We are developing a security model and architecture that is intended to provide general, scalable, and effective security services in open and highly distributed network environments. Our objective is to provide, especially for on-line scientific instrument systems, the same level of, and expressiveness of, access control that is available to a local human controller of information and facilities, and the same authority, delegation, individual responsibility and accountability, and expressiveness of policy that one sees in specific environments in scientific organizations. Our model is based on a public-key infrastructure and cryptographically signed certificates that encode use-conditions that are defined by those directly responsible for a resource. Certificates that encode user characteristics that satisfy the use-conditions are supplied by those who can attest to the characteristic. The collection of certificates specifying use-conditions and their satisfaction are combined with on-line (real-time) access control mechanisms to enable remote instrument operation. The real-time mechanisms are intended to provide the level and scope of credential validation commensurate with the consequences of the actions that are enabled / protected by the security system. This general approach is not unlike the directions of the financial information industry is taking to enable global distributed enterprise. One of our proposed uses of the model (supporting real-time construction of distributed computing and storage systems based on use-condition certificates) is similar to the distributed enterprise / electronic commerce capabilities envisioned by the financial industry. We also describe a prototype implementation that we are using to experiment with this model, and that is providing security services for several distributed applications.draft 1. This work is supported by the U. S. Dept. of Energy, Energy Research Division, Mathematical, Information, and Computational Sciences office (http://www.er.doe.gov/production/octr/mics), under contract DE-AC03-76SF00098 with the University of California. Author’s address: 50B-2239, Lawrence Berkeley National Laboratory, Berkeley, CA 94720. Tel: +1-510-486-5014, fax: +1-510-486-6363, wejohnston@lbl.gov, http://www-itg.lbl.gov/~johnston. This document is report LBNL-38850, version “Security.Arch.Global.Cap.CERN.fm”.
[1]
J. Meigs,et al.
WHO Technical Report
,
1954,
The Yale Journal of Biology and Medicine.
[2]
John Linn,et al.
Privacy enhancement for Internet electronic mail: Part II - certificate-based key management
,
1987,
RFC.
[3]
John Linn,et al.
Generic Security Service Application Program Interface
,
1993,
RFC.
[4]
J. Frizzell,et al.
The electronic intrusion threat to national security and emergency preparedness telecommunications
,
1994,
Proceedings of MILCOM '94.
[5]
Christian Huitema,et al.
A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model
,
1995,
Proceedings of the Symposium on Network and Distributed System Security.
[6]
John Linn,et al.
The Kerberos Version 5 GSS-API Mechanism
,
1996,
RFC.
[7]
Carlisle M. Adams.
IDUP and SPKM: developing public-key-based APIs and mechanisms for communication security services
,
1996,
Proceedings of Internet Society Symposium on Network and Distributed Systems Security.