ESPGRIDwiki: RequirementsBibliography

Citations for all the articles used:

Note

• See raw text to see how to add an anchor type this Anchor(name_of_anchor)

• See raw text to see how to link to an anchor at the text type this [:name_of_wiki_page#name_of_anchor:text_of_link]
• Sorry this contains lots of blank links because of text involving 2 or more capital letters together!

Please add new items to the top of the list:

1. Authorization Glossary. GWD-I Category: Informational GGF Working Group on Authorization Frameworks and Mechanisms. Markus Lorch, Virginia Tech Dane Skow, Fermi National Accelerator Laboratory Mary Thompson, Lawrence Berkeley Nat l Laboratory 2004-05-14 GFD.42 http://www.gridforum.org/documents/GWD-I-E/GFD-I.042.pdf

2. Grid Authentication Profiles. Tony J. Genovese. GFD-I, ESnet/LBL Category: Informational Documents CA Operations WG May 15, 2004 http://www.gridforum.org/Meetings/GGF13/Documents/GGF13_Authentication_Profiles_CAOPs-WG.pdf

   *Ivo

   'Need to be able to define authentication profiles within you certificate and methods of authentications.'

3. Use of SAML for OGSA Authorization. Von Welch, NCSA Rachana Ananthakrishnan, Argonne National Laboratory Frank Siebenlist, Argonne National Laboratory David Chadwick, University of Salford Sam Meder, University of Chicago Laura Pearlman, Information Sciences Institute XXXX ref XXXX

4. Policy Management Authority Model Charter. Robert Cowles, SLAC Tony Genovese, ESnet/LBNL Peter Gietz, DAASI Michael Helm, Esnet/LBNL. GFD-C Category: Community Practice Documents CA Operations WG https://forge.gridforum.org/projects/caops-wg/document/Grid_PMA_model_charter/en/1

   * Ivo

   'A common organizational structure and set of expectations; Central points of contact for different Virtual Organization s (VO s) to interoperate, and provide a medium for discussing and normalizing policy differences between different organizations; manage external relationships and resulting internal changes (or vice versa), reflecting these changes in its CP and CPS document set.'

5. OCSP Requirements for Grids GFD-C Category: Community Practice Documents CA Operations WG http://www-unix.gridforum.org/mail_archive/caops-wg/2004/09/pdf00000.pdf Ivo: 'need to have a common, simple, robust protocol, for certificates, signatures, CRTs, CRLs query, revocation, conformation etc.'

6. Anchor(MullenGAAAR)Grid Authentication Authorization and Accounting Requirements Research Document. GWD-C SEC S3A-RG Shawn Mullen, IBM Matt Crawford, FNAL Markus Lorch, VT Dane Skow.

   * Mark/Alun

   Use as basis for the requirements process, must/should/may language and comprehensiveness give an indication for requirements across the board. We have copies of both version 4 (Jan 04) and version 5 (May 04). This document cites some grid AAA requirements and is therefore useful. Alun thought that this was the most useful. Very good at defining the problem spaces. Possibly the most like a requirements document that we have come across.

   • Section 1.2.1: The document states that sites will generally make authz decisions on an aggregate basis: on VO membership or group membership. However, at times it will be necessary to set access rights at the granularity of a single user. [There is a little more on this] BR We should discuss this briefly before concluding that this requirement of each node identifying each (or some) user(s) should not be global. It is a great scalability bottleneck and it is clear that for some applications, it should not be necessary to have the functionality available to carry out this purpose. Nevertheless, this restricted functionality should not in turn restrict the ability to trace a user. For example, pseudonymity would be perfectly reasonable in many cases.

     Section 2.3.3: “Assertions of membership in roles or groups within a VO must be able to be validated by relying parties. Validation of such assertions should not succeed more than 1Ms [One megasecond (1,000,000 seconds): a little less than a fortnight.] after an authority removes the subject's membership.” BR There must be situations where VO assertions must have to be far more current (i.e. require a look up, and if the look up fails, the user cannot proceed or run/complete the job). This is problematic for the grid where long-running jobs are common.

     Section 2.3.5: “A user must be able to select and de-select VOs and roles for a specific access [sic]”

     Section 2.6.2: Revocation. “It must be possible for the authorized administrators to revoke all of a user's authorizations based on VO membership by removing the user from the VO.” [No time requirement given].

     Section 2.6.3: “Authorization revocation should be done in a time frame consistent with the authentication revocation of 0.1Ms.” [a little more than a day].

     Section 2.6.5: Providing credentials to service. “The authentication and authorization credentials that a user presents should be made available to the execution environment by something like a gatekeeper or job manager. In other words, the gatekeeper may have passed a request based on the presented credentials, but if this results in delegation of the request, running a job, the authentication/authorization credentials should be made available to the final execution environment via some standard mechanism.”

   There is more in this document than has been pulled out for these notes here. I (MN) suggest that the ESP-GRID architect uses the requirements given in this document as a starting point, but only after we have modified a few and possibly added a few for privacy and confidentiality.

7. Conceptual Grid Authorization Framework and Classification. GWD-I, Category Informational, GGF Working Group on Authorization Frameworks and Mechanisms , Markus Lorch (Editor), Virginia Tech Bob Cowles (Co-Editor), Stanford Linear Accelerator Center Rich Baker, Brookhaven National Laboratory Leon Gommans, University of Amsterdam Paul Madsen, Entrust Andrew McNab, University of Manchester Lavanya Ramakrishnan, CNIDR/MCNC Krishna Sankar, Cisco Systems Inc. Dane Skow, Fermi National Accelerator Laboratory. Mary R. Thompson, Lawrence Berkeley National Laboratory http://www.globalgridforum.org/documents/GWD-I-E/GFD-I.038.pdf

8. Security Implications of Typical Grid Computing Usage Scenarios. GFD-I.12 Security Working Grou, Marty Humphrey University of Virginia Mary Thompson Lawrence Berkeley National Laboratory October 2000 http://www.globalgridforum.org/documents/GFD/GFD-I.12.pdf

9. An Analysis of the UNICORE Security Model. Grid Certificate Policy WG, T. Goss-Walter, Deutscher Wetterdienst R. Letz, Deutscher Wetterdienst Dr. T. Kentemich, Pallas GmbH H.-C. Hoppe, Pallas GmbH P. Wieder, Forschungszentrum J�lich July 2003. http://www.globalgridforum.org/documents/GFD/GFD.18.pdf

   * Ivo

   'job authentication and secure transmission of data.'

10. Architectures for secure delegation within grids. Programming Research Group Research Report PRG-RR-03-19. Philippa Broadfoot and Gavin Lowe (Oxford University Computing Laboratory), Sept 2003 http://web.comlab.ox.ac.uk/oucl/work/philippa.hopcroft/Papers/PRG-RR-03-19.pdf

    * Mark

    good for definitions, and very readable.

11. OGSA authorization requirements, GWD-I (proposed). Von Welch, University of Chicago; Frank Siebenlist, Argonne National Laboratory; David Chadwick, University of Salford; Sam Meder, University of Chicago; Laura Pearlman, Information Science Institute; GGF June 2003.http://www.globus.org/ogsa/Security/authz/OGSA-authorization-requirements-june3.doc.

    * Mark/Alun

    AuthZ requirements and definitions, use cases also.

12. Security architecture for open Grid Services and related developments. GGF5 and follow-on developments overview. Working draft version 0.9. Yuri Demchenko, October 2, 2002. http://www.terena.nl/tech/grid/docs/ggf5ogsa-security.html

    * Mark

    useful architecture design. This will be very useful for a technical reader. Possibly our 'architect'. Especially part 2: “Mapping AAA architecture to WS and WS/OGSA...”

13. Enterprise specification of the NERC DataGrid Andrew Woolf, CCLRC e-Science Centre et al.

    * Alun

    to follow up this and find full report as well as references 14-15

14. What is the Grid? A three point checklist. GridToday vol 1 no 6 2002. Ian Foster. http://www.gridtoday.com/02/0722/100136.html Alun: to follow up this and find full report.

