Usable Security for Science

Challenges and Next StepsJens Jensen <j.jensen @ rl ac uk>Science and Technology Facilities

CouncilTrust and Security 2nd Workshop

Oxford 8-9 May 2008

This Talk…

• Is about security – practical security• Mainly from the service provider’s view• Broader view rather than narrow tech• Mostly about AAA in line with

workshop’s theme• Tried to be provocative now and then

Large scale sciencefacilities with users

across the world

All Images © STFC

all areas of scienceBiology andmedicine

Space

Earth

Materials

Physics

Arts andhumanities

Environmentand energy

…

Technology

Chemistry

Why Security?

• Protect our infrastructure (and users’ data)

• Enforce allocations• Accounting for resource use• Track resource misuse• Peering – across UK, Europe, World

Practical AspectsMost technology is experimental

Standard

Java LibraryImplementation

C/C++ LibraryImplementation

… thirdimplementation

Practical Aspects• A spec alone is useless...(without

implementations)• Java (alone) is useless• C can be linked into everything

(almost)– Perl, python, …

• Need >2 independent implementations– Interoperating !!

• Usable licence

Practical Aspects

Standards arevery important

Sometimesthere aretoo many

Practical Aspects

like traffic(sort of)

Technology, Grids,it’s experimental

Never ever justtrust the standard

What we have for AuC

• Site security – physical (people, doors, access cards, keys)

• Site computing – Active Directory• e-Science CA (IGTF/X.509)• Shibboleth• Credential conversion (later in talk)

Whose

• Developer• Service provider• Sysadmin• Supporter• Accounting

• Facility provider• User office• Granting body• PI• End user

Dimensions

• Time (user’s)• Time (ours)• Space (geo)• Financial/

resources• Ease of use

• Assurance• Trust• End to end (user

to system)

Interest in

proposal

Registration

Authorisation

Users’ timeline

Science!

Termination

(or not?)

Weak AUC

Stronger AUC

STATE of AUC?

Organisation Timeline

Preserving data, curation

Technology migration

Lower costs…

User Offices HR

Integrated AccountManagement

STAFFVISITORAGENCY STAFF External

Diamond?Other STFC sitesPPARC/CCLRC

xyz12345@fed.cclrc.ac.uk

joe.user@stfc.ac.uk

Usability for users

Should be like a duck

Who moves across the pond

Paddling of feet unseen

Usability for service provider

Let the good guys in

Keep the bad guys out

Minimal supportrequirements

How we achieve (some of) it

Credential Conversion

Scientist wishes to do work

Logs in Uses resource

Account mgmt and AuZ

• Site single sign on databases (connected)

• fedId, DN, resource username• Granting access to resources (AuZ)• Single account management

– Also holds customers – e.g. beamline scientists

• Adding more resources

Example Resource

• SCARF cluster• External users use certificates• All staff have a default SSO account

– Temporary limited recyclable accounts• Staff can apply for permanent acct• License management for all users

– Commercial libraries

MyProxy for CC

http://grid.ncsa.uiuc.edu/myproxy/

Grids (NGS,gLite/GridPP,SRB)

Kerberosor

Active Directory

Users do not see the certificate – it's all managed behind the scenes (duck paddling)

Applications integrated security

• We adapt science applications to use the Grid

• End to end• Interfaces to security infrastructure• Often security is added only as

necessary?– Imposed by Grid infrastructure

Shib for CC

Password Shibboleth

Resource access

NGS

• Deploy production services for Grids• SARoNGS – Jan 07 – Jan 08 for NGS

– Integrate ShibGrid and SHEBANGS– Shibboleth access with VO attrs from

VOMS

NGS

• e-Science CA: accepted internationally• High assurance level• Works because everybody in the world

is on the same level• Robots for automated services (or

portals)• Not necessarily needed for normal

users?

Why does it work?

Interoperable Standards

based

Tested!

Er, what was the question again?

How important is usability for my users?• Very• More for some than for others

– Health workers seem to have particular difficulties

– Physicists are more hardy folk

…Usability?

Security…

…a necessary evil?

ExperiencesUsable security

…satisfying user and site requirements…

…makes happy(er) andproductive users

…And the second question?

Usability and interoperability?• Interoperability improves

reusability• Reusable means more versatile• Improves usability

…And the final question?

What we learn from other communities?• Pick usable components for reuse• Build on experiences• Deploy services for

other communities– Try to adapt what they

already have

Don’t reinvent the

But did they want this?

or this? or this?

Final words (promise)

• Aim to meet user and site requirements• Build on stuff that works (or build stuff

that works…)• Users don’t always know what they want• Don’t forget, it’s an experimental

science – across all dimensions