Tom Scavo announces some great news:
Today, it is with great pleasure that the GridShib Project announces the immediate release of GridShib for Globus Toolkit v0.6.0. This release culminates a 20-month effort to bring SAML-based attribute push to X.509-based Grids.
GridShib for Globus Toolkit (GT) is an implementation of a Grid Service Provider, an entity much like a SAML Service Provider but for Grids. A Grid Service Provider consumes X.509-bound SAML tokens, a new type of security token that enables attributed-based authorization in X.509-based Grids.
Most everything you need to know about GridShib for GT is on this web page:
http://gridshib.globus.org/docs/gridshib-gt-0.6.0/readme.html
On this readme page, you will find more detailed information about the GridShib for GT software as well as links to downloads and documentation.
A major advance in this version of GridShib for GT is support for the TeraGrid Science Gateway use case where an intermediary makes a grid request on behalf of a browser user. The Gateway binds a SAML token to an X.509 proxy certificate and makes a request to a gridshib-enabled web service. On the service side, GridShib for GT consumes the SAML token and makes an access control decision based on the security information in the token.
As a SAML-consuming software component, GridShib for GT complements the previously released GridShib SAML Tools and GridShib Certification Authority (CA), which are SAML-producing software components. These three components together enable attribute-based authorization in X.509-based Grids. See the Quick Start for step-by-step instructions that show how to use GridShib for GT v0.6, GridShib SAML Tools v0.3, and GridShib CA v0.5.1 together on Windows and UNIX systems:
http://gridshib.globus.org/docs/gridshib/quick-start.html
For links to all GridShib software downloads and additional documentation, visit the GridShib Downloads page:
http://gridshib.globus.org/download.html
Funding for GridShib software has been provided by the NSF NMI program and the NSF TeraGrid program.
Tom Scavo
For the entire GridShib Team
Very interesting.
Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems
Part of the abstract:
we introduce a virtual-machine-based system called Overshadow that protects the privacy and integrity of application data, even in the event of a total OS compromise. Overshadow presents an application with a normal view of its resources, but the OS with an encrypted view. This allows the operating system to carry out the complex task of managing an application’s resources, without allowing it to read or modify them
We are pleased to announce GridShib SAML Tools v0.3.0, the final release in the v0.3.0 development cycle:
http://gridshib.globus.org/docs/gridshib-saml-tools-0.3.0/readme.html
http://gridshib.globus.org/download.html#saml-tools
The GridShib SAML Tools are a suite of standalone client tools that issue SAML assertions and optionally bind these assertions to X.509 proxy certificates. To try out the software before downloading, visit our online demo:
https://computer.ncsa.uiuc.edu/gst-demo/
The GridShib SAML Tools require only Java 1.4 (or later) and Ant 1.6 (or later). Proxy certificates issued by the SAML Tools are compatible with GridShib for Globus Toolkit v0.6.0 Alpha (or later).
There have been significant changes in this version of the GridShib SAML Tools since the previous release:
http://gridshib.globus.org/docs/gridshib-saml-tools-0.3.0/CHANGES.txt
Important new features of GridShib SAML Tools v0.3.0 include:
- enhanced command-line interface
- new command-line options for the SAML Assertion Issuer Tool, including the option to output a DER-encoded ASN.1 structure
- new X.509 Binding Tool, to bind arbitrary content to a non-critical extension of an X.509 proxy certificate
- new SAML Security Info Tool, for examining the contents of X.509-bound SAML tokens
- expanded Java API, for producing and consuming SAML assertions and X.509 proxy certificates
- support for the TeraGrid Science Gateway Use Case
This development cycle was largely driven by the TeraGrid Science Gateway Use Case:
http://gridshib.globus.org/docs/gridshib-saml-tools-0.3.0/teragrid/readme.html
Science Gateways use the SAML Tools to enable auditing, incident response, and access control in Globus-based grids.
To learn more about this and other use cases, visit the “About GridShib” page:
http://gridshib.globus.org/about.html
While the GridShib SAML Tools produce X.509-bound SAML tokens, the complementary software component GridShib for Globus Toolkit consumes them. The latter is scheduled for release later this month or early next. See the roadmap on the GridShib home page for the latest updates.
