NGI Proposal: Secure Web Access for Need to Know Applications Barry C. Howard Lawrence Livermore National Laboratory L-61 7000 East Avenue Livermore, CA 94550 E: bhoward@llnl.gov P: 510.422.4030 F: 510.423.8719 NGI Proposal: Secure Web Access for Need to Know Applications Barry C. Howard Lawrence Livermore National Laboratory L-61 7000 East Avenue Livermore, CA 94550 E: bhoward@llnl.gov P: 510.422.4030 F: 510.423.8719 ABSTRACT The World Wide Web has become the standard mechanism for sharing freely accessible information across the Internet. The Web has also be selected by the Nuclear Weapons Complex as the user interface of choice for sharing classified documents. This proposal describes how we intend to research and test the use of authorization engines to satisfy the Need to Know requirements for securely sharing sensitive information via the Web. DESCRIPTION OF PROPOSED WORK Problem Statement The World Wide Web (WWW or Web) may well be the most successful distributed application in the history of computing. The Web is growing and evolving rapidly but currently available Web servers and browsers lack certain key features which are required by the Nuclear Weapons Complex (NWC). Capabilities such as authentication, fine grained authorization, privacy, and scalability must be incorporated before the Web can be used successfully by the NWC community and their collaborators to do their daily work. The Need to Know (NTK) forum spans several DOE/DP programs, including ASCI, ADaPT, Enhanced Surveillance and core DP. The forum members have produced documents describing their requirements for secure exchange of sensitive information and have proposed an architecture for meeting those requirements. At this time, the forum is considering technologies for implementing the NTK architecture and are seeking pilot projects with which to evaluate candidate technologies. The Open Software Foundation (OSF) Distributed Computing Environment (DCE) provides a ready- made set of distributed computing services that can be applied out of the box to extend the capabilities of the Web for collaborative environments. By using the existing capabilities of the DCE infrastructure now being installed at many NWC sites, secure and scaleable Web-specific services can be deployed and evaluated without an extensive from the ground up development effort. DCE aware Web client and server software is currently available from multiple vendors. We propose to split the proposed work among multiple laboratories to: (1) take advantage of the expertise localized at different labs, (2) maximize leverage of on-going projects within the labs, (3) demonstrate full-scale use of the system, and (4) use the SecureNet infrastructure for deployment of DCE Web services. Proposed Work We will take full advantage of the opportunity provided by the NTK forum in their search for secure, distributed, Web technologies which fit their architectural requirements. At the heart of NTK architecture is an authorization engine which is the gatekeeper for all the sensitive information currently archived. Besides providing authenticated access to the archives, a key piece of this proposal is to help develop an NTK authorization engine. Specific tasks include: Procure, configure and deploy DCE Web servers. Also install a Security Domain Gateway to enable access to the DCE Web servers via SSL clients. Download DCE Web client software to desktops of selected members of the NTK forum and evaluate fine-grain access control mechanism for protecting information. Evaluate vendor supplied user tools for management of Web data and the associated access control lists. Participate with the OSF Research Institute to evolve and evaluate the Adage technology as a possible means of implementing an NTK authorization engine. Adage products of interest include the Group and Role Authority Server, the Trusted Attribute Service and the Authorization Enforcement Engine. The desired benefits are (1) a consistent authorization policy across the NWC which is easy to manage, (2) large numbers of subjects and objects can be grouped together in meaningful ways, and (3) notions of distributed trust can be used across the NWC for authorization decisions. SUMMARY Several DOE/DP projects are underway to explore the means of electronically and securely exchanging sensitive information via the WWW. The NTK forum has provided an architecture for meeting the security requirements of this information sharing. This proposal will build on the DCE security infrastructure already in production at many DP labs to provide secure Web access for the NTK users, and help develop a NTK-compliant authorization engine.