Trust and Security for Next Generation Grids, www.gridtrust.eu Trust and Security for Next Generation Grids, www.gridtrust.eu Fine-grained Continuous Usage Control of Service based Grids – The GridTrust Approach Philippe Massonet CETIC ServiceWave Madrid, 10-13/12/2008
25
Embed
Trust and Security for Next Generation Grids, Fine-grained Continuous Usage Control of Service based Grids – The GridTrust Approach Philippe.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Trust and Security for Next Generation Grids, www.gridtrust.euTrust and Security for Next Generation Grids, www.gridtrust.eu
Fine-grained Continuous Usage Control of Service based Grids –
The GridTrust ApproachPhilippe Massonet
CETIC
ServiceWave
Madrid, 10-13/12/2008
Trust and Security for Next Generation Grids, www.gridtrust.euTrust and Security for Next Generation Grids, www.gridtrust.eu
GridTrust Framework Objectives
• General Objective: definition and management of security and trust in dynamic virtual organisations
• Integrate access control with resource/service scheduling
• Both resource owners and VO define their resource access and usage policiesThe resource broker schedules a user
request only within the set of resources whose policies match the user credentials (and vice-versa)
• Scalability and efficiency• It will be integrated into the Globus
middleware
GRID Service
Middleware Layer
GRID Foundation Middleware
Layer
WP3/WP4
Trust and Security for Next Generation Grids, www.gridtrust.euTrust and Security for Next Generation Grids, www.gridtrust.eu
Trust and Reputation ServiceTrust and Reputation Service
• Collect, distribute and aggregate feedbacks about entities' behaviour in a particular context in order to produce a rating about the entities Entities could be either users, resources/
services, service providers or VOs
• The reputation service is based on ideas of utility computing
• Can be used in both centralised and distributed settings
• The reputation service will be also integrated into the Globus middleware
GRID Service
Middleware Layer
WP2/WP4
Trust and Security for Next Generation Grids, www.gridtrust.euTrust and Security for Next Generation Grids, www.gridtrust.eu
VBE: Virtual Breeding VBE: Virtual Breeding Environment ServiceEnvironment Service
• It manages the Virtual Breeding Environment composed of users and service providers (user, service provider registration, certificate management, etc.)
Trust and Security for Next Generation Grids, www.gridtrust.euTrust and Security for Next Generation Grids, www.gridtrust.eu
PPM: Profile and Policy PPM: Profile and Policy Management ServiceManagement Service
• The policy and profile management service is a database service that keeps information about security policies of all the entities of the system.
• Support several types of query– Service ID, Type, Name, attribute (OS,
Memory, CPU type, Library, Certificate)
Trust and Security for Next Generation Grids, www.gridtrust.euTrust and Security for Next Generation Grids, www.gridtrust.eu
VO LibraryVO Library• To be used by the VO Manager to use and
interface with GridTrust services
• Offers a full set of functionalities to manage VO life cycle (Creation, Termination,…)
• Manage access at communication and authentication level from applications to GridTrust Services.
• Hides complexity of certificates management between users and GridTrust CA
Trust and Security for Next Generation Grids, www.gridtrust.euTrust and Security for Next Generation Grids, www.gridtrust.eu
Trust and Security for Next Generation Grids, www.gridtrust.euTrust and Security for Next Generation Grids, www.gridtrust.eu
Fine Grained Continous Usage Control
Shared resource
s
Hosting Environme
ntService Program
…
OpenFile()…
ReadFile()…
OpenFile()
…CloseFile()
…
Res.
Service Provider
(SP)
Service Instance
Monitor
Start Opened
ReadingClosed
Policy EnforcementPoint
Violation
Local Policy
Trust and Security for Next Generation Grids, www.gridtrust.euTrust and Security for Next Generation Grids, www.gridtrust.eu
Supply Chain Case Study: Business Context
Transporters• Small transporters, to avoid being crushed between raising
oil prices and competitive pressure– must increase the optimization level of their business
• The Transporters' Association proposes to its members a common Grid system that can optimize the routes of their whole vehicles' fleets
• Daily optimization is already a big leap forward for most transporters, but a Grid allows more than that:– to re-optimize the allocation of tasks every time that a
quotation for a new one has to be produced, thus calculating the lowest possible price for each offer
Trust and Security for Next Generation Grids, www.gridtrust.euTrust and Security for Next Generation Grids, www.gridtrust.eu
Supply Chain Demo
Trust and Security for Next Generation Grids, www.gridtrust.euTrust and Security for Next Generation Grids, www.gridtrust.eu