[ogsa-d-wg] Security issues for data services
William E. Allcock
allcock at mcs.anl.gov
Fri Jun 3 18:10:12 CDT 2005
Dave,
Thunderbird didn't seem to like your HTML mail, it wouldnt wrap the HTML
and so the lines were veeerrrryyyyy long. Anyway, a couple of comments:
I disagree that replication services need to enforce common security
levels for replicas. If I have read access to a file, I can copy it and
set its access to whatever I want. If that is important data, it is
assumed that since I have read access I will take care of it. A
community may wish to impose consistent access rights across replicas,
but that is a policy issue not something inherent in replication services.
As to the federated security model, I again dont think that is
necessary, if I access n different sites, I have to do n authentication
and authorization checks and if any one of them fails the access fails.
This does imply some things about uniform identity, they all trust the
same CAs, even that they are all using the same security mechanism. It
would also be a major pain to debug access problems, particularly if the
system is dynamically choosing the resource so you dont even know where
are accessing things. I suppose it might be possible to query your
rights across all the resources and present a federated access rights
list that was the least common denominator.
The idea of users not wanting anyone, including admins knowing what they
have stored is a security concern. How do we know that they are not
storing stolen top secret information or that they are actually running
bomb design software. I dont subscribe to this, but I have heard this
argument from security folks before.
Bill
--
William E. Allcock
Argonne National Laboratory
Bldg 221, Office C-115A
9700 South Cass Ave
Argonne, IL 60439-4844
Office Phone: +1-630-252-7573
Office Fax: +1-630-252-1997
Cell Phone: +1-630-854-2842
More information about the ogsa-d-wg
mailing list