draft-ggf-ogsa-sec-roadmap-01.doc

Built on top of xml standards are the web services

Info icon This preview shows pages 6–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Built on top of XML standards are the Web services standards, including WSDL [WSDL]. Alternatively, or as well, message-level security mechanisms can be used to achieve end- to-end security instead of depending on underlying hop-by-hop security technologies like [email protected] 6
Image of page 6

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
GWD-I ( draft-ggf-ogsa-sec-roadmap-01 ) Revised 6/14/2018 SSL/TLS [SSL, TLS]. In the case of SOAP payloads, security is based on WS-Security [WS-Security] and the areas it addresses: digital signature, encryption and security tokens. As described in the Grid security model, the policy layer and the federation layer will be built based on the underlying security layers and technologies. As illustrated in Figure 2 and described above, the Grid security model will adopt and build on a variety of existing and evolving standards. As many different environments will need to interoperate, the technologies used within a particular hosting environment can be exposed as part of its policy so that interoperability can be achieved. Requestor Application VO Domain Credential Validation Service Authorization Service Secure Conversation Requestor's Domain Service Provider's Domain Audit/ Secure-Logging Service Attribute Service Trust Service Service Provider Application Bridge/ Translation Service WS-Stub WS-Stub Privacy Service Credential Validation Service Authorization Service Audit/ Secure-Logging Service Attribute Service Trust Service Privacy Service Figure 3. Grid Security Services Key relationships among requestor, service provider, and many of the security services are depicted in Figure 3. Here, we assume a Virtual Organization setup in which the requestor and service provider are each subject to the policy set in their respective domain, while the Bridge/Translation Service has credentials in both domains and is able to federate the requestor and service provider by issuing different identity and capability assertions that can be validated in each domain. All the call-out interfaces to the security services from the requestor and service provider, indicated by outgoing arrows in Figure 3, must be specified in terms of OGSA interfaces. [email protected] 7
Image of page 7
GWD-I ( draft-ggf-ogsa-sec-roadmap-01 ) Revised 6/14/2018 Compliant implementations can make use of existing services and defined policies through configuration. Compliant security service implementations of a particular security related service type can provide the associated and possibly alternative security services. All security service providers are also OGSA-compliant services, which means that they adhere to the same specified serviceTypes and associated portTypes as normal OGSA service providers. Furthermore, all security service providers are subject to the same policy enforcement as application service providers and requestors.
Image of page 8

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern