Yuri,
many thanks for your contributions and discussions. Very valuable I assure
you.
If I understand your use-case, you envisage that a JSDL document will be
passed around on a Grid, and thus, that this document needs to carry some
reference to user ID and credentials for target resources to be able to
carry out Authn and Authz.
What we have been working on is a model where a JSDL document describes
the core (i.e. resource and application) requirements of the job within a
larger job context. That encompassing job context will, then, also include
the security information for the job.
For this reason we have put security issues, such as the specification of
user credentials, firmly out of scope for JSDL. This has been done on the
advice of the security gurus in GGF. I agree with them that a more general
and widely applicable Grid-Security context should encompass a JSDL doc
and not the other way round.
In our model, then, you wouldn't be sending around JSDL docs, but job docs
that have a larger scope than JSDL. A job doc would encompass a JSDL doc
instance and carry security information, such as user credentials, as well
as scheduling, policy, and Agreement information, etc. about that job. See
Figure 2 in the JSDL spec (which for some reason doesn't show any security
context! We'll need to fix that.)
I hope my point is clear.
Many thanks again for your feedback. Please continue on this line until we
have ironed out the wrinkles.
Cheers and take care,
Ali
On Thu, 7 Apr 2005, Yuri Demchenko wrote:
Michel Drescher wrote:
On Apr 07, Yuri Demchenko loaded a tape reading:
In some respect the CNL process flow requires that the
JobDescription
carries some kind of delegation from the user, e.g. User want that
Grid processing environment maintains the trust/delegation path.
Any information that directly relates to authentication or
authorisation
of the information stored in a JSDL instance document (yes, I promised
to be clearer in my language...) should be handled in the embracing
instance document (or by other means).
I persistently want to draw your attention to the specific use case when
users/customers require that all jobs submitted on behalf of them
carry unbroken path of credentials/trust.
This is a requirement to the Resource's processing environment to have
this functionality and this can be achieved by including SubjectID and
SubjConfData/Creds information.
You may decide not to include this elements but then you probably need
to explain this in the Security considerations section.
If you move your JSDL doc from one su-exec/admin domain/host to
another, you definitely need to worry about this kind of potential
vulnerability.
This is also outcome from ongoing EGEE operational security model
development.
Regards,
Yuri
--
---------------------------------------------------- |epcc| -
Ali Anjomshoaa
EPCC, University of Edinburgh
James Clerk Maxwell Building
Mayfield Road E-mail: ali@epcc.ed.ac.uk
Edinburgh EH9 3JZ Phone: + 44 (0) 131 651 3388
United Kingdom Fax: + 44 (0) 131 650 6555
-------------------------------------------------------------