Information Technology Reference
In-Depth Information
2.
Interoperability.
GRID services that traverse multiple domains and hosting envi-
ronments need to be able to interact with each other, thus introducing the need for
interoperability at protocol, policy and identity level.
3.
Trust relationships.
In order to solve the trust relationship problem in a GRID
environment, it is necessary to support mechanisms for defining, managing and en-
forcing trust policies among the participants in a GRID System.
2.2
Security Requirements
The security challenges presented in the previous subsection lead to specific security
requirements. These requirements may differ amongst GRID Systems, depending on
the defined security policies and the type of applications and services used. The most
important security requirements are [2], [4]:
−
Confidentiality.
Ensure non-disclosure of messages traveling over the network, to
unauthorized entities.
−
Integrity.
Ensure that recipient entities may detect unauthorized changes made to
messages.
−
Privacy.
Allow both a service or resource requestor and provider to define and
enforce privacy policies.
−
Identification.
Associate each entity with a unique identifier.
−
Authentication.
Verify the identity of a participant entity to an operation or request.
−
Single logon.
Relieve an entity that has successfully completed the authentication
process once, from the need to participate in re-authentication upon subsequent ac-
cesses to other participant systems in the GRID.
−
Authorization.
Allow for controlling access to resources or services based on au-
thorization policies attached to each entity (e.g. resource or service).
−
Delegation.
Allow transfer of privileges (e.g. access rights) between entities.
−
Assurance.
Provide means to qualify the security level that can be expected from a
hosting environment.
−
Autonomy.
Allow entities to have full control over their local security policies
without compromising the overall GRID System's security.
−
Policy exchange.
Allow entities to dynamically exchange security policy informa-
tion (e.g. authentication requirements).
−
Firewall traversal.
Provide mechanisms for traversing firewalls between adminis-
trative boundaries.
−
Secure logging.
Provide all services, including security services themselves, with
facilities for time stamping and secure logging.
−
Manageability.
Provide the appropriate tools for managing security mechanisms
and policies.
3
GRID Security Architectures
Security is critical for the widespread deployment and acceptance of Computational
GRIDs. Although several security architectures for the GRID environment have been
