simdat authentification and autorisation matteo dell’acqua et-cts meeting, toulouse, 26-30 may...
TRANSCRIPT
SIMDAT Authentification and Autorisation
Matteo Dell’Acqua
ET-CTS meeting, Toulouse, 26-30 May 2008
VGISC security requirements
Confidentiality– Users information , sensitive data
Data integrity User authentication Authorisation
PKI Trust :Trust domain user roles data policies
Virtual Organisation Principles
A
B
C
D
FE
Creation of trust domains
A
B
C
D
FE
VGISC1 VGISC2
Agreement on user roles and data policies
Exchange of public keys
Data integrity, non-repudiation
A
B
C
D
FE
VGISC1 VGISC2
B publishes a data with data policy VGISC1.researcher
A
B
C
D
FE
VGISC1 VGISC2
VGISC1.researcher
A registers John Smith with VGISC1.researcher role
A
B
C
D
FE
VGISC1 VGISC2
VGISC1.researcher
VGISC1.researcher
John Smith wants to access dataset in B
A
B
C
D
FE
VGISC1 VGISC2
VGISC1.researcher
VGISC1.researcher
JS log-ins to A and issues request
John Smith wants to access dataset in B
A
B
C
D
FE
VGISC1 VGISC2
VGISC1.researcher
VGISC1.researcher
A adds the user role VGISC1.researcher to the request and signs it with its
private key, then sends it to B
John Smith wants to access dataset in B
A
B
C
D
FE
VGISC1 VGISC2
B checks signature of A against known public keys.
B checks if A is a member of VGISC1.B trusts A to tell the truth about the user’s role.
B checks role against data policy.
VGISC1.researcher
VGISC1.researcher
Li Yang is a registered userwith D, with the role VGISC2.researcher
A
B
C
D
FE
VGISC1 VGISC2
VGISC2.researcher
VGISC1.researcher
Li Yang wants data from B
A
B
C
D
FE
VGISC1 VGISC2
LY log-ins to D and issues request
VGISC2.researcher
VGISC1.researcher
Li Yang wants data from B
A
B
C
D
FE
VGISC1 VGISC2
D signs the request with its private key and
adds the user role VGISC2.researcher to the request and sends it
to B
VGISC2.researcher
VGISC1.researcher
Li Yang wants data from B
A
B
C
D
FE
VGISC1 VGISC2B checks signature of D against known public
keys.D is either unknown, or not part of VGISC1.
Access is denied.
VGISC2.researcher
VGISC1.researcher
John Smith requests a certificate
A
B
C
D
FE
VGISC1 VGISC2
VGISC1.researcher
VGISC1.researcher
JS log-ins to A and requests a
certificate
John Smith export his certificate
A
B
C
D
FE
VGISC1 VGISC2
VGISC1.researcher
VGISC1.researcher
VGISC1.researcherSigned by A
Certificate is created, contains user roles and is signed by A
A is down… John Smith logs to C with his certificate
A
B
C
D
FE
VGISC1 VGISC2
VGISC1.researcher
VGISC1.researcherSigned by A
JS logs into C with the certificate issued by A
A is down… John Smith logs to C with his certificate
A
B
C
D
FE
VGISC1 VGISC2
VGISC1.researcher
VGISC1.researcherSigned by A
C checks signature of A against it’s public key.C checks if A is a member of VGISC1.
C adds the roles signed by A to the request.C also signs the request.
Request is sent to B.
A is down. John Smith logsto C with his certificate.
A
B
C
D
FE
VGISC1 VGISC2
VGISC1.researcher
VGISC1.researcherSigned by A
B checks signature of A and C against known public key.
B checks A and C are members of VGISC1.B trusts A to tell the truth about the user’s role.
B checks role against data policy.
SIMDAT allows other trust domains to be created
A
B
C
D
FE
VGISC1 VGISC2
Project X
SIMDAT allows other trust domains to be created
A
B
C
D
FE
VGISC1 VGISC2WMO?
Project X
Development status
Development of the Domain Authority: Authorization Engine– Support for Domains
• X509 Certificates used to check exchanged messages and security tokens [use of a PKI with several CAs]
– Support for Attribute Certificates containing the user’s roles• SAML Tokens • Support for data policies qualifying the datasets. They have two components
domain.policy
– Development of a user database on each nodes to locally manage the users and roles
• User’s only known at DWD will access some datasets at Meteo-France
Development status
Development of tools to manage the VO– Web Admin Interface for the Node
• Create/delete domain, Add/remove domain member• Import domain member’s certificates in • Add/Create User,• Add/Remove User’s Roles
– Development of command-line tools offering the same services as the web interface
Use of NTP to synchronize all the Catalogue Nodes– To always deliver valid SAML tokens
Conclusion
There is a need to have different Authorization schemes– Some datasets will be accessible once the terms and conditions have
been accepted• Fairly weak security: user will self-register,• The portal automatically associates some roles to the user once the user
has agreed to the terms and conditions
– Some datasets have to be very well protected and only accessible to a number of registered users
• High level of security: An admin will register the users and associate roles to these users
There might be a need to support several Authz Token formats