[ogsa-d-wg] Security issues for data services

[Dave Berry]

All,

At the London meeting we agreed to discuss security issues at next Wednesday's telcon, and to mail round thoughts in advance.  Many of you know far more than I, but I thought I'd send round some naïve thoughts to kick off the discussion.  Please correct and develop these comments.

Dave.


Access to data elements requires authorisation, possibly at the level of each individual element.  Depending on the data model, this level may be finer-grain than the level of the resource.  E.g. if the resource is a file system, the access control will be at the level of individual files.  Furthermore, in a database system, the access control will be at the level of individual tables and/or attributes; as such the access may depend on the content of a particular query.

Some types of data have strict privacy policies that restrict the queries that are allowed.  These restrictions may apply to sets of queries, so whether a query is permitted may depend on previous queries coming from the same user.

Replication services need to enforce common security levels for the replicas.  This may require replicating the security metadata.

Federation services need to access data in the federated resources.  This presumably requires some federation of the security model.

Users may want to restrict other people from seeing which queries or commands they are sending.  This may affect the logging functionality of the service as well as the security of the transmission channel.

Users with confidential data want assurance that their data will not be read by other users or administrations of a server.  They want assurance that the services or executables invoked on the data are the actual services or executables expected (as opposed to trojans, etc).