[jsdl-wg] my view on execution user and group

Ali Anjomshoaa ali at epcc.ed.ac.uk
Thu Apr 7 15:59:53 CDT 2005 

Yuri,

many thanks for your contributions and discussions. Very valuable I assure
you.

If I understand your use-case, you envisage that a JSDL document will be
passed around on a Grid, and thus, that this document needs to carry some
reference to user ID and credentials for target resources to be able to
carry out Authn and Authz.

What we have been working on is a model where a JSDL document describes
the core (i.e. resource and application) requirements of the job within a
larger job context. That encompassing job context will, then, also include
the security information for the job.

For this reason we have put security issues, such as the specification of
user credentials, firmly out of scope for JSDL. This has been done on the
advice of the security gurus in GGF. I agree with them that a more general
and widely applicable Grid-Security context should encompass a JSDL doc
and not the other way round.

In our model, then, you wouldn't be sending around JSDL docs, but job docs
that have a larger scope than JSDL. A job doc would encompass a JSDL doc
instance and carry security information, such as user credentials, as well
as scheduling, policy, and Agreement information, etc. about that job. See
Figure 2 in the JSDL spec (which for some reason doesn't show any security
context! We'll need to fix that.)

I hope my point is clear.

Many thanks again for your feedback. Please continue on this line until we
have ironed out the wrinkles.

Cheers and take care,

Ali


On Thu, 7 Apr 2005, Yuri Demchenko wrote:

> Michel Drescher wrote:
> > 
> >> On Apr 07, Yuri Demchenko loaded a tape reading:
> >>
> >>> In some respect the CNL process flow requires that the JobDescription
> >>> carries some kind of delegation from the user, e.g. User want that
> >>> Grid processing environment maintains the trust/delegation path.
> > 
> > Any information that directly relates to authentication or authorisation 
> > of the information stored in a JSDL instance document (yes, I promised 
> > to be clearer in my language...) should be handled in the embracing 
> > instance document (or by other means).
> > 
> I persistently want to draw your attention to the specific use case when
> users/customers require that all jobs submitted on behalf of them 
> carry unbroken path of credentials/trust.
> 
> This is a requirement to the Resource's processing environment to have 
> this functionality and this can be achieved by including SubjectID and 
>   SubjConfData/Creds information.
> 
> You may decide not to include this elements but then you probably need 
> to explain this in the Security considerations section.
> 
> If you move your JSDL doc from one su-exec/admin domain/host to 
> another, you definitely need to worry about this kind of potential 
> vulnerability.
> 
> This is also outcome from ongoing EGEE operational security model 
> development.
> 
> Regards,
> 
> Yuri
> 
> 
> 

--

        ---------------------------------------------------- |epcc| -
        Ali Anjomshoaa
        EPCC, University of Edinburgh
        James Clerk Maxwell Building
        Mayfield Road                   E-mail: ali at epcc.ed.ac.uk
        Edinburgh EH9 3JZ               Phone:  + 44 (0) 131 651 3388
        United Kingdom                  Fax:    + 44 (0) 131 650 6555
        -------------------------------------------------------------

More information about the jsdl-wg mailing list