Changes between Version 26 and Version 27 of T12_Security

21/01/08 09:30:38 (13 years ago)



  • T12_Security

    v26 v27  
    33NDG Security is the security system for the NERC Data Grid. NDG Security has been developed to provide users with seamless access to secured resources across NDG participating organisations whilst at the same time providing an underlying system which is easy to deploy around organisation's pre-existing systems. NDG Security is designed around a Role Based Access Control mechanism. Cross organisational access to resources is enabled through bilateral trust agreements between participating organisations expressed through a system for single sign and role mapping. 
     5The combination of seamless access to secured resources across organisational boundaries and the integration of pre-existing site security infrastructures provides a significant challenge considering for example site user databases of thousands of individuals who could not be asked to re-register using a new system, and pre-existing services that need to be modified to take advantage of the new security tooling. 
     7=== History === 
     8NDG Security has been developed over two projects NDG1 and NDG2 and sister projec DEWS.  At its inception no security system existed to satisfy the above requirements.  However, it has been developed in such a way that it should be able to evolve towards the use of community standards as they become more prevalent and best practice becomes clearer. This provides the focus for the OMII-UK follow-on project. 
     10=== Technologies === 
     11NDG Security employs a web services based architecture enabling different combinations of components to be deployed according to a participating site's needs and requirements. Access control decisions are handled by Gatekeepers and mediated by Attribute Authorities. X.509 certificates are used to assert identity, and bespoke XML tokens to handle authorization. Session Manager and MyProxy services can be used for management of credentials. NDG Security supports web based and application client interfaces. The system is developed in the Python programming language. 
     13=== About these Pages === 
    514These page reflects issues and discussions associated with the [wiki:TI12_Security/OMII-UK OMII-UK], [ NDG] and [ DEWS] projects.