Dynamic Virtual Organisations in e-Science Education
The overall aim of the DyVOSE project was to explore how dynamic Grid based virtual organisations (VOs) could be established building upon advanced authorisation infrastructures – specifically through extensions to the Privilege and Role Management Infrastructure Standards Validation (PERMIS) technology. The application area of DyVOSE was the education domain however the results of the project are far reaching and can (and are) being used to support e-Research related activities more generally.
Executive Summary
Fundamentally, DyVOSE recognised that future Grids require more advanced security infrastructures that go beyond existing authentication-only based approaches (I know who you are and here is a local account for you to use, e.g. to compile and run arbitrary codes), to authorisation-driven approaches (I know who you are and this is what you are allowed to do on my resource and I will define/check/enforce this). To support this model in a manner that catered for the dynamicity and scalability concerns of current and future Grids required novel enhancements to existing state of the art authorisation techniques, both in how authorisation infrastructures are established dynamically and how they are subsequently used to enforce authorisation policies across multiinstitutional Grid based resources. In establishing and managing large-scale Grids, a single administrator is unlikely to be solely responsible for resources across their own institution, e.g. there is no single administrator for the University of Glasgow, and almost certainly will not be responsible for resources across remote collaborating institutions. In this context, the approach taken within DyVOSE was based upon delegation of authority: allowing an administrator to delegate a level of privilege to (trusted!) local or potentially remote individuals. This privilege allowed influencing local security infrastructures in a scalable, but tightly controlled manner. This was realised through a Delegation Issuing Service (DIS) which allowed privileged users, e.g. local system administrators or resource managers, to allocate restricted sets of roles to those trusted individuals at potentially remote sites, who depending on the delegation policy, could potentially further delegate these roles to other users at other sites. Presentation of these delegated roles (given as digitally signed security attributes) to the resource provider could then be used to enforce the resource or VO-specific authorisation policy.
This model has several direct benefits to future Grids (and Grid based research). Firstly, a fundamental tenet of the Grid is that sites should be autonomous, i.e. define and enforce their own security policies on access and usage of local resources. This model allows local sites to define who can access their resources and under what circumstances in a manner that does not require them to explicitly grant access to known lists of collaborating individuals, or allow other people to set the access control policy for their site. Rather, building on the role based access control model of PERMIS, sites can delegate the authority to remote trusted individuals to allocate roles to their local users, and potentially depending on the delegation issuing policy, further delegate the authority to issue these roles to other parties at other remote institutions. Thus the model is scalable but also very secure whilst retaining tight control over what users can do, since the local administrator always has control over which privileges these roles are allowed to have. Since the roles are assigned in digitally signed attribute certificates, it is not technically possible for an unauthorised user to forge one of these certificates and thus gain unauthorised access.
Secondly this model supports usability aspects of Grid infrastructures. One of the key issues to be addressed in encouraging the uptake of Grids and e-Research more generally is the complexity of existing PKI based approaches. Having to obtain X509 digital certificates and convert them to formats suitable for Grid technologies is a fraught process for the vast majority of potential e-Researchers. The future role out of Shibboleth across UK academia however offers an opportunity to align the Grid world and how internet resources are securely accessed more generally. Thus through authentication at a local identity provider, attributes certificates can be released which can subsequently be used by service providers to enforce authorisation decisions. The definition of and use of these dynamically allocated VO-specific attributes to enforce authorisation policies is thus aligned with the Shibboleth based approach. In addition, all of this is seamless and transparent to the end users of the system who simply log-in, typically to their own institution although depending on the scenario, they may log in to a virtual organisation specific identify provider.
A further indirect benefit of the work undertaken in DyVOSE was in training and educating future Grid engineers. Through DyVOSE the first Grid Computing course in the UK was established in 2004/5 at Glasgow, and one PhD student was tutored at Kent. Both are now in their third year. The PhD work has led to a number of research papers already being published with more in the pipeline. The lecture materials and more general course materials at Glasgow have been made freely available and have been adopted by several other Grid educators. The Grid Computing course at Glasgow formed the basis for technology development and its exploration through case studies in the DyVOSE project. Initially the focus was upon a static privilege management infrastructure where fixed policies were created to secure services implemented by the students as part of their advanced MSc within Glasgow. In the second phase of the project the focus was on dynamic privilege management infrastructures and focused on inter-organisational Grid security which exploited the DIS service.
The DyVOSE project has fully realised all of the objectives outlined in the project proposal and the results have been widely endorsed by the national and international Grid and Grid security communities. Testament to this is the large collection of publications generated through the project many of which were presented at the most competitive of international conferences. The project has also given numerous demonstrations and provided a range of talks at a range of fora across the whole e-Science spectrum. The project results are also making a direct impact on a variety of e-Research activities at the NeSC in Glasgow.