15. Characterizing Grids: Attributes, Definitions, and Formalisms. J. Grid Comp. 1, 9-23, 2003.

    * Alun

    to follow up this and find full report.

16. eInfrastructure Reflection Group White Paper Version 5.51 13 April 2004

    * Alun

    Use Cases section 4, must follow up to get URL

17. European leadership in e-Science and Grids. eInfrastructure Reflection Group White Paper Version 2.0-pre 16 November 2004. eIRG-Den-Haag-v2.0-pre-accepted.doc

    * Mark

    ignore for now.

18. Anchor(NagaratnamSOGS)The Security for Open Grid Services July 17 2002, Version 1. Nataraj Nagaratnam (IBM Corporation), Phillipe Janson (IBM Corporation), John Dayka (IBM Corporation), Anthony Nadalin (IBM Corporation), Frank Siebenlist (Argonne National Laboratory), Von Welch (University of Chicago), Ian Foster (Arg onne National Laboratory and University of Chicago), Steve Tuecke (Argonne National Laboratory)

    * Mark

    Alun has read this. Good general requirements. Has use cases (“use patterns”) as well. The use cases are good for the customer-service provider models and the scenarios where an intermediary is used.

19. Security, Security, Security. GridToday May 30 2005. Tony Hey. http://news.taborcommunications.com/msgget.jsp?mid=389414&xsl=s...

    * Mark

    definitions

    * Alun

    must find Frank Siebenlist Globus GT4 security architecture, find town meeting presentation? Find full URL for this article.

20. Open Grid Services Architecture Use Cases GFD-I.029. Editors: Ian Foster Argonne and University of Chicago), D. Gannon (Indiana University), H. Kishimoto (Fujitsu), Jeffrin J. Von Reich (Hewlett Packard), October 28 2004. http://www.gridforum.org/documents/GWD-I-E/GFD-I.029v2.pdf

    * Mark

    this has the 2 routes, must use in report. Large document with lots of use cases. Use this to bolster our set of use cases. N.B. Google for this as there may be different versions of this around the place.

21. Security Requirements of Advanced Collaborative Environments (ACEs) GFD-I.043. D. Argawal (Lawrence Berkeley National Laboratory), B. Corrie (Simon Fraser University), J. Leigh (Univeristy of Illinois at Chicago), M. Lorch (Virginia Tech), J. Myers (Pacific Northwest National Laboratory), R. Olson (Argonne National Laboratory), M.E. Papka (Argonne National Laboratory), M. Thompson (Lawrence Berkeley National Laboratory). December 22 2004.

    * Mark

    use cases and background documentation.

22. Advanced Collaborative Environments (ACE). Research Group at Global Grid Forum 5 July 22-24 2002. http://calder.ncsa.uiuc.edu/ACE-grid/2002-07-22_GGF5/docs.html

    * Mark/Alun

    feeds into ACEs doc, must read all links for Use Cases

23. All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2003/AHMCD/ and http://www.allhands.org.uk/2004/proceedings/

    1. Anchor(CornwallEtAl)EU DataGrid and GridPP Authorization and Access Control. L. Cornwall, J. Jensen (CLRC), D. Kelsey (CLRC), A. McNab (Schuster Laboratory, University of Manchester) All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/095.pdf

       * Ivo

       'PKI based; Virtual Organisation for resouces, and users, VO membership lists; attribute certificates; Fine grained access control, dynamically allocated user IDs on local systems'

    2. Anchor(Chadwick)An Authorisation Interface for the GRID. D.W.Chadwick, University of Salford All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/162.pdf

       * Ivo

       'separate authentication and authorisation; plug and play authorisation functionality; need to have standartisaton on authorisation'

    3. Anchor(SinnottEtAl)Bridges: Security Focused Integration of Distributed Biomedical Data. Dr Richard Sinnott, Prof David Gilbert, Dr David Berry, Dr Ela Hunt, Prof Malcolm Atkinson National e-Science Centre. All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/078.pdf

