19-02-2011, 03:32 PM
[attachment=8850]
Grid Computing
Terminology
Authentication:
– Establishing who you are
Authorization:
– Establishing what you are allowed to do
Assurance/accreditation
– Validating authority of a service provider
Accounting and auditing
– Tracking, limiting and charging for resources
Messages
– Message integrity
– Message confidentiality
Non-repudiation
– Proof that you got the message
Digital signature
– Assurance about the message
Certificate authority
– A body which issues and manages security credentials
Delegation
– Authority to act as someone else
TLS/SSL
TLS: Transport Layer Security Protocol is the successor to SSL: Secure Socket Layer.
Secured Sockets Layer is a protocol that transmits your communications over the Internet in an encrypted form. SSL ensures that the information is sent, unchanged, only to the server you intended to send it to.
Lies above TCP/IP layer and below HTTP layer.
Developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that's transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:.
http://wp.netscapeeng/ssl3/
http://ietfhtml.charters/tls-charter.html
Requires a direct transport layer between endpoints
Public Key Encryption
Entity generates two keys, one is designated as the public key, one is the private key.
The private key must be kept private!
Public key is given out (eg in an X.509 certificate)
If one key is used to encrypt a message, the other key must be used to decrypt it.
Possession of private key (and ability to encrypt/decrypt challenge messages) proves ownership.
Encryption method is public knowledge so does not provide data integrity or authentication of data origin
Slower than other methods (not so good for bulk transfer or lots of small items)
Based on belief that it is not possible to determine the decryption mechanism from the encryption mechanism.
More secure than username/password (requires passphrase and possession of private key.
Security relies on identify establishment.