|
Size: 3562
Comment:
|
Size: 3925
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 5: | Line 5: |
| = Assumptions = | = Contents = 1. Introduction: how to use this document 1. Contemporary Assumptions 1. Grids must scale 1. Identity management is a scalability bottleneck 1. How does PKI live up to these assumptions? 1. How could Shibboleth play a role? [[Anchor(intro)]] = Introduction: how to use this document = [[Anchor(contempassumpts)]] = Contemporary Assumptions = |
| Line 54: | Line 66: |
| = How can Shibboleth play a role? = | = How could Shibboleth play a role? = |
This page contains notes building towards a formal document regarding the role of Shibboleth with grids. It necessarily challenges some basic assumptions of the way that authentication and authorisation are currently managed in grids.
This work forms the bulk of the eSP-grid workpackage five (Shibboleth Evaluation).
Contents
- Introduction: how to use this document
- Contemporary Assumptions
- Grids must scale
- Identity management is a scalability bottleneck
- How does PKI live up to these assumptions?
- How could Shibboleth play a role?
Introduction: how to use this document
Contemporary Assumptions
Grids must scale
Anchor(identitymanscalability)
Identity management is a scalability bottleneck
Identity is best managed by "home organisations"
But need not be - identity is easier to manage than role etc.
Attribute management is a scalability bottleneck
Trust must be kept to a minimum on grids
Yes, general principle is true. However, as a resource owner it may not be possible to manage more than n users and therefore you have to trust third parties. Even for a very low number of users, a grid resource owner may be the last to find out that a user has been convicted as a criminal for fraud, or has been determined to have hacked another resource.
Security levels in the information environment are inadequate
Grid cannot trust levels of authN in users home organisations. Grid RAs and CAs are better.
How does PKI live up to these assumptions?
Grids must scale
Anchor(PKIidentitymanscalability)
Identity management is a scalability bottleneck
Identity is best managed by "home organisations"
But need not be - identity is easier to manage than role etc.
Attribute management is a scalability bottleneck
Trust must be kept to a minimum on grids
Yes, general principle is true. However, as a resource owner it may not be possible to manage more than n users and therefore you have to trust third parties. Even for a very low number of users, a grid resource owner may be the last to find out that a user has been convicted as a criminal for fraud, or has been determined to have hacked another resource.
Security levels in the information environment are inadequate
Grid cannot trust levels of authN in users home organisations. Grid RAs and CAs are better.
How could Shibboleth play a role?
Grids must scale
Anchor(SHIBidentitymanscalability)
Identity management is a scalability bottleneck
Identity is best managed by "home organisations"
But need not be - identity is easier to manage than role etc.
Attribute management is a scalability bottleneck
Trust must be kept to a minimum on grids
Yes, general principle is true. However, as a resource owner it may not be possible to manage more than n users and therefore you have to trust third parties. Even for a very low number of users, a grid resource owner may be the last to find out that a user has been convicted as a criminal for fraud, or has been determined to have hacked another resource.
Security levels in the information environment are inadequate
Grid cannot trust levels of authN in users home organisations. Grid RAs and CAs are better.