If you're familiar with Grid Computing (which you should be, if you've come this far in the tutorial! :-) you probably know that security is one of the most important parts of a grid application. Since a grid implies crossing organizational boundaries, resources are going to be accessed by a lot of different organizations. This poses a lot of challenges:
We have to make sure that only certain organizations can access our resources, and that we're 100% sure that those organizations are really who they claim to be. In other words, we have to make sure that everyone in my grid application is properly authenticated.
We're going to bump into some pretty interesting scenarios. For example, suppose organization A asks B to perform a certain task. B, on the other hand, realizes that the task should be delegated to organization C. However, let's suppose C only trusts A (and not B). Should C turn down the request because it comes from B, or accept it since the 'original' requestor is A?
Depending on my application, I may also be interested in assuring data integrity and privacy, although in a grid application this is generally not as important as authentication.
The Globus Toolkit 3 allows us to overcome the security challenges posed by grid applications through the Grid Security Infrastructure (or GSI), which offers programmers the following three features:
Complete public-key system
Mutual authentication through digital certificates
Credential delegation and single sign-on
GSI is composed of a set of command-line tools to manage certificates, and a set of Java classes to easily integrate security into our grid services. It is based on standard technologies, such as TLS (formerly SSL) and secure Web Services specifications (XML-Signature, XML-Encryption, etc.)
Let's take a closer look at the three main features of GSI:
The GSI is based on public-key cryptography, and therefore can be configured to guarantee privacy, integrity, and authentication (strong authentication is provided in conjunction with certificates, as will be explained next). However, not all communications need to have those three features all at once. In general, a GSI secure conversation must at least be authenticated. Integrity is usually desirable, but can be disabled. Encryption can also be activated to ensure privacy
As soon as we start programming secure grid services, we'll see how using these features is as easy as adding a few lines in the client indicating that (for example) we want to use integrity, but not encryption during the communication.
The GSI uses X.509 certificates (as seen in the previous chapter) to guarantee a strong authentication. Mutual authentication simply means that in GSI, both parts of a secure conversation must be authenticated. In other words, when A wants to communicate with B, A must trust B and B must trust A. Remember that 'trust' (in this context) means that A must have the certificate of the CA that signed B's certificate, and vice versa. Otherwise, A won't trust B (and vice versa).
One of the first practical things we will do in the tutorial (in the next section, "Setting up GSI") is to setup a very simple CA, and get a digital certificate for ourselves.