Presentation is loading. Please wait.

Presentation is loading. Please wait.

EGEE is a project funded by the European Union under contract IST-2003-508833 EGEE Security Åke Edlund Security Head EU IST-FP6 Concertation, 17 th September.

Published byGloria Mason Modified over 8 years ago

Similar presentations

Presentation on theme: "EGEE is a project funded by the European Union under contract IST-2003-508833 EGEE Security Åke Edlund Security Head EU IST-FP6 Concertation, 17 th September."— Presentation transcript:

1 EGEE is a project funded by the European Union under contract IST-2003-508833 EGEE Security Åke Edlund Security Head EU IST-FP6 Concertation, 17 th September 2004 www.eu-egee.org

2 EU IST-FP6 Concertation, 17 th September 2004 - 2 Contents EGEE security plans Identified problems/challenges

3 EU IST-FP6 Concertation, 17 th September 2004 - 3 EGEE security plans (1/2) Security Requirements - Horizontal activity, managed through central groups  Lesson learned: reused and updated requirements from earlier projects  Collecting (continuous process) the requirements from the activities - Middleware, Sites, Applications.  Share the requirements with other grid activities and get feedback, e.g. in the US  Prioritization set in the security groups, with representatives from all involved activities.  Defining what security modules to deliver when. Product - leverage on the biomed requirements  To keep the industry focus we put extra effort, from day one, in supporting biomed applications, being a security demanding application. Middleware - Security is not an add-on, has to be there from start  From start, and ‘all over the place’: All JRA3 members are also part of the Middleware development.  Active in the architecture and design of the middleware Middleware, JRA1 Security, JRA3

4 EU IST-FP6 Concertation, 17 th September 2004 - 4 EGEE security plans (2/2) Security Architecture - Modular, Agnostic, Standard, Interoperable  Modular – add new modules later  Agnostic – modules will evolve  Standard – start with transport-level security but intend to move to WS-Security when it matures  Interoperable - at least for AuthN & AuthZ  Applied to Web-services hosted in containers and applications (Apache Axis & Tomcat) as additional modules Worldwide solution - Involve non-European partners at an early stage  Bob Cowles (SLAC, OSG) and Dane Skow (Fermilab, OSG) members of the MWSG  Establish contact through hands-on activities. Example: EGEE and OSG to define common operational security procedures, by contributing to/working out common documents, mostly by reusing OSG work already in place.

5 EU IST-FP6 Concertation, 17 th September 2004 - 5 Identified problems/challenges IssueCurrent solution Get focus on SecurityActive security work from start, security groups, driving/guiding documents Get involvement from GGF, OSG,..Middleware Security Group (MWSG) Avoid gaps in the security work Security Architect for the MW, Security Head overall responsible Lagging standardization work, e.g. Writing initial recommendations OGSA (Open Grid Services Architecture)for reengineering focusing on ordinary WS now, OGSA later Coordinating operational sec workJoint Security Group (JSG, SA1), guided by JRA3 documents (created together with SA1, OSG)

6 EU IST-FP6 Concertation, 17 th September 2004 - 6 Scope, objectives and status of M5/M6 deliverables: DJRA3.1 - Global security architecture (2/5) ServiceDescriptionTime frame Logging and AuditingEnsures monitoring of system activities, and accountability in case of a security event Now AuthenticationCredential storage ensures proper security of (user-held) credentials Now Proxy certificates enable single sign-on TLS, GSI, WS-Security and possibly other X.509 based transport or message-level security protocols ensure integrity, authenticity and (optionally) confidentiality Now EU GridPMA establishes a common set of trust anchor for the authentication infrastructure Now Pseudonymity services addresses anonymity and privacy concerns Mid-term Overview of the security architecture services.

7 EU IST-FP6 Concertation, 17 th September 2004 - 7 Scope, objectives and status of M5/M6 deliverables: DJRA3.1 - Global security architecture (3/5) ServiceDescriptionTime frame AuthorizationAttribute authorities enable VO managed access control Policy assertion services enable the consolidation and central administration of common policy Authorization framework enables for local collection, arbitration, customisation and reasoning of policies from different administrative domains, as well as integration with service containers and legacy services Now Future Now DelegationAllows for an entity (user or resource) to empower another entity (local or remote) with the necessary permissions to act on its behalf Now Overview of the security architecture services.

