« Return to Thread: What are GIDs good for?
Re: What are GIDs good for?
by Larry Peterson
::
Rate this Message:
I think the SFA design also decouples authentication from
authorization. The GID is a certificate that identifies an entity,
chained back to someone I trust. We can quibble about the
definition of the GID (e.g., whether it needs a UUID or a public
key is sufficient to uniquely identify the entity), but that's the
general idea.
Authorization requires a credential, which also includes a set
of rights this particular principal is granted. The server inspects
this credential before authorizing the operation.
As for SAML, it's a perfectly reasonable thing to use. As the
SFA was being hashed out, we tended to shy away from
heavy-weight mechanisms that might warp the design in some
way, but using SAML in a prototype would be a reasonable thing
to do.
Larry
On Thu, Jun 11, 2009 at 9:12 AM, Max Ott<Max.Ott@...> wrote:
> Folks,
>
> We have been spending a lot of time recently working through
> federation issues, looking at the design notes from other control
> frameworks, standards, ... and getting more and more confused :)
>
> While my primary confusion really centers on the slice manager - whose
> exact role I understand less and less, we got specifically stuck on
> the GID today and all the certificate chains attached to it. I read
> the Ricci's and Leigh's notes on it, and Thierry and I tried to work
> through the geniwrapper code.
>
> Anyway, what do we want to achieve? We have resources, we users who
> want to use them and we have control frameworks which stand in the
> middle. Or maybe in a more generic way, we have entities which want to
> perform actions on other entities and somebody needs to authorize that.
>
> SAML very clearly differentiates between authorization and
> authentication and I'm wondering if we make the same clean
> separation. Maybe a different question would be, why aren't we using
> standard solutions, such as SAML? I know they often big and cover a
> lot of other stuff, but the basic concepts seem to be sound.
>
> So what is wrong with using 'normal' identifiers and attach assertions
> - what the object is allowed to do, who can do what with it, for how
> long, ... Assertions themselves can be signed and can refer to other
> assertions from which they get the authority to make the assertions
> they make. Signatures are verified the standard way back to a well
> known anchor (I know we already do that), and assertions provide the
> chain along legal agreements, or to resource allocation policies or
> 'cost centers'.
>
> This way, I can break the necessary information I need to make a
> decision at various places into individual pieces; can link them by
> URLs; or pack them all together into standard messaging formats such
> as MIME/S or PGP (and the many existing toolkits)
>
> I'm not a security expert and I may miss something obvious, but I have
> a really hard time seeing how the current architecture will cleanly
> accommodate a federated world with changing legal and policy
> requirements.
>
> Thanks,
>
> -max
>
>
> _______________________________________________
> control-wg mailing list
> control-wg@...
> http://lists.geni.net/mailman/listinfo/control-wg
>
_______________________________________________
control-wg mailing list
control-wg@...
http://lists.geni.net/mailman/listinfo/control-wg
authorization. The GID is a certificate that identifies an entity,
chained back to someone I trust. We can quibble about the
definition of the GID (e.g., whether it needs a UUID or a public
key is sufficient to uniquely identify the entity), but that's the
general idea.
Authorization requires a credential, which also includes a set
of rights this particular principal is granted. The server inspects
this credential before authorizing the operation.
As for SAML, it's a perfectly reasonable thing to use. As the
SFA was being hashed out, we tended to shy away from
heavy-weight mechanisms that might warp the design in some
way, but using SAML in a prototype would be a reasonable thing
to do.
Larry
On Thu, Jun 11, 2009 at 9:12 AM, Max Ott<Max.Ott@...> wrote:
> Folks,
>
> We have been spending a lot of time recently working through
> federation issues, looking at the design notes from other control
> frameworks, standards, ... and getting more and more confused :)
>
> While my primary confusion really centers on the slice manager - whose
> exact role I understand less and less, we got specifically stuck on
> the GID today and all the certificate chains attached to it. I read
> the Ricci's and Leigh's notes on it, and Thierry and I tried to work
> through the geniwrapper code.
>
> Anyway, what do we want to achieve? We have resources, we users who
> want to use them and we have control frameworks which stand in the
> middle. Or maybe in a more generic way, we have entities which want to
> perform actions on other entities and somebody needs to authorize that.
>
> SAML very clearly differentiates between authorization and
> authentication and I'm wondering if we make the same clean
> separation. Maybe a different question would be, why aren't we using
> standard solutions, such as SAML? I know they often big and cover a
> lot of other stuff, but the basic concepts seem to be sound.
>
> So what is wrong with using 'normal' identifiers and attach assertions
> - what the object is allowed to do, who can do what with it, for how
> long, ... Assertions themselves can be signed and can refer to other
> assertions from which they get the authority to make the assertions
> they make. Signatures are verified the standard way back to a well
> known anchor (I know we already do that), and assertions provide the
> chain along legal agreements, or to resource allocation policies or
> 'cost centers'.
>
> This way, I can break the necessary information I need to make a
> decision at various places into individual pieces; can link them by
> URLs; or pack them all together into standard messaging formats such
> as MIME/S or PGP (and the many existing toolkits)
>
> I'm not a security expert and I may miss something obvious, but I have
> a really hard time seeing how the current architecture will cleanly
> accommodate a federated world with changing legal and policy
> requirements.
>
> Thanks,
>
> -max
>
>
> _______________________________________________
> control-wg mailing list
> control-wg@...
> http://lists.geni.net/mailman/listinfo/control-wg
>
_______________________________________________
control-wg mailing list
control-wg@...
http://lists.geni.net/mailman/listinfo/control-wg
« Return to Thread: What are GIDs good for?
| Free embeddable forum powered by Nabble | Forum Help |