       * Ivo

       'No requirements, only descrbe what is used d(CAS, Akenti, VOMS, VOM, etc'

    4. Anchor(ManandharEtAl)GRID Authorization Framework for CCLRC Data Portal. Ananta Manandhar, Glen Drinkwater, Richard Tyer, Kerstin Kleese CCLRC Daresbury Laboratory. All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/118.pdf

       * Ivo

       'Analysing the structure of the resource providers and the future directions it is heading, it is seen that the important requirement to the Authorization infrastructure are that it has to be: Scalable It is quite inevitable that as organizations start collaborating more there would be an increase in users accessing their resources. The organizations need be able to scale up the number of users or resources without much additional administration overhead for them to be able to enjoy collaboration; Manageable Adding or removing users or resources to the system or modifying user privileges to the resources need to be kept simple and intuitive for the organizations so that the overhead for collaboration does not increase. Also keeping users privileges manageable keeps the system more consistent and up to date, making them reliable; Preferably under the control of the resource end When it comes to the issue of security, organizations are wary of external parties accessing their resources. Organizations would prefer to have control over who have access over their data and up to what degree. They are not yet ready to trust third party organizations in authorizing their resources and prefer to keep control over their resources to keep them reliable; Minimum intervention at the Data Portal layer As the Data Portal is a broker application between users and resource, it is best to pull authentication and authorization information from the resource provider s trusted bodies and have Data Portal forward it to the resource provider along with the request. This keeps Data Portal away from being an addition point of security consideration; Ability to utilize existing Access Control Models Much of the data are stored in file systems, databases or other system which already have an elaborate access control features and many resources present already utilize these existing access control features in managing the level of information that need to be returned. It seems best to integrate the authorization information along with these access control mechanism in providing the level of information to be returned; Ability to integrate with GSI The GSI is the standard means of authenticating users in the e-science community. It provides a trusted mechanism in authenticating users and delegating authentication rights. It would be useful for the authorization system to use GSI as the authentication mechanism; Future integration capabilities with other Grid related applications Users accessing data resources via the Data Portal may like to use other Grid applications such as the HPC portal [10,11] in conjunction. For example a user may retrieve a certain data set via the data portal and may then submit a job on the HPC portal. It would be easy for the user to do such operations if different Grid applications use the similar authentication and authorization strategies.

    5. Anchor(KalraEtAl)Security and confidentiality approach for the Clinical E-Science Framework (CLEF). D Kalra (Centre for Health Informatics and Multiprofessional Education (CHIME) University College London), P Singleton (Centre for Health Informatics and Multiprofessional Education (CHIME) University College London) (Judge Institute, University of Cambridge), D Ingram (Centre for Health Informatics and Multiprofessional Education (CHIME) University College London), J Milan (Royal Marsden NHS Trust), J MacKay (The Genetics Unit, Institute of Child Health, University College London), D Detmer (Judge Institute, University of Cambridge), A Rector (Department of Computer Science, University of Manchester) d.kalra@chime.ucl.ac.uk. All Hands Meeting Publications 2004 http://www.clinical-escience.org http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/160.pdf

       * Ivo

       'Data confidentiality and pseudonimity.'

    6. Anchor(RussellEtAl)Access Control for Dynamic Virtual Organisations. Duncan Russell, Peter Dew, Karim Djemame Informatics Institute, School of Computing, University of Leeds. All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2004/presentations/140.ppt

       * Ivo

       'Highly distributed teams and end resources; Distributed access control; Collaborating VOs; Real time data access and ability to search through historical records; Service level access control of stateful services; Automated VO management.'

    7. Anchor(Beckles)Removing digital certificates from the end-user s experience of grid environments. Bruce Beckles University of Cambridge Computing Service. All Hands Meeting Publications 2004 http://www.allhands.org.uk/2004/proceedings/papers/250.pdf

       * Ivo

       'No digital certificates in user experience, i.e ease of use; No manual interaction of users with digital certificates'