Résumé
Vers un Web "lu-écrit"
En inventant le World Wide Web il y a 15 ans, Tim Berners-Lee avait non seulement l'intention de permettre aux utilisateurs de lire les pages des sites, mais également de pouvoir y é crire. Mais si les sites Web sont ouverts aux contributions de tous, ils sont souvent vandalisés ou pollués. La sécurité est par conséquent devenue une préoccupation centrale pour le développement d'un Web réellement "lu-écrit". Des solutions commencent à émerger des projets à grande échelle de Grille de calcul pour la physique des hautes énergies. Ces projets font en effet face à des difficultés similaires en donnant à des milliers d'utilisateurs l'accès à des centaines d'installations informatiques.
When Tim Berners-Lee invented the World Wide Web 15 years ago at CERN, he always intended that it should be easy for people to write to it, not just read from it. But if websites are opened up to additions from everyone, they often get vandalized or "spammed". As well as direct disruption, this can lead to bad publicity, as shown by recent mainstream press coverage of a hoax story about US politician John Seigenthaler in the collaborative encyclopaedia Wikipedia. These problems have put security centre-stage in the development of a true read-write Web. Fortunately, solutions are emerging from large high-energy physics Grid projects.
"Wikis" like Wikipedia are websites where users can add, edit and cross-reference content without learning mark-up languages like HTML. Along with diary-like weblogs and the reader comments they often allow, wikis are a major part of the current trend away from a pure publishing model ("the Web as an electronic book") to a more collaborative model in which users also produce content.
High-profile wikis have been plagued with problems of trust and identity. Although some wikis require a username and password, people running the sites still have no idea who their contributors really are, and the better known wikis have to be constantly on the look-out for offensive or simply irrelevant additions.
Stronger methods of authenticating users are needed, so that they can be held accountable for the additions they make by their peers, the website owners or the authorities, and so that sensitive sections can have restricted access. However, if each website continued to maintain a database of usernames and passwords, then each site would have to bear greater administrative costs compared with giving accounts freely to everyone.
Furthermore, the existing username and password systems also put an increasing burden on the users, who have to maintain more and more accounts. When account details change, such as the user's preferred e-mail address for password reminders, the user is forced to spend time updating this information on all the sites they can remember - or risk losing access when their old e-mail address is no longer active. Users are therefore tempted to use the same passwords at multiple sites, and to store passwords in their Web browser, where they can readily be stolen by computer viruses and Trojans. What is really needed are ways of reusing the same authentication procedure for multiple websites.
Large Grid projects, such as the LHC Computing Grid (LCG) led by CERN, have faced a similar problem: how to give thousands of users access to hundreds of computing facilities while ensuring proper control and logging, without users having to arrange access at each site one by one.
The LCG, the Enabling Grids for E-sciencE (EGEE) and the Open Science Grid (OSG) projects, which have been prominent in high-energy physics, have all settled on using X.509 digital certificates for user and service authentication. X.509 specifies how to store and distribute public and private cryptographic key pairs (which take the form of large numbers), and how to associate them with unique names for users and services. X.509 was originally a standard of the International Telecommunication Union, although a third revision has now been defined by the Internet Engineering Task Force.
Using X.509, users can establish their identity by proving they have the private key associated with it. Since X.509 is based on asymmetric cryptography, it is possible to prove possession by revealing only the public key. In turn, the public key is "signed" by a trusted third-party organization or "Certification Authority", and this digital signature states that it is indeed the public key of the user in question. Grid services accepting X.509-based authentication need to establish trust for only a small number of certification authorities, even though they serve thousands of users.
To simplify the process whereby users and service-owners decide to trust a certification authority, consortia of certification authorities have signed agreements and established criteria that users must meet to receive a signed public key. During the EU DataGrid project (the predecessor of EGEE), a group of European certification authorities formed the EU Grid Policy Management Authority (EUGridPMA) to coordinate their efforts, and published details of approved certification authorities. This year the International Grid Trust Federation has been formed by the EUGridPMA and equivalent PMAs in Asia and the Americas. Preparation for LHC Grid computing has been a major driving force in this area, and is having wider benefits for worldwide Grid interoperability.
The Grid software using X.509 keys to authenticate users is largely adapted from World Wide Web e-commerce systems, implementing HTTPS (HTTP transported over an encrypted channel). X.509 signed keys given to users of the Grid can thus also be used with standard Web servers and Web browsers.
The GridPP project in the UK decided to base authentication for its collaboration website on X.509 Grid credentials, to exploit this crossover. GridPP members at the University of Manchester developed the GridSite security system, a software toolkit and set of extensions to the Apache Web server. As well as support for X.509, GridSite accepts "Distinguished Name" and "Virtual Organization" credentials. Together, these components allowed GridPP members to gain write access to their group's section of the GridPP website, to maintain Web pages or upload documents. However, users have had to write in HTML, providing only the security side of the convenient read-write Web that is beginning to emerge.
To bridge this gap, GridPP has merged GridSite and Wiki technology to give the convenience of a wiki coupled with the security of X.509 credentials. Since the hard work of establishing a user's identity is done once by the certification authority or local contacts, users can install their X.509 signed key in the Web browser then move between GridSite- or Wiki-enabled websites without having to present (and maintain) their username and password again and again.
Although this does not solve the problem faced by public wikis - where users in repressive states or expressing unwelcome professional opinions may have legitimate privacy concerns - it does work well in an academic environment where an article's provenance and author names are already the accepted currency.
• For more information see www.gridsite.org.