Information Technology Reference
In-Depth Information
There are other issues with PKIs and grid certii cates as currently
applied in the e-Research community. The fundamental issue with PKIs is
trust. Sites trust their users, CAs, and other sites. If the trust between any
of these is broken, then the impact can be severe, especially since users are
in principle free to compile and run arbitrary code. Thus with PKIs there
is no mention of what the user is allowed to do once they have gained
access to the resource. For example, users can in principle run arbitrary
applications, starting a variety of local processes. In reality, a set of exist-
ing applications and infrastructure are often pre-deployed across the grid
nodes; hence the issue and risks of uploading executables are diminished.
However, given the fact that compilers are commonly available on these
resources, the possibility to compile arbitrary code and run executables
spawning arbitrary processes exists. There is typically no security middle-
ware enforcement on what processes can be started, by whom, and in
what context, other than the local enforcement given by the privilege asso-
ciated with the local account. As the grid community moves toward more
security-focused domains such as e-Health, such a model will never be
supported. Instead practices and solutions that help make grid infrastruc-
tures safer are required. Authorization-based systems offer one approach
to improve this security model.
12.3
Once uses have had their identity validated at a remote resource, it is
essential that their actions are restricted based on who they are, what they
are trying to do, and in what context, and so on. There are various meth-
ods of enforcing this restriction, the simplest method being the use of an
access control list (ACL), which lists what users have access to a privilege.
Essentially, uses present their credentials at a gatekeeper to a resource,
which consults a known list of users. This basic authorization structure
extends the concept of authentication and no more. If the user cannot
authenticate to the satisfaction of the gatekeeper then the resource request
will be denied. The Globus GSI [7] software is an example of the classic
ACL used to enforce authorization and provides a relatively coarse-
grained approach to implementing security through the grid - mapi le map-
ping of DNs to local user accounts.
A problem that arises when trying to apply this method to a dynamic
grid environment is that only one list exists, where there could be many
privileges that require different ACLs. For example, a user might need
access to a given resource for different purposes within a given VO.
Having a single list with a predei ned set of accounts and user DNs does
not support this multirole approach. This is a solution that would not scale
Authorization and Grid Systems
 
 
Search WWH ::




Custom Search