This paper was provided as technical input to the gap analysis of the UK escience programme, March 2003. The paper outlines generic requirements for security in grid systems and the problems that are often cited with current grid software. It is argued that these issues can be resolved by the federation of both users and resources. This concept of federation extends beyond user identity systems to include organisational responsibilities and policy bindings. The paper also outlines application specific security issues and makes recommendations on how they could be addressed in the programme. 1. Requirements and Issues Grid security requirements can be divided into project specific and generic. Generic requirements include some that apply to existing systems, but are stretched by scalability and administration complexity, and some that are new to highly distributed systems, such as remote delegation and distributed authorisation. This discussion is mostly about generic requirements. This is a wide topic; the grid security architecture[1] provides the rationale for the original grid requirements, a recent review of security issues in large distributed systems[2] indicates that there are many issues still to be considered. The purpose of this section is to set the context for current problems, and how they might be resolved, so the following is a brief summary of generic requirements, from the point of view of the main stakeholders: users and resource providers. Users are either individual end users, or individuals responsible for projects that may be ‘virtual’ (span several organisations). Typical requirements are: • speed – to introduce new users or groups into a system quickly. • flexibility about the privileges provided to a group or individual. • privacy – to constrain the flow and use of private data in a system, including data used for authentication. • security – to be able to set up a grid with agreed security features (e.g. only allow data to flow to certain processing sites). • delegated action – to allow the system to carry out a range of functions for the user when the user is not present.
[1]
Jeff Hodges,et al.
Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0
,
2001
.
[2]
Ian Foster,et al.
The Security Architecture for Open Grid Services
,
2002
.
[3]
Ian T. Foster,et al.
A community authorization service for group collaboration
,
2002,
Proceedings Third International Workshop on Policies for Distributed Systems and Networks.
[4]
Susan Stepney,et al.
Smart Devices and Software Agents: The Basics of Good Behaviour
,
2003,
SPC.
[5]
William E. Johnston,et al.
Certificate-based Access Control for Widely Distributed Resources
,
1999,
USENIX Security Symposium.
[6]
David W. Chadwick,et al.
The PERMIS X.509 role based privilege management infrastructure
,
2002,
SACMAT '02.
[7]
Ian T. Foster,et al.
A security architecture for computational grids
,
1998,
CCS '98.
[8]
Ninghui Li,et al.
Design of a role-based trust-management framework
,
2002,
Proceedings 2002 IEEE Symposium on Security and Privacy.