Upload
nguyenminh
View
214
Download
0
Embed Size (px)
Citation preview
1
Virtual Organizations and Community Authorization
Service
Andrew A. ChienMay 19, 2004
UCSD CSE225
CSE225 Lecture #14
Administrivia
• Project Presentations, 6/11, 2-4pm, location TBD• Next week:
» 5/26 meet at regular time» 5/28 meet ½ hour early (430pm)
2
CSE225 Lecture #14
Last Time
• Globus Grid Security Architecture and Services» Requirements and alternative bases» Globus Security Infrastructure
– Single Sign On– X.509 certificates– Translation to/from local identity– Proxy certificates and Restricted Delegation
» What is enables– Transitive delegation– Third party access on your behalf– Limited loss if compromise, Limited scope of delegation
CSE225 Lecture #14
Today’s Readings
• The Anatomy of the Grid: Enabling Scalable Virtual Organizations. I. Foster, C. Kesselman, S. Tuecke. International J. Supercomputer Applications, 15(3), 2001.
• A Community Authorization Service for Group Collaboration. L. Pearlman, V. Welch, I. Foster, C. Kesselman, S. Tuecke. Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002.
3
CSE225 Lecture #14
Grid Definition
• “Grids involve coordinated resource sharing and problem-solving in dynamic, multi-institutional virtual organizations.”
• Umm…. Okay, so what is a grid really?• Concrete examples…think about the sharing and
security issues
CSE225 Lecture #14
• Community =» 1000s of home computer
users» Philanthropic computing
vendor (Entropia)» Research group (Scripps)
• Common goal= advance AIDS research
Home ComputersEvaluate AIDS Drugs
4
CSE225 Lecture #14
Internet Desktop Grid
• Each Desktop in a separate administrative domain (essentially)
• Create a shared resource pool of workers• Exploit to do a large-scale computation• Need: access, protection?, authentication?, private
communication?• How many administrators? Certificates? What trust?
CSE225 Lecture #14
Mathematicians Solve NUG30• Looking for the solution to the NUG30
quadratic assignment problem • An informal collaboration of
mathematicians and computer scientists
• Condor-G delivered 3.46E8 CPU seconds in 7 days (peak 1009 processors) in U.S. and Italy (8 sites)
14,5,28,24,1,3,16,15,10,9,21,2,4,29,25,22,13,26,17,30,6,20,19,8,18,7,27,12,11,23
MetaNEOS: Argonne, Iowa, Northwestern, Wisconsin
5
CSE225 Lecture #14
Enterprise(s) Desktop Grid
• Servers and Desktops in a shared administrative domain » Or sets of desktops in different administrative domains
• Create a shared resource pool of workers• Exploit to do a large-scale computation• Need: access, protection?, authentication?, private
communication?• How many administrators? Certificates? What trust?
CSE225 Lecture #14
Network for EarthquakeEngineering Simulation
• NEESgrid: US national infrastructure to couple earthquake engineers with experimental facilities, databases, computers, & each other
• On-demand access to experiments, data streams, computing, archives, collaboration
NEESgrid: Argonne, Michigan, NCSA, UIUC, USC
6
CSE225 Lecture #14
Enterprises Grid - Computation
• Servers in multiple Administrative Domains• Create a coordinated scheduling of a set of resources
» Computers and unusual instruments/devices
• Communicate securely and authenticated amongst the entities
• Exploit to do distributed simulation • Need: access, co-scheduling, protection,
authentication, private communication?• How many administrators? Certificates? What trust?
CSE225 Lecture #14 Image courtesy Harvey Newman, Caltech
Data Grids forHigh Energy Physics
Tier2 Centre ~1 TIPS
Online System
Offline Processor Farm
~20 TIPS
CERN Computer Centre
FermiLab ~4 TIPSFrance Regional Centre
Italy Regional Centre
Germany Regional Centre
InstituteInstituteInstituteInstitute ~0.25TIPS
Physicist workstations
~100 MBytes/sec
~100 MBytes/sec
~622 Mbits/sec
~1 MBytes/sec
There is a “bunch crossing” every 25 nsecs.There are 100 “triggers” per secondEach triggered event is ~1 MByte in size
Physicists work on analysis “channels”.Each institute will have ~10 physicists working on one or more channels; data for these channels should be cached by the institute server
Physics data cache
~PBytes/sec
~622 Mbits/sec or Air Freight (deprecated)
Tier2 Centre ~1 TIPS
Tier2 Centre ~1 TIPS
Tier2 Centre ~1 TIPS
Caltech ~1 TIPS
~622 Mbits/sec
Tier 0Tier 0
Tier 1Tier 1
Tier 2Tier 2
Tier 4Tier 4
1 TIPS is approximately 25,000 SpecInt95 equivalents
7
CSE225 Lecture #14
Enterprises Grid – Data Sharing
• Servers in multiple Administrative Domains• Create an integrated view of data
» Dependent on access rights? What’s a view
• Communicate securely and authenticated amongst the entities
• Access resources in coordinated fashion, and source/sink/move data for analysis
• Need: access control for data, protection, authentication, private communication
• How many administrators? Certificates? What trust?
