMethod>

urn:lionshare-test:holder-of-key</ConfirmationMethod> <SubjectConfirmationData>

<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:X509Data><ds:X509Certificate>Base64-encoded opaque cert here…

</ds:X509Certificate> </ds:X509Data>

</ds:KeyInfo></SubjectConfirmationData>

</SubjectConfirmation>

Derek Morr

Security ModelUSHER Foundation

Derek Morr

“Friendly Trust”

• AuthZ (Shib) has extensive metadata about each node that supplements PKIX.

• AuthN (SASL-CA) does not. Anything from USHER is trusted.

•No one wants to run a LS-specific federation.

Derek Morr

Deployment

• 1.0 - Sept ’05

• 1.1 - April/May ’06

• Penn State got its USHER CA cert last week.

• In last stages of testing, should go live “soon.”

Derek Morr

SASL-CA Future

• Version 0.4 almost ready (rc5 is being prepped).

• Version 0.5:

•Pluggable cert types, possibly based on HEPKI-TAG certprofiles

•May introduce backwards-incompatible protocol changes