- The Globus security model is that only systems in the same VO can
run applications together. The applications themselves make the
rules, otherwise - Globus "simply" determines what service can talk
with what other service, and keeps track of running services, their
allocated resources, and other fundamentals.
- Procedurally, a VO is defined by a shared authentication system,
typically based on x509 certificates (though other authentication
methods can be used). Setting up a VO involves using a certificate
server to authorize & distribute credentials to the VO members.
- Note that grid security is essentially at the service level.
System-level security is separate (firewalls, etc.), as is
within-application security (such as file access permissions or levels
of application control).
- As grid standards mature, models for security-related
services are emerging. For example, a grid filesystem might
apply file permissions, but across a VO rather than simply
for the local system. Or, logging subsystems might log for
an entire VO, rather than for each system independently.
|