Tom Scavo
For the GridShib Team
This Better Know a VM entry, Virtual Cluster Appliances, gives an overview of VM contextualization technology which is scheduled to be part of the next workspace service release. This is not just relevant to classic grid computing, but any situation where you’d like to automatically launch many virtual machines that work together and want them to securely organize themselves and adapt to the deployment environment. It can even be used for one VM, we’ll look at such cases later.
See http://gridshib.globus.org/ for news updates, several new items were just added.
Announce [2007-11-11]
Tom Scavo gives a presentation of a paper entitled A Grid Authorization Model for Science Gateways at the GCE07 Workshop at SC07.
Announce [2007-11-01]
The OASIS membership approves the Metadata Profile for the OASIS Security Assertion Markup Language (SAML) V1.x and the Metadata Extension for SAML V2.0 and V1.x Query Requesters as OASIS Standards. (GridShib implements both of these Standards.)
Announce [2007-10-31]
The OGSA Attribute Exchange Profile Version 1.0 is submitted to the OGF Authz-WG.
Announce [2007-10-12]
A paper by Tom Scavo and Von Welch entitled A Grid Authorization Model for Science Gateways has been accepted by the Grid Computing Environments (GCE) Workshop at SC07.
Announce [2007-10-01]
The GridShib SAML Tools have been integrated into the MAEViz portal.
Announce [2007-09-14]
The GridShib SAML Tools have been integrated into SimpleCred, a component of the SimpleGrid portal framework.
The GridShib Project is pleased to announce the release of GridShib SAML Tools v0.2.0, which is available now from the GridShib Downloads page:
http://gridshib.globus.org/download.html#saml-tools
The GridShib SAML Tools, an easy-to-install, standalone software package requiring only java and ant, let you issue or request SAML assertions and optionally bind these assertions to X.509 proxy certificates. You can try an online demo of the GridShib SAML Tools before downloading:
https://computer.ncsa.uiuc.edu/gst-demo/
Version 0.2.0 of the GridShib SAML Tools includes the following new features:
- New command-line options and configuration parameters (IdP.entityID, authnInstant, dateTime.pattern)
- Support for multi-valued attributes
- Introducing the GridShib Security Framework
- Support for RFC3820-compliant proxy certificates
- Updated Globus SAML Library (source code included)
- Java API (gridshib-common-0_2_0.jar) for developers
See the CHANGES file for a complete list of enhancements and bug fixes:
http://viewcvs.globus.org/viewcvs.cgi/gridshib/saml/tool/java/doc/CHANGES.txt?revision=1.5&view=markup
For developers, there is a Java API (with javadoc documentation) and sample code illustrating the use of the Security Framework. GridShib SAML Tools supports both the production and the consumption of X.509-bound SAML assertions.
GridShib SAML Tools v0.2.0 is compatible with the forthcoming GridShib for GT v0.6.0.
Tom Scavo
for the GridShib Team
Tom Scavo writes:
The GridShib Project is pleased to announce the immediate release of GridShib SAML Tools v0.2.0 Technology Preview 2, the first release of the GridShib SAML Tools specifically for developers.
http://gridshib.globus.org/downloads/gridshib-saml-tools-0_2_0-tp2-src.tar.gz
http://gridshib.globus.org/downloads/gridshib-saml-tools-0_2_0-tp2-src.zip
http://gridshib.globus.org/docs/gridshib-saml-tools-0.2.0-tp2/readme.html
http://gridshib.globus.org/docs/gridshib-saml-tools-0.2.0-tp2/install.html
http://viewcvs.globus.org/viewcvs.cgi/gridshib/saml/tool/java/doc/CHANGES.txt?revision=1.4&view=markup
Technology Preview 2 includes the following new features:
- Support for multi-valued attributes
- Complete source code distribution, including the Globus SAML Library
- New GridShib Common Java API (gridshib-common-0_2_0.jar) includes:
- the GridShib Security Framework, a standalone implementation of the X.509 Binding for SAML Assertions
- the Loadable interface and its implementations
- the EntityMap interface and its implementations
- the GridShib Entity Mapper, a container for EntityMap implementations
- Extensive javadoc documentation
- New top-level build file for developers (available from CVS only)
This is the last TP-level release of v0.2.0. We anticipate the final version of GridShib SAML Tools v0.2.0 will be released Aug 24, 2007.
