Chapter 16 - GSI: Grid Security Infrastructure

Abstract

This chapter introduces the Grid Security Infrastructure (GSI), the basis for GT4's Security layer. A working knowledge of fundamental security concepts is assumed in this chapter. This chapter requires a basic knowledge of public-key cryptography, certificates, and certificate authorities work, to be able to understand clearly. The Globus Toolkit 4 allows one to overcome the security challenges posed by grid applications through the GSI. GSI is a family of components that include command-line tools to manage certificates, Java classes to easily integrate security into web services, and higher-level services. GSI allows one to enable security at two levels: the transport level or the message level. GSI supports three authentication methods: X.509 certificates, username and password, and anonymous authentication. In general, in terms of authentication, communications can fall into three categories: Mutually authenticated, server-side only authentication, and completely unauthenticated. Although authorization is not one of the “fundamental pillars” of a secure conversation, it is nonetheless an important part of GSI. Authorization refers to who is authorized to perform a certain task. Credential delegation and single sign-on are one of the most interesting features of GSI, and are possible thanks to something called proxy certificates. Many of the features described in this chapter can be specified at three levels: container, service, and resource level.