wiki:T12_Security

NDG Security

Home | Research | Architecture | Documentation | Downloads | Discussion | OMII-UK | ESG and IPCC AR5 | DEWS | Admin Quick Start


These are the old NDG Security pages. To see the latest information go to wiki:Security.

What is NDG Security?

NDG Security is the security system for the NERC Data Grid. NDG Security has been developed to provide users with seamless access to secured resources across NDG participating organisations whilst at the same time providing an underlying system which is easy to deploy around organisation's pre-existing systems. NDG Security is designed around a Role Based Access Control mechanism. Cross organisational access to resources is enabled through bilateral trust agreements between participating organisations expressed through a system for single sign and role mapping.

The combination of seamless access to secured resources across organisational boundaries and the integration of pre-existing site security infrastructures provides a significant challenge considering for example site user databases of thousands of individuals who could not be asked to re-register using a new system, and pre-existing services that need to be modified to take advantage of the new security tooling.

History

NDG Security has been developed over two projects NDG1 and NDG2 and sister project DEWS. At its inception no security system existed to satisfy the above requirements. However, it has been developed in such a way that it should be able to evolve towards the use of community standards as they become more prevalent and best practice becomes clearer. This provides the focus for the follow-on OMII-UK Commissioned Software Project.

Technologies

NDG Security employs a web services based architecture enabling different combinations of components to be deployed according to a participating site's needs and requirements. Access control decisions are handled by Gatekeepers and mediated by Attribute Authorities. X.509 certificates are used to assert identity, and bespoke XML tokens to handle authorization. Session Manager and  MyProxy services can be used for management of credentials. NDG Security supports web based and application client interfaces. The system is developed in the Python programming language.

About these Pages

These page reflects issues and discussions associated with the OMII-UK, NDG and  DEWS projects.