Presentation is loading. Please wait.

Presentation is loading. Please wait.

WP3 Security and R-GMA Linda Cornwall, RAL. WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 2 Current Status Currently,

Published bySibyl Garrison Modified over 7 years ago

Similar presentations

Presentation on theme: "WP3 Security and R-GMA Linda Cornwall, RAL. WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 2 Current Status Currently,"— Presentation transcript:

1 WP3 Security and R-GMA Linda Cornwall, RAL

2 WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 2 Current Status Currently, no security in R-GMA. We have looked at Spitfire Security Currently this is being removed from Spitfire, and turned into a separate package Their TrustManager should be used for Authentication for testbed 2. Their Authorization is not really suitable for us.

3 WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 3 Security for TB2 Access via https, no http access allowed. –Partly due to limited Authorization functionality. A certificate acceptable to EDG will be needed to do anything. Mutual Authentication must take place between between all components. Authentication will take place between users and R-GMA.

4 WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 4 Security for TB2 - continued Authorization will be limited to job control information Access to job control information will be restricted such that users can only see information on their own jobs. All other information, including both read and write access, will be open to everyone with EDG authentication

5 WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 5 Get a certificate! All users will need a user certificate All services will need a service certificate. –SCG decided to go for CA signed service certificates for TB2. We expect this is the way we will go. All users and developers who don’t have a certificate from a CA accepted by EDG should apply for one. We recommend users and developers also register with an EDG VO

6 WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 6 Security in the Future – Authentication http or https will be allowed. https – if authentication either of the service, or of the user, is needed. http – to avoid overhead of https.

7 WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 7 Security in the Future - Authorization Authorization will need to apply to any action e.g. –Setup a table –Read from a table –Read a specific item of information –Find what information producers exist

8 WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 8 Authorization dependency Nothing – e.g. some information may be visible to anyone. Authentication of the user only User’s VO membership User’s Role Individual DN or list of DN’s (See D7.5)

9 WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 9 Authorization implementation Need to pass user’s DN, VO membership and Role to R-GMA. Whenever a user makes a request – it will be necessary to decide whether they are authorized to carry out that action. Authorization policy will need to go with each table, and with each row of each table. Authorization policy goes with the data.

10 WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 10 R-GMA – TB2 Sensor Code Producer API Application Code Consumer API Registry “Event Dictionary” Consumer Instance Registry API Registry API Producer Instance Schema API Schema If job info –does DN match?

Download ppt "WP3 Security and R-GMA Linda Cornwall, RAL. WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 2 Current Status Currently,"

Similar presentations

WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.

WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Data Management Expert Panel - WP2. WP2 Overview.

Data Management Expert Panel - WP2. WP2 Overview.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK

5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK
DGC Paris 4.03.02 Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
20 March 2007 VOMS etc - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
CrossGrid WP3 Task 3.3.2 Non-invasive Monitoring Trinity College Dublin Brian Coghlan, Stuart Kenny, David O’Callaghan Santiago FEB-2003.

CrossGrid WP3 Task Non-invasive Monitoring Trinity College Dublin Brian Coghlan, Stuart Kenny, David O’Callaghan Santiago FEB-2003.
GGF Toronto 19.02.02 Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.

GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
Collaboration or Competition >Reality check: Most researchers and institutions compete rather than collaborate >Definition of data mining? >We need tools.

Collaboration or Competition >Reality check: Most researchers and institutions compete rather than collaborate >Definition of data mining? >We need tools.
Canonical Producer CP API User Code CP Servlet Files CreateTable, Port, Protocol, Security, SQL Support, Multiple Query Support Security Insert Query Port.

Canonical Producer CP API User Code CP Servlet Files CreateTable, Port, Protocol, Security, SQL Support, Multiple Query Support Security Insert Query Port.
Security Mechanisms The European DataGrid Project Team

Security Mechanisms The European DataGrid Project Team
WP3 R-GMA & OGSA 23/7/2002 James Magowan / IBM. WP3 James Magowan - 23/7/2002R-GMA & OGSA2 Contributors Brian CoghlanTCD Andy CookeHeriot-Watt Ari DattaQMUL.

WP3 R-GMA & OGSA 23/7/2002 James Magowan / IBM. WP3 James Magowan - 23/7/2002R-GMA & OGSA2 Contributors Brian CoghlanTCD Andy CookeHeriot-Watt Ari DattaQMUL.
Database authentication and authorisation in LCG — 3D workshop 17-19 Oct 2005 1 Kuba Zajączkowski Database authentication and.

Database authentication and authorisation in LCG — 3D workshop Oct Kuba Zajączkowski Database authentication and.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.

Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.

JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.
Planning: Hardening the rabbit Steve Fisher / RAL 5/3/2004 WP3.

Planning: Hardening the rabbit Steve Fisher / RAL 5/3/2004 WP3.
Compatibility and Interoperability Requirements

Compatibility and Interoperability Requirements
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

Similar presentations

Ads by Google