If you're familiar with Grid Computing, you probably know that security is one of the most important parts of a Grid application. Since a grid implies crossing organizational boundaries, resources are going to be accessed by a lot of different organizations. This poses a lot of challenges:
We have to make sure that only certain organizations can access our resources, and that we're 100% sure that those organizations are really who they claim to be. In other words, we have to make sure that everyone in our grid application is properly authenticated.
We're going to bump into some pretty interesting scenarios. For example, suppose organization AliceOrg asks BobOrg to perform a certain task. BobOrg, on the other hand, realizes that the task should be delegated to organization CharlieOrg. However, let's suppose CharlieOrg only trusts AliceOrg (and not BobOrg). Should CharlieOrg turn down the request because it comes from BobOrg, or accept it since the 'original' requestor is AliceOrg?
Depending on our application, we may also be interested in assuring data integrity and privacy, although in a grid application this is generally not as important as authentication.
The Globus Toolkit 4 allows us to overcome the security challenges posed by grid applications through the Grid Security Infrastructure (or GSI). GSI is composed of a set of command-line tools to manage certificates, and a set of Java classes to easily integrate security into our web services. GSI offers programmers the following features, which we will discuss in the next sections:
Transport-level and message-level security
Authentication through X.509 digital certificates
Several authorization schemes
Credential delegation and single sign-on
Different levels of security: container, service, and resource