iSGTW - International Science Grid This Week
iSGTW - International Science Grid This Week

Home > iSGTW - 12 May 2010 > Feature - The security-accessibility tug-o-war

Feature - The security-accessibility tug-o-war

Rajasthani women take part in tug of war game at Pushkar fair, in India's desert state of Rajasthan.

Image courtesy of Sumith Meher, CC BY-SA 2.0.

In the tug-o-war between security and ease of use, priorities can vary widely. But if there is a sweet spot, Mine Altunay is going to find it.

“We’re trying to understand how we can provide end-to-end infrastructure that is secure enough but easy enough to use,” said Altunay, who is Open Science Grid’s security officer.

Altunay began the process by running a joint OSG-ESnet workshop on identity management last November, where they sought input from users and a small number of resource providers.

“We wanted to touch bases with our user community and we wanted to understand how this process is working for the end user,” Altunay explained.

What they found is that the current process is too complicated and time consuming for end users. In order to sign into OSG, users must acquire a digital certificate, and according to Altunay, that process can take between two and five days. One biology-focused virtual organization, SBGrid, told Altunay that they are losing new users at a high rate each week because registration is an eight step process. Three steps, they told her, would be much more reasonable.

Since then, Altunay has been working with the SBGrid team to shorten the process. They were able to replace an especially cumbersome step with an automated application that does the job for the user invisibly.

“For the end-users, security is not a concern; they’d much rather make it a lot simpler,” Altunay said. But that could be a problem, as users are not the only stakeholders.

A whiteboard records the brainstorming results of a session at the workshop organized by ESnet and OSG.

Click here to download the document in which it appears.

Image courtesy of Mine Altunay, Mike Helm, and Doug Olson.

“OSG is a bridge between the users and the resource providers,” Altunay explained. But, she adds, if the system is not secure enough to meet the resource providers' needs, they have no obligation to provide their resources.

The problem is further complicated by the fact that not all the resource providers require the same level of security. Some may be quite happy with a more lightweight identity mechanism, but not all. Likewise, user security needs can be quite diverse. Some of the virtual organizations need a higher level of security and assurance.

Altunay also points out that lightweight does not always mean less secure. "There are a lot of people who are wary of lightweight systems because they perceive them as less secure," she said.

“We knew that we needed to review things; we can just tell by talking to our users in unofficial conversations,” Altunay said. “Now our response is to work on a solution.”

To that end, Altunay is investigating how OSG could leverage existing technologies and adapt them for the grid. Some of these technologies are from Europe; others are home-grown products. Some may not be designed for use on a grid – these sorts of issues are not, after all, unique to grid computing.

Federated solutions that allow a user to use one credential in several different organizations, all of which are members of the same federation – such as a university ID – are also on the table.

The assessment remains a work in progress. “We don’t have a timeline, we are just experimenting. We are at the stage of developing plans for different infrastructure, different identity management services,” Altunay said. “We’re not ruling out anything yet. We know one size does not fit all, and different users and resources will have different needs. But we are certain that we’re not going to make it more complex.”

—Miriam Boon, iSGTW

 iSGTW 22 December 2010

Feature – Army of Women allies with CaBIG for online longitudinal studies

Special Announcement - iSGTW on Holiday

Video of the Week - Learn about LiDAR


NeHC launches social media

PRACE announces third Tier-0 machine

iRODS 2011 User Group Meeting

Jobs in distributed computing


Enter your email address to subscribe to iSGTW.


 iSGTW Blog Watch

Keep up with the grid’s blogosphere

 Mark your calendar

December 2010

13-18, AGU Fall Meeting

14-16, UCC 2010

17, ICETI 2011 and ICSIT 2011

24, Abstract Submission deadline, EGI User Forum


January 2011

11, HPCS 2011 Submission Deadline

11, SPCloud 2011

22, ALENEX11

30 Jan – 3 Feb, ESCC/Internet2


February 2011

1 - 4, GlobusWorld '11

2, Lift 11

15 - 16, Cloudscape III

More calendar items . . .


FooterINFSOMEuropean CommissionDepartment of EnergyNational¬†Science¬†Foundation RSSHeadlines | Site Map