Grid Security Infrastructure
Encyclopedia
The Grid Security Infrastructure (GSI), formerly called the Globus
Security Infrastructure, is a specification for secret, tamper-proof, delegatable communication between software in a grid computing
environment. Secure, authenticatable communication is enabled using asymmetric encryption.
Globus Toolkit
The Globus Toolkit, currently at version 5, is an open source toolkit for building computing grids developed and provided by the Globus Alliance.-Standards implementation:The Globus Toolkit is an implementation of the following standards:...
Security Infrastructure, is a specification for secret, tamper-proof, delegatable communication between software in a grid computing
Grid computing
Grid computing is a term referring to the combination of computer resources from multiple administrative domains to reach a common goal. The grid can be thought of as a distributed system with non-interactive workloads that involve a large number of files...
environment. Secure, authenticatable communication is enabled using asymmetric encryption.
Authentication
Authentication is performed using digital signature technology (see digital signatures for an explanation of how this works); secure authentication allows resources to lock data to only those who should have access to it.Delegation
Authentication introduces a problem: often a service will have to retrieve data from a resource independent of the user; in order to do this, it must be supplied with the appropriate privileges. GSI allows for the creation of delegated privileges: a new key is created, marked as a delegated and signed by the user; it is then possible for a service to act on behalf of the user to fetch data from the resource.Security Mechanisms
Communications may be secured using a combination of methods:- Transport Layer Security (TLS)Transport Layer SecurityTransport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
can be used to protect the communication channel from eavesdroppingEavesdroppingEavesdropping is the act of secretly listening to the private conversation of others without their consent, as defined by Black's Law Dictionary...
or man-in-the-middle attackMan-in-the-middle attackIn cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
s. - Message-Level SecurityWS-SecurityWS-Security is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS....
can be used (although currently it is much slower than TLS).