8 EU IST-FP6 Concertation, 17 th September 2004 - 8 Scope, objectives and status of M5/M6 deliverables: DJRA3.1 - Global security architecture (4/5) Overview of the security architecture services. ServiceDescriptionTime frame Data key managementEnables long-term distributed storage of data for applications with privacy or confidentiality concerns Mid-term SandboxingIsolates a resource from the local site infrastructure hosting the resource, mitigating attacks and malicious/wrongful use Mid-term Site proxyEnables applications to communicate despite heterogenous and non-transparent network access Mid-term

9 EU IST-FP6 Concertation, 17 th September 2004 - 9 Scope, objectives and status of M5/M6 deliverables: DJRA3.1 - Global security architecture (5/5) RequirementFulfilledSolution/Technology/ServiceTime frame Single sign-onYesProxy certificates and a global authentication infrastructure Now User PrivacyPartiallyPseudonymity servicesMid-term Data PrivacyPartiallyEncrypted data storageMid-term Audit abilityPartiallyMeaningful log informationNow AccountabilityYesAll system interactions can be traced back to a user Now VO managed access controlYesVOMSNow Support for legacy and non- WS based software components YesModular authentication and authorization software suitable for integration Now Timely revocation delaysYesGradual transition from CRL based revocation to OCSP based revocation Mid-term Non-homogenous network accessYesSite ProxyFuture High-level requirements and how the architecture address them

10 EU IST-FP6 Concertation, 17 th September 2004 - 10 Summary of work accomplished since last AA meeting -Productive meeting, kick-off for the s/w maintenance/development at JRA3. - Global Security Architecture - Security requirements - Incident response capability PM4PM5PM6 MWSG3 August 25 JRA1 All-hands meeting June 28-30 Task 1: Security requirement doc MJRA3.1 (PM3) completed Recurrent tasks: - JRA1 design team, integration, testing - EUGridPMA, QAG - Software maintenance and development Task 5: Taxonomy document on Incident handling and Security operational procedures; definition of a common Grid incident format. (PM6+) In cooperation with JSG and OSG Task 3: Phase1 OGSA doc MJRA3.3 (PM4) completed Task 4: DJRA3.1 Security Architecture doc (PM5) delivery date: Sept. 17 TR7: Software maintenance and development PM5: SOAP over HTTPS 80% PM6: Delegation 45%, AuthZ framework 70%, Mutual AuthZ 10%, VOMS admin & parser (ongoing) PM7: Message level security 70% PM9: Resource access control 10%, Grid enhancements for OpenSSL Started PM11: Site Proxy for GRID cluster Started September 13

Download ppt "EGEE is a project funded by the European Union under contract IST-2003-508833 EGEE Security Åke Edlund Security Head EU IST-FP6 Concertation, 17 th September."

Similar presentations

Conference xxx - August 2003 Fabrizio Gagliardi EDG Project Leader and EGEE designated Project Director Position paper Delivery of industrial-strength.

Conference xxx - August 2003 Fabrizio Gagliardi EDG Project Leader and EGEE designated Project Director Position paper Delivery of industrial-strength.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Security (JRA3) Åke Edlund, JRA3 Manager, KTH David Groep, EUGridPMA chair, NIKHEF EGEE 1.

INFSO-RI Enabling Grids for E-sciencE Security (JRA3) Åke Edlund, JRA3 Manager, KTH David Groep, EUGridPMA chair, NIKHEF EGEE 1.
Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE-III Program of Work Erwin Laure EGEE-II / EGEE-III Transition Meeting CERN,

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE-III Program of Work Erwin Laure EGEE-II / EGEE-III Transition Meeting CERN,
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks JRA2: Quality Assurance & Security Coordination.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks JRA2: Quality Assurance & Security Coordination.
EGEE is a project funded by the European Union under contract IST-2003-508833 JRA1 Testing Activity: Status and Plans Leanne Guy EGEE Middleware Testing.

EGEE is a project funded by the European Union under contract IST JRA1 Testing Activity: Status and Plans Leanne Guy EGEE Middleware Testing.
Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.

Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
GGF12 – 20 Sept 2004 - 1 LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
LCG/EGEE Security Update HEPiX, Fall 2004 BNL, 18 October 2004 David Kelsey CCLRC/RAL, UK

LCG/EGEE Security Update HEPiX, Fall 2004 BNL, 18 October 2004 David Kelsey CCLRC/RAL, UK
May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,

May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Steven Newhouse EGEE’s plans for transition.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Steven Newhouse EGEE’s plans for transition.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.

Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
1 OSG Accounting Service Requirements Matteo Melani SLAC for the OSG Accounting Activity.

1 OSG Accounting Service Requirements Matteo Melani SLAC for the OSG Accounting Activity.
Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager

Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager
EGEE is a project funded by the European Union under contract INFSO-RI-508833 Summary M-E Bégin & B. Jones EGEE Technical Coordination All Activity Meeting,

EGEE is a project funded by the European Union under contract INFSO-RI Summary M-E Bégin & B. Jones EGEE Technical Coordination All Activity Meeting,
EGEE is a project funded by the European Union under contract IST-2003-508833 Common Security Components Olle Mulmo JRA3 JRA1 all-hands meeting, June 29.

EGEE is a project funded by the European Union under contract IST Common Security Components Olle Mulmo JRA3 JRA1 all-hands meeting, June 29.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks EGEE – paving the way for a sustainable infrastructure.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE – paving the way for a sustainable infrastructure.
EGEE is a project funded by the European Union under contract IST-2003-508833 JRA3 Security Åke Edlund Security Head PEB All-Activity Meeting, June 18,

EGEE is a project funded by the European Union under contract IST JRA3 Security Åke Edlund Security Head PEB All-Activity Meeting, June 18,

Similar presentations

Ads by Google