(r5) SecurityHome < IVOA

IVOA Web>IvoaGridAndWebServices>SecurityHome (revision 5) (raw view)~~EditAttach~~

<H1><nop>IVOA Grid & Web Services: Security</H1>

__Contents__
%TOC%

---
---++ Overview
Though our data may have zero commercial value (according to Jim Gray), we are still concerned about who can access them and ensuring that they and the services that we provide are not exploited for nefarious purposes. However, users don't care about protocols and standards - they care about better experience with enhanced privacy and security. We require simple to use, robust, and scalable solutions to the issues of authentication (who am I), authorization (what can I do) and delegation (how do I allow someone else to do something on my behalf) that work with all kinds of services and applications that the VO offers.

---++ Single-Sign-On (SSO) 
Single sign-on authentication means that you login once to a VO site or service and can then access any other VO site or service without repeating the authentication process.  Conventional wisdom is that this should be done with digital signatures, but the standards for these signatures allow many different approaches. A [[http://www.ivoa.net/Documents/latest/SSOAuthMech.html][specification for the authentication mechanisms]] that the VO should use is now an IVOA Recommendation. 

---+++ Specification
The next aspects of the security infrastructure to consider are the delegation mechanism and community services and trust model:

   * [[http://www.ivoa.net/Documents/cover/CredentialDelegation-20080715.html][Credential Delegation Protocol v1.0]]
   * [[http://www.ivoa.net/internal/IVOA/IvoaGridAndWebServices/trust-model-v0.1.html][Draft of specification for trust model and community operations]].

---+++ Discussion

   * [[SecurityDiscussion][Discussion page for the specifications]]

---+++ History

   * Original SingleSignOnProposal
   * [[http://www.ivoa.net/Documents/latest/SSOintro.html][IVOA note introducing the profiles]].
   * [[http://www.ivoa.net/internal/IVOA/IvoaGridAndWebServices/ivoa-auth-mech-0.2.doc][V0.2 draft of authentication-mechanism standard]]
   * [[http://www.ivoa.net/internal/IVOA/IvoaGridAndWebServices/ivoa-auth-mech-0.3.doc][V0.3 draft of authentication-mechanism standard]]
   * [[http://www.ivoa.net/Documents/PR/GWS/SSOAuthMech-PR-1.01-20070906.doc][PR version of authentication-mechanism standard]]
   * [[http://www.ivoa.net/internal/IVOA/IvoaGridAndWebServices/ivoa-delegation-0.1.pdf][Delegation protocol v0.1]]

---+++ Related material 

   * [[http://www.ivoa.net/internal/IVOA/IvoaGridAndWebServices/shibboleth-review-v0.1.html][Review of the Shibboleth system]].
   * [[http://www.ivoa.net/internal/IVOA/IvoaGridAndWebServices/security-architecture-v0.1.html][Proposed security architecture]]
   * [[SecurityRegistryMetadata][Registry metadata relating to security: initial proposal]]

---++ Access control 
The ability to control who has access to resources and what operations  are permitted is a common task across the IVOA.

---+++ Specification

   * [[http://www.ivoa.net/internal/IVOA/IvoaGridAndWebServices/AccessControlInterface.pdf][Access Control Interface v0.1]]

<br/>
<!--
      * Set ALLOWTOPICRENAME = %MAINWEB%.TWikiAdminGroup
-->

Topic revision: r5 - 2008-07-17 - MatthewGraham

IVOA

Log in or Register

IVOA.net
Wiki Home
WebChanges
WebTopicList
WebStatistics

Twiki Meta & Help
IVOA
Know
Main
Sandbox
TWiki

TWiki intro
TWiki tutorial
User registration
Notify me

Working Groups

Interest Groups

Time Domain

Committees

Stds&Procs

www.ivoa.net
Documents
Events
Members
XML Schema