Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Published byNevaeh Janes Modified over 9 years ago

Similar presentations

Presentation on theme: "Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011."— Presentation transcript:

1 Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011

2 Identity federation Goal: to allow users in one organisation to access resources in another, using their home credentials Requires additional infrastructure, trust and policy; this is often known as a “federation”. Significant benefits for users, and identity and service providers – Makes it easier for identity providers to adhere to data protection legislation. – SSO reduces helpdesk burden for identity and service providers. – Simpler credentials management (which also poses new problems) Several identity federations exist nowadays

3 Project Moonshot Using federated identity in broad range non-web environment Authentication and attributes management done on IdP Targets at commonly deployed services – Mail, file stores, remote access, instant messaging, … – Also focus on clouds, grids, HPC, … Built on tested and proven components – EAP, RADIUS, SAML, GSS-API – Strong focus on standardization

4 Moonshot Architecture

5 Moonshot project Started in Spring 2010, led by JANET (UK) Co-funded by Geant and JANET Basic cornerstone(s) delivered recently Basic developers/deployers docs available Several applications moonshot‘ed – Jabber server/client, openLDAP, OpenSSH, – Apache, Firefox – MyProxy – With no or minimal changes to the code-base

6 IETF Standardization Application Bridging for Federated Access Beyond web (ABFAB) WG „… a federated mechanism for use by other Internet protocols not based on HTML/HTTP…“ Several IETF drafts under development – Use-cases, architecture, missing technology Standards to be delivered by Dec 2011

7 Moonshot opportunities for Grids Easier access to the infrastructure for users – no need to obtain PKI credentials in advance (transparetnt conversions) – using „friendly“ credentials (native federated authN) Simpler VO establishment and management – based (at least partly) on users‘ „home“ attributes – attractive for small (starting) VO (Pseudo)anonymity

8 Moonshoting MyProxy Matter of configuration and tiny code changes – Not Moonshot-specific, hopefully fixed in main- stream Both CA and repository mode supported – Attributes count be added to X.509 Grid credentials can be obtained using federated identity: myproxy-logon –l steve@realm –s server -n

9 Future moonshoting L&B L&B is a job monitoring service collecting information about jobs Security layer written using GSS-API – Easy transition to other security mechs No PKI needed to access moonshot-enabled L&B User mapping needed (not done)

10 Identity Federation Federated Access Allow access from Org1 and Org2 Resources of Org1 and Org2 (CE, SE,...) SSH, NFSv4 L&B WMS, CREAM Org 2Org 1 Users‘ passwords are NOT exposed to the services Users don‘t need new credentials Authorization rules can utilize users‘ „home“ attributes Information about users is up-to- date Users do not need to register in advance - „home“ credentials (e.g., passwords) MyProxy - „grid“ credentials (X.509 )

11 Questions? www.project-moonshot.org

Download ppt "Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
Abfab use-cases draft-ietf-abfab-usecases-00.txt Rhys Smith Mark Tysom Simon Cooper IETF80.

Abfab use-cases draft-ietf-abfab-usecases-00.txt Rhys Smith Mark Tysom Simon Cooper IETF80.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.

Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.

ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
EMI Development Plans for Identity Management Henri Mikkonen / HIP Moonshot, Grid and HPC Workshop 7.7.2011 London, UK.

EMI Development Plans for Identity Management Henri Mikkonen / HIP Moonshot, Grid and HPC Workshop London, UK.
Project Moonshot February 2012. Background Project Moonshot 2.

Project Moonshot February Background Project Moonshot 2.
John Chapman, Janet Fall 2012 Internet 2 Member Meeting 3 October 2012 Trust me, I’m an engineer: Engineering trust using a Trust Router infrastructure.

John Chapman, Janet Fall 2012 Internet 2 Member Meeting 3 October 2012 Trust me, I’m an engineer: Engineering trust using a Trust Router infrastructure.
Contrail and Federated Identity Management

Contrail and Federated Identity Management
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.

Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.
© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.

© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.
Key Negotiation Protocol & Trust Router draft-howlett-radsec-knp ABFAB, IETF 80 31 March, Prague.

Key Negotiation Protocol & Trust Router draft-howlett-radsec-knp ABFAB, IETF March, Prague.

Similar presentations

Ads by Google