Changes between Version 10 and Version 11 of SecurityArchitecture
- Timestamp:
- 05/29/12 17:24:36 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
SecurityArchitecture
v10 v11 1 1 = Security Overview = 2 2 * The !QosCosGrid stack relies on X.509 Public Key Infrastructure (proxy certificates) which is de facto standard authentication mechanism in grid environments. 3 * All c rucial communication is secured using HTTPG/HTTPS protocols.3 * All communication is secured using HTTPG/HTTPS protocols. 4 4 * Only one service (QCG-Computing) must be started with root privileges. However it adheres privilege separation model (similar to OpenSSH), thus actually only a very small amount of code is running with root privileges. Moreover most of the operations that may have external effect (job submission, stage-in/stage-out operations) are performed as target local user so even breaking the service would not give attacker any more privileges that he already has. 5 5 * Any authorization decision is based on provided credentials, not the trust relationship between components.
