|
Short task description
To assure an appropriate security level of
distributed systems in a Grid-type environment, it is necessary to
implement additional mechanisms in the security layer:
- designation of a dedicated cluster access server in order to enable
users identification, authorization and granting user rights for data
storage, visualization and computation services,
- uniform security management using PKI infrastructure and a central
users database integrated with directory services
- appropriate queuing systems and computational applications
configurations and their integration with dedicated access systems in a
way that allows only the authorized users to run jobs remotely,
- designing, implementation and deployment of tools providing an
appropriate security level, enabling systems monitoring, integrity check
and detecting unauthorized access attempts.
The security architecture in a Grid-type
environment is intended to be parallel to the one designed for the
Globus system
(Globus Grid Security Infrastructure API). It is planned to extract a
special security layer implemented as a set of program libraries, providing
secure identification and authentication in an open network environment
together with encrypted data transmission, an enhanced resource access
control management mechanism and mutual trust relations. Standardized
mechanisms and technologies used in the project (PKI, S/KEY) will enable
integration with traditional solutions present in other distributed
environments, for example Kerberos, DCE, SSH and SSL. Especially the
integration of the security layer with queuing systems used in the
cluster will be strongly emphasized. |
