Hi All,
Hopefully people won't object to continuing this discussion here...
On 10/03/05 12:11, Ian Stokes-Rees wrote:
> I have returned to security considerations for grid job scheduling and
> execution. I am wondering if there are people on this list, people you
> know, or mailing lists to whom I could post a few thoughts and questions
> regarding grid security.
There's the EGEE Middleware Security Group
([log in to unmask]), but their activities are
mostly restricted to the security plans for EGEE.
> Specifically, I'm thinking about the use of "identity tokens". For
> example:
>
> Bob gives Alice a token which only Alice can use to:
>
> access Bob's data
> generate data in Bob's "file space"
> withdraw "grid bucks" from Bob's grid bank account
>
> and this token would have limits on it (amount of data generated,
> maximum "grid bucks", lifetime).
To me this doesn't sound like an "identity token" but rather an
"authorization token": in some sense the resource doesn't care who Bob
gives authorization to as long as:
* the authorization doesn't exceed Bob's own authorization;
* Bob is authorized to delegate his authorization in this way; and
* the resource can be sure that Bob genuinely made this authorization.
The first point should be obvious. The second point is a special case of
the first: one of the things Bob may or may not be authorized to do is
to delegate his privileges. If Bob is a lead scientist he will be
authorized to delegate to his assistants, but an undergraduate student
can't delegate the authorization she was given in order to do her
assignment. The third point boils down to having Bob digitally sign the
delegation.
This is more-or-less the system implemented in KeyNote:
http://crypto.com/trustmgt/kn.html
> Anyway, I'm sure this kind of thing has done before, or has been
> considered and discarded, so I'd like to find out more about it. If
> not, I'd like to push the idea around with other people.
I'm not sure about the HEP/LCG/EDG context, but some related work has
been done by my colleagues in University College Cork
(http://www.cs.ucc.ie/~simon/pubs/ispdc04.pdf). I've tried to search for
similar work but it's pretty difficult to search the web for a generic
term like "keynote", or that "trust management" has so many different
interpretations.
David
|