XPOLAAn Extensible Capabilitybased Authorization Infrastructure for Grids

1
XPOLAAn Extensible Capability-based
Authorization Infrastructure for Grids

• Liang Fang, Dennis Gannon
• Indiana University
• Frank Siebenlist
• Argonne National Laboratory

2
Outline

• The Grid security
• The problems to be solved
• XPOLA
• Macroscopic view
• Microscopic view
• Users view
• Challenges and future work
• Conclusion

3
The Grid
OGSA
2004
2002
1997
Pre-Web services era
(SOAP-based) Web services era
Grid service Web service OGSA
4
Grid Security Infrastructure (GSI)

• GSI adopts public key cryptography as the basis
  to provide the Grid three main functionalities
• Secure communication SSL, WS Security
• Mutual authentication PKI
• Delegation proxy certificate
• Authorization ( Authentication)
• A gatekeeper daemon maps a Grid identity to a
  local account at run time according to a gridmap
  file.
• The Grid identity is allowed to do all the
  accounts rights.

5
A Grid Users Odyssey

• Alice wants to access a Grid service.
  Unfortunately, she has to

Account Application
Certificate Application
Grid-map Registration
3days
1wk
0.5 day
(Learn how to) Manage her X.509 cert
(Learn how to) Configure Her Service Environment
Finally, Time to use the Grid service.
(Learn how to) Get her Grid proxy cert ready
1day
0.5 hr
0.5 day
6
The Authorization Problems in Real Grid
Applications

• Inscalable in administration and maintenance
• Host accounts
• X.509 certificates
• Coarse-grained authorization
• An authorized user can do much more than
  accessing a service
• For example, in Linked Environments for
  Atmospheric Discovery (LEAD) project
• How to provide the authorization to
  meteorological Grid services running on TeraGrid
  to THOUSANDS of scientists and grade school
  students?
• Only a few privileged UNIX accounts available.
• Grid services could be dynamically generated (by
  workflow engines as well as individual
  scientists).
• Of course, no security breach is acceptable .

7
Existing Grid Security Solutions to Fine-grained
Authorization

• ACL Model
• Akenti, Shibboleth, PERMIS
• Capability Model
• CAS, VOMS, PRIMA
• Why we need XPOLA
• The above (was) not addressing general Web/Grid
  services in compliant with Web services security
  specs.
• With central admins, most of them do not address
  dynamic services well.

The Access Control Matrix
The ACL Model
The Capability Model
8
XPOLA The Characteristics

• Principle of Least Authority/Privilege
  (POLA)-compliant Strictly fine-grained
  authorization.
• Scalable in administration and maintenance It is
  never assumed that the service user has an
  account on the machines. The infrastructure is
  built on a Peer-to-peer chain-of-trust model. No
  central administrator involved.
• WS-Security Compliant Conforms to WS-Security
  for both persistent and transient Web/Grid
  services.
• Extensible PKI and SAML-based, but allows other
  alternatives.
• Dynamic and Reusable Grid resources (Web
  services and Grid services) are made available to
  users through manually or automatically generated
  capabilities, which can be used for multiple
  requests in their valid lifetimes.

9
XPOLA The Big Picture
Service Provider
Persistent Storage
Request Processing

create
Capability Manager (Capman)
Registry (EPRservice A, )
Community Informative Authority
update
Capability Request
destroy
Host
Token Agent
Processing Stack
SVC A
capability token
Service Requester
10
XPOLA Capabilities

• A capability includes
• Policy Document
• Bindings of the providers distinguished name
  (DN), as well as the users DNs.
• Identifier of the Grid resource.
• Optional operations of a Web service instance
• Life time (notbefore, notafter)
• The providers signature generated with his
  private key.
• Security Assertion Markup Language (SAML)
• Each capability is a set of SAML assertions
• AuthorizationDecisionStatement
• However the policy document and protection
  mechanism can be extensible XACML, symmetric
  keys,

11
XPOLA Web Services Security

• Web services security
• A series of emerging XML-based security standards
  from W3C and OASIS for SOAP-based Web services,
  to provide authentication, integrity,
  confidentiality and so on.
• XSOAP conforms to Web services security.

• SOAP Binding

SOAP Message
Header
Capability Token
Policies (SAML Assertions)
Providers Signature
WS Security Section (Users Signature, )
Body
12
XPOLA Enforcement
13
XPOLA Users View in Grid Portals
User
Provider
capability token
Proxy Manager Portlet
Weather Service Portlet
Capability Manager Portlet
Weather Service
capability token
proxy certificate
proxy certificate
capability token
capability token
capability token
Grid Portal
User Context
14
Challenges and Future Work

• Revocation
• Performance and Scalability
• Message level session-based communication
• Load balancing
• Denial of Service (DoS) Mitigation

15
Conclusion

• XPOLA provides fine-grained authorization
  infrastructure to general Web and Grid services.
• More than that
• It scales
• Extensible
• WS-Security compliant
• Adaptable for dynamic services
• Reusable
• User (as well as provider) friendly