Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Similar presentations


Presentation on theme: "Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011."— Presentation transcript:

1 Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011

2 Identity federation Goal: to allow users in one organisation to access resources in another, using their home credentials Requires additional infrastructure, trust and policy; this is often known as a “federation”. Significant benefits for users, and identity and service providers – Makes it easier for identity providers to adhere to data protection legislation. – SSO reduces helpdesk burden for identity and service providers. – Simpler credentials management (which also poses new problems) Several identity federations exist nowadays

3 Project Moonshot Using federated identity in broad range non-web environment Authentication and attributes management done on IdP Targets at commonly deployed services – Mail, file stores, remote access, instant messaging, … – Also focus on clouds, grids, HPC, … Built on tested and proven components – EAP, RADIUS, SAML, GSS-API – Strong focus on standardization

4 Moonshot Architecture

5 Moonshot project Started in Spring 2010, led by JANET (UK) Co-funded by Geant and JANET Basic cornerstone(s) delivered recently Basic developers/deployers docs available Several applications moonshot‘ed – Jabber server/client, openLDAP, OpenSSH, – Apache, Firefox – MyProxy – With no or minimal changes to the code-base

6 IETF Standardization Application Bridging for Federated Access Beyond web (ABFAB) WG „… a federated mechanism for use by other Internet protocols not based on HTML/HTTP…“ Several IETF drafts under development – Use-cases, architecture, missing technology Standards to be delivered by Dec 2011

7 Moonshot opportunities for Grids Easier access to the infrastructure for users – no need to obtain PKI credentials in advance (transparetnt conversions) – using „friendly“ credentials (native federated authN) Simpler VO establishment and management – based (at least partly) on users‘ „home“ attributes – attractive for small (starting) VO (Pseudo)anonymity

8 Moonshoting MyProxy Matter of configuration and tiny code changes – Not Moonshot-specific, hopefully fixed in main- stream Both CA and repository mode supported – Attributes count be added to X.509 Grid credentials can be obtained using federated identity: myproxy-logon –l –s server -n

9 Future moonshoting L&B L&B is a job monitoring service collecting information about jobs Security layer written using GSS-API – Easy transition to other security mechs No PKI needed to access moonshot-enabled L&B User mapping needed (not done)

10 Identity Federation Federated Access Allow access from Org1 and Org2 Resources of Org1 and Org2 (CE, SE,...) SSH, NFSv4 L&B WMS, CREAM Org 2Org 1 Users‘ passwords are NOT exposed to the services Users don‘t need new credentials Authorization rules can utilize users‘ „home“ attributes Information about users is up-to- date Users do not need to register in advance - „home“ credentials (e.g., passwords) MyProxy - „grid“ credentials (X.509 )

11 Questions?


Download ppt "Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011."

Similar presentations


Ads by Google