Presentation is loading. Please wait.

Presentation is loading. Please wait.

11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK

Published byAlice Hugill Modified over 9 years ago

Similar presentations

Presentation on theme: "11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK"— Presentation transcript:

1 11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK d.p.kelsey@rl.ac.uk

2 11-Dec-01D.P.Kelsey, Authentication2 Meetings WP6 Certificate Authorities Group –Defining procedures for Authentication/Trust Dec 2000, March, June, August and Dec 2001 Agenda 6/7 Dec 2001 – CERN –New CA’s (USA and Germany) –Acceptance Matrix –GGF CP/CPS –Naming issues –Scaling problems Next meeting Paris EDG Conference – March 2002

3 11-Dec-01D.P.Kelsey, Authentication3 EDG CA’s Already in TB1 –CERN, Czech Rep, France, Ireland, Italy, Netherlands, Nordic, Portugal, Russia, Spain, UK In process of joining –USA (LBL/ESnet DOE Science Grid) –Karlsruhe (Germany, CrossGrid)

4 11-Dec-01D.P.Kelsey, Authentication4 Acceptance Matrix Defined Minimum requirements for EDG CA Don’t accept Globus certs N * N matrix to show status of “acceptance” –Matrix rather sparse right now! Every CA checks that it is “happy” with all others Aim to complete this by 15 Feb 2002

5 11-Dec-01D.P.Kelsey, Authentication5 Some issues Host certificates –Need to find a CA prepared to issue them Privacy of Private key Scaling –Resources Global trust –GGF CP Authorisation vs Authentication Naming

6 11-Dec-01D.P.Kelsey, Authentication6 Privacy of private key Private key must be secret or else … –CP violation –Violation of Use Guidelines Compromised keys should be revoked by CA Service/Host certificates must relate to a single network entity This will be enforced

7 11-Dec-01D.P.Kelsey, Authentication7 Scaling issues Number of CA’s growing quickly Number of certs per CA growing too fast –CERN users should apply to their national CA Didn’t discuss the problem much Resources required are large –To run a CA –To check trust with all others Possible solutions –GGF CP work –Make Authentication lightweight Bind name string to public key, but no meaning of name

8 11-Dec-01D.P.Kelsey, Authentication8 GGF CP/CPS Discussed draft CP document GGF hopes to agree this in Toronto (Feb 02) 4 levels of assurance or just 2 levels? Do we need proof of possession of private key? Need to remove references to US Federal agencies Central GGF repository –Plus audit More scaling problems!

9 11-Dec-01D.P.Kelsey, Authentication9 Authentication vs Authorisation Where do we put most effort checking identity? Answer –As close to the resources as possible Authorisation scheme will need to do most checking Don’t duplicate the effort! Authentication cert could bind random string to public key

10 11-Dec-01D.P.Kelsey, Authentication10 Naming Flat namespace vs hierarchy? What does the name mean anyway? examples –/dc=doesciencegrid /dc=org /cn=John Smith 2654 –/c=uk /o=ESgrid /ou= GridPP/L=Manchester/ cn= John Smith Main reason to keep flat –Remove all Authorisation information Decided not to standardise –CA can do what they like

Download ppt "11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK"

Similar presentations

Proxy Certificate Profile Douglas E. Engert Argonne National Laboratory 12/14/2001 COPYRIGHT STATUS: Documents authored by Argonne National.

Proxy Certificate Profile Douglas E. Engert Argonne National Laboratory 12/14/2001 COPYRIGHT STATUS: Documents authored by Argonne National.
Israel, 10th and 11th of December 2003 Italy Israel Bi-national Seminar on Digital Access to Scientific and Cultural Heritage Antonella Fresa MINERVA Technical.

Israel, 10th and 11th of December 2003 Italy Israel Bi-national Seminar on Digital Access to Scientific and Cultural Heritage Antonella Fresa MINERVA Technical.
Robots Jens Jensen, STFC RAL GridNet2/ UK e-Science CA /NGS/GridPP/

Robots Jens Jensen, STFC RAL GridNet2/ UK e-Science CA /NGS/GridPP/
© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.

© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.
Andrew McNab - Manchester HEP - 15 February 2002 Testbed Release in the UK EDG Testbed 1 GridPP sources of information GridPP VO GIIS and Resource Broker.

Andrew McNab - Manchester HEP - 15 February 2002 Testbed Release in the UK EDG Testbed 1 GridPP sources of information GridPP VO GIIS and Resource Broker.
Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.

Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.
24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK

24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
Partner Logo UK GridPP Testbed Rollout John Gordon GridPP 3rd Collaboration Meeting Cambridge 15th February 2002.

Partner Logo UK GridPP Testbed Rollout John Gordon GridPP 3rd Collaboration Meeting Cambridge 15th February 2002.
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.

Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK

22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
Author - Title- Date - n° 1 Partner Logo Authentication John Gordon GridPP 2 nd May 2002.

Author - Title- Date - n° 1 Partner Logo Authentication John Gordon GridPP 2 nd May 2002.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
A responsibility based model EDG CA Managers Meeting June 13, 2003.

A responsibility based model EDG CA Managers Meeting June 13, 2003.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
GSI – Grid Security Infrastructure and the EU DataGrid Authentication Infrastructure For the EDG CACG: David Groep.

GSI – Grid Security Infrastructure and the EU DataGrid Authentication Infrastructure For the EDG CACG: David Groep.
Cotswolds International Middleware Meeting Upper Slaughter, UK, 14-15 October 2004 Slides partially by John Martin, JISC; pictures by Ken Kingenstein.

Cotswolds International Middleware Meeting Upper Slaughter, UK, October 2004 Slides partially by John Martin, JISC; pictures by Ken Kingenstein.
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK

5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK

Similar presentations

Ads by Google