Difference between revisions of "GCube Security Model"

From Gcube Wiki
Jump to: navigation, search
Line 2: Line 2:
  
 
==Authentication Model==
 
==Authentication Model==
The DILIGENT Security uses [http://en.wikipedia.org/wiki/Public_key_infrastructure Public Key Infrastructure] (PKI) mechanisms to authenticate identities acting in the infrastructure. Each authenticated invocation must be performed using valid credentials issued by a trusted Certification Authority.  
+
The DILIGENT Security model uses [http://en.wikipedia.org/wiki/Public_key_infrastructure Public Key Infrastructure] (PKI) mechanisms to authenticate identities acting in the infrastructure. Each authenticated invocation must be performed using valid credentials issued by a trusted Certification Authority (CA).  
 
To speed up performances of some services unauthenticated invocatons are also allowed, even if not planned in the design of DILIGENT security. These invocations can be performed without any credentials, neither authentication nor authorization is enforced in these cases.
 
To speed up performances of some services unauthenticated invocatons are also allowed, even if not planned in the design of DILIGENT security. These invocations can be performed without any credentials, neither authentication nor authorization is enforced in these cases.
  
Line 10: Line 10:
 
This choice is driven by the need to delegate caller credentials to invoked services.
 
This choice is driven by the need to delegate caller credentials to invoked services.
 
The HTTPS mechanism (also available in the Java-WS-Core) cannot interoperate with the GSI-SecureConversation one, thus preventing the exploiting of both mechanisms in the DILIGENT infrastructure. For this reason the HTTPS mechanism has been discarded.
 
The HTTPS mechanism (also available in the Java-WS-Core) cannot interoperate with the GSI-SecureConversation one, thus preventing the exploiting of both mechanisms in the DILIGENT infrastructure. For this reason the HTTPS mechanism has been discarded.
 +
 +
==Authorization Mechanism==
 +
Each Digital Library (DL) need to be
 +
The different Digital Libraries corresponds to VOMS groups
  
 
==The DL context==
 
==The DL context==
Service invocations in the DILIGENT infrastructure are performed in a context  
+
Authenticated invocations to DILIGENT services are performed in the context of a DL. The context is identified from the proxy certificate attached to the request. It should contains roles for a single VOMS group
  
 
==Identity of services acting in a Single DL==
 
==Identity of services acting in a Single DL==
  
 
==Identity of services acting in mutiple DLs==
 
==Identity of services acting in mutiple DLs==

Revision as of 16:53, 14 March 2007

This page describes the security model adopted in the DILIGENT infrastructure

Authentication Model

The DILIGENT Security model uses Public Key Infrastructure (PKI) mechanisms to authenticate identities acting in the infrastructure. Each authenticated invocation must be performed using valid credentials issued by a trusted Certification Authority (CA). To speed up performances of some services unauthenticated invocatons are also allowed, even if not planned in the design of DILIGENT security. These invocations can be performed without any credentials, neither authentication nor authorization is enforced in these cases.

Authentication Mechanism

The mechanism used in DILIGENT to authenticate service invocatons is the WS-SecureConversation one. The Java WS-Core container provides a built-in implementation of this standard called GSI-SecureConversation.

This choice is driven by the need to delegate caller credentials to invoked services. The HTTPS mechanism (also available in the Java-WS-Core) cannot interoperate with the GSI-SecureConversation one, thus preventing the exploiting of both mechanisms in the DILIGENT infrastructure. For this reason the HTTPS mechanism has been discarded.

Authorization Mechanism

Each Digital Library (DL) need to be The different Digital Libraries corresponds to VOMS groups

The DL context

Authenticated invocations to DILIGENT services are performed in the context of a DL. The context is identified from the proxy certificate attached to the request. It should contains roles for a single VOMS group

Identity of services acting in a Single DL

Identity of services acting in mutiple DLs