CSE225 Lecture #14
The 13.6 TF TeraGrid:Distributed Computing at 40 Gb/s
26
24
8
4 HPSS
5
HPSS
HPSS UniTree
External Networks
External NetworksExternal
Networks
External Networks
Site Resources Site Resources
Site ResourcesSite ResourcesNCSA/PACI8 TF240 TB
SDSC4.1 TF225 TB
Caltech Argonne
TeraGrid/DTF: NCSA, SDSC, Caltech, Argonne www.teragrid.org
8
CSE225 Lecture #14
Virtual Organization
• Involves multiple organization and security domains
• Users from multiple domains• Resource from multiple
domains• Clashes and conflicts• “Security Policy Overlay”
» What does this mean?• Cross-organizational activity
CSE225 Lecture #14
Virtual Organization Examples
• Consultants engaged by a car manufacturer to perform scenario evaluation for planning a new factory
• Industrial consortium bidding on a new aircraft RFP• Crisis management team and databases and
simulation systems that they use to plan a response to an emergency situation
• Large international, multi-year high-energy physics collaboration
• Application, Storage, Cycle providers (and combinations)
9
CSE225 Lecture #14
Risks in using a Virtual Organization
• Outsiders get access to inappropriate data• Internal data escapes• Insiders get access to inappropriate data• External data leaks in• Someone causes local resource problems• Someone causes remote resource problems• More subtle information flow• Dependence on other definers of identity• … lots of risks …
CSE225 Lecture #14
VO as Realized by GSI
• Create global identities for each user (can elevate a local identity)
• Create local identities for each user on local resources
• Each domain defines global to local identity mappings (and reverse)
• Account grouping and Group accounts can be used within a domain
» audit challenges» Reverse mapping challenges
• How to determine access to a resource? Transitively?
10
CSE225 Lecture #14
Examples
• Creating shared access to a set of compute resources» In one organization» In several organizations
• Creating shared access to a set of data resources» In one organization» In several organizations
• Transitive combinations of these?• Users with identities in multiple organizations?
CSE225 Lecture #14
Discussion Questions
• How to define policy?• How to administer?• How modular?• What level of effort?• Who needs this?• How far down is this worth taking?• What alternatives?
11
CSE225 Lecture #14
Alternatives
CSE225 Lecture #14
Community Authorization Service
• Question: How does a large community grant its users access to a large set of resources?» Should minimize burden on both the users and resource providers
• Community Authorization Service (CAS)» Community negotiates access to resources» Resource outsources fine-grain authorization to CAS» Resource only knows about “CAS user” credential
– CAS handles user registration, group membership…» User who wants access to resource asks CAS for a capability
credential– Restricted proxy of the “CAS user” credential, checked by resource
12
CSE225 Lecture #14
CAS1. CAS request, withresource namesand operations
Community Authorization Service Prototype
Does the collective policy authorize this
request for this user?
user/group membership
resource/collective membership
collective policy information
Resource
Is this request authorized for
the CAS?
Is this request authorized by
the capability? local policy
information4. Resource reply
User3. Resource request,
authenticated withcapability
2. CAS reply, with
and resource CA infocapability
CSE225 Lecture #14
Community Authorization Service
• CAS provides user community with information needed to authenticate resources» Sent with capability credential, used on connection with
resource» Resource identity (DN), CA
• This allows new resources/users (and their CAs) to be made available to a community through the CAS without action on the other user’s/resource’s part
13
CSE225 Lecture #14
Community Authorization Service Uses
• Avoid per-user administration activities (export to “group”)
• Advertise resources for anonymous use (utility)• Compute? Data?
• Would an enterprise use a CAS? • A public CAS?• Could NPACI/Alliance?• Why and why not?
CSE225 Lecture #14
Summary
• Grids are varied in structure and relationship» Internet Desktop Grid, Enterprise Grid» Compute Resource Oriented, Data Resource Oriented
• Virtual Organizations are a Security Policy Overlay» Notion of Virtual Organization is diverse» GSI can be used to build VO’s based on individual identity
– Challenges in administration: local/VO, management, lack of group identity
» Community Authorization Service supports notion of group– Anonymous use, Group management– Lesser Audit and no fine-grained control