Changes between Version 7 and Version 8 of SecurityArchitecture

Show
Ignore:
Timestamp:
05/29/12 11:33:15 (12 years ago)
Author:
mmamonski
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • SecurityArchitecture

    v7 v8  
    22* The !QosCosGrid stack relies on X.509 Public Key Infrastructure (proxy certificates) which is de facto standard authentication mechanism in grid environments. 
    33* All crucial communication is secured using HTTPG/HTTPS protocols. 
    4 * Only one service (QCG-Computing) must be started with root privileges. However it adheres privilege separation model (similar to OpenSSH), thus actually only a very small amount of code is running with root privileges. Moreover most of the crucial operations (job submission, stage-in/stage-out operations) are performed as target local user so even breaking the service would not give attacker any more privileges that he already has. 
     4* Only one service (QCG-Computing) must be started with root privileges. However it adheres privilege separation model (similar to OpenSSH), thus actually only a very small amount of code is running with root privileges. Moreover most of the operations that may have external effect (job submission, stage-in/stage-out operations) are performed as target local user so even breaking the service would not give attacker any more privileges that he already has. 
    55* Any authorization decision is based on provided credentials, not the trust relationship between components. 
    66* The !QosCosGrid stack operation model requires static accounts instead of mapping user credential to a one of pool account (which later might be reused by some other user) thus preventing one user from storing malicious content.