[saga-rg] Subject: BOUNCE saga-rg at ggf.org: Non-member submission from [Dane Skow

[Shantenu Jha]

From: Dane Skow <skow at mcs.anl.gov>
Subject: Re: SAGA and Security
Date: Mon, 13 Feb 2006 11:54:43 +0200


Hi Andre,

I have some reservations with this summary of our discussion but as I  
indicated, I think I don't understand the scope/abstraction levels  
you are after. We seem to be mixing several things here in this  
discussion. I believe you've been talking primarily with Olle so  
perhaps it's my confusion. I will try to attend your session at 10:30  
on Wednesday, though it conflicts with the CAOPs session we'll also  
need to cover.

Within the OGSA architecture in GGF we can make some simplifying  
statements about a common paradigm. However, if the goal is to  
provide an API generic across ANY Grid infrastructure, the task is  
more difficult.
We can also make simplifications if one assumes the API is for  
accessing Grid services and does not expect to efficiently adapt to  
local communications between individual users.

I'm having a hard time understanding whether the desire is to  
understand "the" common grid security model (there are some things we  
can say pretty broadly now for the common ones in GGF:  x509  
credentials are the common denominator for grid identification/ 
authentication, etc), to find/build a common library set for building  
tools to implement common security goals in applications (eg. set/ 
read an ACL for accessing a file/service, etc), or to identify what  
the elemental security actions are for a broad set of grid services.

As I mentioned in our talk, I believe we have lessons to learn here  
from how IETF has handled the job of integrating security into  
application/protocol design. The answer is clearly NOT to have  
external experts come in a "sprinkle security pixie dust" (not what I  
understand you to be asking for by the way), but rather to  
consolidate on a common toolkit of security tools/protocols that are  
well understood/reviewed and have developers consider possible abuses  
of their protocols/services/software. Somehow we need to figure out  
how to make this work in GGF. I (and I'll be Olle) will be happy to  
work with you on how to make this happen.

Cheers,
Dane

On Feb 13, 2006, at 10:58 AM, Andre Merzky wrote:

> Hi group,
>
> we managed to corner the Security Area ADs at GGF in Athens,
> and to get some statements from them in respect to:
>
>   "What security paradigms are generically available in
>    Grids, and what should be exposed to the end user?"
>
> Well, their answer was basically, that there is no agreed
> upon approach in the scope of GGF, so, the best we can do is
> to look at Grid implementations, and abstract/generalize
> their security paradigms.
>
> A viable approach in their opinion would be to base security
> settings on strings, and allow the implementation to interpret
> them accordingly.  That approach is very close to what we
> have right now for sessions, and what we want to have for
> streams.
>
> Shantenu and I discussed that shortly, and would like to
> propose as follows:
>
>   - for the time being, keep security  out of the API where
>     not absolutely necessary
>   - where absolutely necessary (case by case), keep exposure
>     of security paradigms simple and generic
>
> I think the notion of context that we have in the SAGA API fits
> that approach well:  by default they are invisible.
>
> We would be happy to get comments, also from the Cc'ed
> Security ADs (hope we interpreted your answer correctly).
>
> Cheers, Andre & Shantenu.
>
>
> -- 
> "So much time, so little to do..."  -- Garfield
>