1

caGrid 2.0 Security Prototype

2

Goals

• Prototype some proposed security solutions– Ensure interoperability across programming

models– Ensure interoperability across platforms, Java

and .NET– Assess tools available for use and development

efforts for production system

3

Deliverable 1

• Security Token Service• Exchange Username/Password for X.509

Certificate and SAML Holder of Key Assertion• Provide interfaces to support SOAP and RESTful

models• Deploy test service for interoperability testing• Document architecture and implementation• Due date: Feb 18 2011

4

Deliverable 2

• Sample Secure Service• Validate authentication using agreed token

formats• X.509 Certificate and SAML Holder of Key Assertion

• Provide interfaces to support SOAP and RESTful models

• Deploy test service for interoperability testing• Due date: Feb 28 2011

5

Interoperability Testing

• Goal:– Ensure tokens can be consumed across platforms– Planned platforms: .NET and Java platforms

• MD Anderson? and UVA (Marty Humphrey)– Will setup the .NET services– Test token usage and securing services

• Start Date: Feb 18 2011

6

Deliverable 3

• Pluggable Authorization– Augment secure service with authorization– Ability to process XACML policy– Programming interface agnostic– Due date: April 27 2011

7

Deliverable 4

• Web Single Sign On– Leverage effort by ESP team– Develop specific use cases• Engagement with caCIS

– Delegation of credential via Web Single Sign On– Due date: April 27 2011