A final Requirements Document

RequirementsDoc

For more detail and justifications of changes made to the original [wiki:RequirementsBibliography Mullen et al.] document, please see RequirementsDocFull. This contains many annotations explaining the difference between the documents.

Requirements gathering for secure access and use of a generic grid

To inform the above work, the project reviewed publications and other work concerning grid UseCases. The 'generic grid', to which this work alludes, is a production grid, with production applications and a set of users with a wide variety of skills and interests. This work attempts to avoid any limitations with current technologies and to think clearly about requirements before considering technology.

Bibliography

RequirementsBibliography

Focus Group

FocusGroup 

 * Notes and reports from the focus group meeting (as yet unprocessed).  This meeting was held at the start of this activity, on xxxx.

Use Cases

UseCases

See also [http://users.ox.ac.uk/~markn/GridUseCases/ Grid Use Cases] for the documents produced for and after the Focus Group Meeting.

Definitions for documents

DefinitionsPage 

 * Nice definitions of grid, grid computing etc. that others have used.  It is low on content!

Top-level requirements described below under:

Major references used (dominant to the rest)

>90% of our requirements could come from [wiki:RequirementsBibliography Shawn Mullen et al's] (2004) document on "Grid Authentication, Authorization and Accounting Requirements". Working document but good enough! (MN has emailed Shawn Mullen to ask if more work has been done since May 04. That was on 22/7/05 and sent a reminder on 2/8/05). See the [wiki:RequirementsBibliography bibliography notes] for more details.

If we can use it, [wiki:RequirementsBibliography the Security Research Challenges for e-Science] document (2005) could be useful. It has lots of implied requirements (general expectations). (This document has now [End July 05] been published on the NeSC web site and therefore we can cite and use it).

Grid AAA requirements (authentication authorisation and accounting, and auditing) described under:

Authentication AuthN

Include Note

identity, anonymity, pseudonimity (secure anonymous communication), credential lifespan and renewal (short-term credentials), assurance levels (SEE ALSO Operational Characteristics), revocation, policies, documentation, usability, trust (SEE ALSO Operational Characteristics) and responsibility, secure roaming

Insert definition here and requirements follow...

Authorisation AuthZ

Include Note

identity, grouping users/roles, authorisation levels, revocation, attributes, policies, 'transparency', privacy, logging, credentials, fault tolerance, delegation, XXXXmore...

Insert definition here and requirements follow...

Accounting

Include Note

accurate billing and metering, (operational costs, service levels), monitoring or logging, resource and end entity - secure logging, scheduling and resource management. SEE ALSO Grid Auditing

Insert definition here and requirements follow...

Auditing

Include Note

'Accounting as a security component', monitoring or secure logging (resource access decisions, policies, policy changes, resource implication of policies), audit logs, intrusion detection, forensics, diagnostics, audit trail (AuthN and AuthZ). SEE ALSO GridAccounting

Insert definition here and requirements follow...

General references on AAA(+A)

[wiki:RequirementsBibliography Manandhar et al] (2004) mention the 3 primary AuthZ frameworks: Community AuthZ Service (CAS) from the Globus project, Virtual Organization Management System (VOMS) from the EU Data grid project and PERMIS with respect to a "Grid Authorization Framework for CCLRC Data Portal".

Grid protection of data requirements described under:

Include Note

.

Privacy

Include Note

use of data, (supported by confidentiality mechanisms including AuthZ), significant for health data etc.

Definition and requirements follow...

Confidentiality

Include Note

supported by access control within systems and encryption between and within systems, signalling policies, supports privacy, protects sensitive data

Definition and requirements follow...

Integrity

Include Note

provenance (i.e. maintaining integrity of chains/groups of related data), message integrity

Definition and requirements follow...

Digital rights management (DRM)

Include Note

XXXX

Definition and requirements follow...

General references on Grid protection of data

[wiki:RequirementsBibliography Kalra et al] (2004) Pseudonymised repository of histories of cancer patients that can be accessed by researchers.

Grid operational characteristics described under:

Include Note

.

Trust

Include Note

between collaborative organisations, policy framework, infrastructure

Definition and requirements follow...

Performance and scalability

Include Note

delegation(policies and trust frameworks, virtual grids)

Definition and requirements follow...

Manageability incl. architectural components

Include Note

policies, identity management, intrusion detection, anti-virus (i.e. architectural components - others include platform security, system level security design, firewall traversal).

Definition and requirements follow...

Interoperability

Include Note

between grid environments, policies

Definition and requirements follow...

Assurance

Include Note

(is this the same as we understand?), security assurance level

Definition and requirements follow...

Other Requirements

Additional requirements which need a better home include:

.

Single log-on

Include Note

delegate an entity's rights subject to policy Defintion and requirements follow...

Policy exchange

Include Note

establish a negotiated security context

Defintion and requirements follow...