draft-ggf-ogsa-sec-roadmap-01.doc

Security component layering the different components

Info icon This preview shows pages 5–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Figure 1. Security Component Layering The different components needed for the secure deployment of a distributed environment are shown in Figure 1. In this layering, application-specific components such as “secure conversation,” “credential and identity translation,” “access control enforcement,” and “audit and non-repudiation,” depend on policies and rules for “authorization,” “privacy,” “identity/credential mapping,” and “service/end-point.” In order to apply and manage these policies, one needs languages for “policy expression and exchange” and means to securely communicate through bindings to transport protocols. On the side,one can identify a “trust model” component that defines where the trust anchors are, and how trust is derived. The “secure logging” component is a requirement for the auditing of any policy decision. Finally, the left box in the picture groups components that are required for the management and administration of the infrastructure. These management components are also subject to policy enforcement. [email protected] 5
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
GWD-I ( draft-ggf-ogsa-sec-roadmap-01 ) Revised 6/14/2018 Exploiters Security Services Federation Policy Layer Message Security Web Services Standards XML Security Standards Bindings Layer Network Layer Resource Manager Security Hosting Environment Sever Platforms Applications AuthnService AttributeService AuthzService ... Audit Service WS-SecureConversation WS-Federation Authorization Policy Trust ds: Signature xenc:EncryptedData SecurityToken ... WSDL WS* L ... - WS-Routing XKMS XML Signature XML Encryption Assertion Language ... HTTP https Message Provider (e.g. MQ) I I OP CSI V2 ... SSL I PSec TLS ... Solaris AI X Linux OS/ 400 z/ OS Win Figure 2. Security Specifications "Stack" Figure 2 illustrates the layering of existing security technologies and standards and shows how these fit into the Grid security model. Moving from the machine and OS security on the bottom to the applications and server environment at the top, one can identify different layers that either are built and depend on their lower neighbors, or are a level up in abstraction. The same or similar functions can be implemented at different levels, with different characteristics and tradeoffs. For example, security can be an inherent part of a network and binding layer. In the case of the network layer, it can be provided via IPSec or SSL/TLS. In the case of the binding layer, it can be provided by HTTPS and in the case of IIOP, by CSIv2 [CORBA, CSI]. In a messaging environment, the message provider (e.g., MQ) can provide end-to-end message security. Given the increasing use of XML, the security standards in the XML space play an important role here: XML Digital Signature [XML-Signature], XML Encryption [XML-Encryption], XML Key Management Service (XKMS) [XKMS], and assertion languages (e.g., SAML [SAML]).
Image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern