Information Technology Reference
In-Depth Information
issues, authentication in itself does not provide the i ne-grained control
over what users are allowed to do on remote resources (authorization).
Furthermore, mainstream models of PKIs using centralized certii cate
authorities for authentication have their own associated problems. Instead,
what are required are i ner-grained security infrastructures that support
e-Research and are aligned with the ways in which the e-Research com-
munity are comfortable with working. E-Research is—or should be!—
about
research
and not learning about the nuances and/or complexities of
different infrastructures, middleware or the associated mechanisms they
require in place; for example, X.509 digital certii cates [2].
In this chapter, we present an overview of PKIs and their limitations,
and highlight how recent work in UK academia allows user-oriented
security models that are aligned with access to Internet resources more
generally through the UK Access Management Federation based upon the
Internet2 Shibboleth technologies [3]. We present a variety of case studies
showing how the world of e-Research and non-grid-based access to and
usage of secure Internet resources can be aligned. Key to the success of
this is shielding users from the underlying middleware, certii cates, and
features that are not directly supporting their primary reason for engag-
ing in e-Research to begin with. Demonstrations of these solutions across
a variety of application domains are given to offer both a snapshot of state-
of-the-art security systems and a vision for an integrated and secure grid
system of the future.
12.2
Fundamentally, grids are about sharing resources. With this in mind, it is
essential that security is ensured, both of the underlying systems and of
the grid infrastructures and applications running on top of them. This is
especially the case as the grid community moves from the academic,
research-oriented background to more commercial arenas, and especially
when one moves toward more security-focused domains such as i nance
and e-Health. It is the case in computer security that the weakest link rule
applies; this fact is magnii ed by grid infrastructures due to their collab-
orative openness. Highly secure multimillion pound compute facilities
can be compromised by inadequately secured remote laptops. Rigorous
security procedures at one site can be made redundant through inade-
quate procedures at another collaborating site.
This problem is due, in part, to the lack of granularity in how security is
currently considered. Grid security is still primarily based on PKIs, which
support the validation of the identity of a given user requesting access to
a given resource—so-called
authentication
.
Authentication and Grid Systems
Search WWH ::
Custom Search