Negotiating Trust on the Grid
Award year: 2004-2005
Grids support dynamically evolving collections of resources and users, usually spanning multiple administrative domains. The dynamic and cross-organizational aspects of Grids introduce challenging management and policy issues for controlling access to Grid resources. Today, access control in Grids is typically accomplished by a combination of identity certificates and local accounts. However, this approach suffers from scalability concerns as the numbers of potential users and resources increase. Users will need software to help them manage their increasing numbers of certificates and to help them determine what certificates to present to gain access to a particular resource. Resource owners will not be able to afford to maintain a local account for every potential user. Users and service owners will also want a more flexible and gradual paradigm for establishing trust, so that they do not have to present their most sensitive certificates to another party before first establishing a certain level of trust in the other party.
Trust negotiation is a new paradigm for access control in open computing systems, i.e., systems where resources are shared across organizational boundaries. With trust negotiation, trust is established iteratively and bilaterally by the disclosure of certificates and by requests for certificates; those requests may be in the form of disclosures of access control policies that spell out exactly which certificates are required to gain access to a particular resource. Trust negotiation addresses all the concerns mentioned above.
We propose to add trust negotiation facilities to the Grid Security Infrastructure (GSI), to provide better support for the dynamic and cross-organizational aspects of Grid activities. In particular, we will work with GSI researchers Jim Basney and Von Welch at NCSA to create trust negotiation facilities for use on Grids. These facilities will take the form of extensions to GSI that embed trust negotiation facilities in popular Grid communications protocols, including TLS and GridFTP. The new facilities will allow Grid programs to dynamically discover what credentials they need to access a particular Grid resource, and obtain them at run time. We will evaluate the performance and ease of use of the new facilities in the context of the Alliance Grid Testbed. At the conclusion of the project, the results will be evaluated to determine the feasibility of incorporating trust negotiation facilities into the production version of GSI, to make trust negotiation facilities available to all Grid users. Such facilities can greatly ease the task of managing security-related information for Grid users by automating the process of obtaining access to Grid resources and eliminating guesswork regarding which certificates to present to gain access to a particular resource. Further, such facilities can enhance Grid scalability by providing a decentralized and scalable approach to managing security-related information.