Presentation is loading. Please wait.

Presentation is loading. Please wait.

Password?. Project CLASP: Common Login and Access rights across Services Plan

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Password?. Project CLASP: Common Login and Access rights across Services Plan"— Presentation transcript:

1 Password?

2 Project CLASP: Common Login and Access rights across Services Plan http://cern.ch/proj-CLASP

3 Outline  What is CLASP? - Project Goal  Why launch this project now?  What is included? - Project Scope  Project Status Service Survey & Feasibility Study  Technology Kerberos, PKI, Certificates  Summary

4  Propose a detailed plan to reduce the number of login/passwords entered by users to access services they are authorised to use Goal “Single Sign On” Access Control +

5 Why launch this project now?  The number of login/passwords has become a frustration for the user community  The number of services continues to grow  Initiatives towards a common login id and password synchronisation are in progress  Windows 2000 and Linux 2000 provide an opportunity for further improvement  Technologies such as Kerberos v5, PKI, Certificates & LDAP are becoming mature  Can we have a common solution across services?

6 Project Scope  Address computing services offered by at least IT and AS Divisions  Normal user access from in or outside CERN  Target W2000 and Linux for web, mail, telnet, X and file access  Focus on a common solution, even if it does not cover all services today  Not a “security project”- but elimination of clear-text passwords is desirable

7 The final proposal will include:  A proposed common authentication and authorisation mechanism  A plan for introducing the mechanism  A list of services covered  Recommendations for services not covered  An opt-out mechanism for special cases  Security levels achievable, including a password (check & change) policy  An assessment of the impact on users and service providers both at CERN and other sites

8 Project Status Project Mandate (Dec 1999):  Goal, Background, Purpose, Scope, Phases http://cern.ch/proj-clasp Phase 1 (Jan - Apr 2000):  Service Survey and Feasibility Study what do we have now and what is possible for the future Phase 2 (from May 200):  Final Proposal and Detailed Plan Phase 1 will define the steps required for Phase 2

9 Phase 1 Goals  Document the current login/password mechanisms used on IT and AS services  Assess the feasibility of Kerberos v5 and/or other technology as a common authentication mechanism for the planned Windows 2000 & Linux 2000 environments  Investigate possibilities for platform independent access control  Obtain acceptance of service managers and user community  Propose next steps, including personnel and budget estimates

10 Kerberos  A network authentication protocol created by MIT, based on encrypted tickets  Available in W2000, Solaris 8, AFS, public domain versions (e.g. for Linux)  Not all applications offer a Kerberos interface, but its popularity is growing  Kerberos version 5 has better security and improved cross-realm authentication  FNAL’s “Strong Authentication Project” is based on Kerberos version 5

11 PKI and Certificates  PKI = Public Key Infrastructure  Electronic keys are stored in certificates  Authentication on the scale of the Internet Based on public and private keys used for encryption Public keys are accessible to the Internet  Current use is still quite limited certificates are used for encryption in e-commerce Eurocard (SET) uses PKI to authenticate who a person really is PKI is used for web based GRID applications - being evaluated for LHC wide area computing

12 Summary  CLASP will propose a plan for common login and access rights across CERN services Focus on W2000 an Linux platforms for general use (e.g. web, mail, file access, telnet, X) Acceptance by service managers and user community  Cross-platform technology for authentication and access control is maturing Native Kerberos in W2000 and UNIX platforms advances in e-commerce (certificates, smart cards) PKI (Public Key Infrastructure) in GRID appplications  Service survey and feasibility study are in progress in collaboration with CERN “service providers”

Download ppt "Password?. Project CLASP: Common Login and Access rights across Services Plan"

Similar presentations

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
HEP Data Sharing … … and Web Storage services Alberto Pace Information Technology Division.

HEP Data Sharing … … and Web Storage services Alberto Pace Information Technology Division.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.

Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
1/11/2000LDAP Status Report - HEPix - JLab 2000 LDAP Status Report Michel Jouvin LAL / IN2P3

1/11/2000LDAP Status Report - HEPix - JLab 2000 LDAP Status Report Michel Jouvin LAL / IN2P3
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Password? CLASP Phase 2: Revised Proposal C5 Meeting, 16 February 2001 Denise Heagerty, IT/IS.

Password? CLASP Phase 2: Revised Proposal C5 Meeting, 16 February 2001 Denise Heagerty, IT/IS.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Secure Off Site Backup at CERN Katrine Aam Svendsen.

Secure Off Site Backup at CERN Katrine Aam Svendsen.
Tom Parker Project Manager Identity Management Team IT Security Group.

Tom Parker Project Manager Identity Management Team IT Security Group.
X.509 at the University of Michigan CIC-RPG Meeting June 7, 1999 Kevin Coffman Bill Doster

X.509 at the University of Michigan CIC-RPG Meeting June 7, 1999 Kevin Coffman Bill Doster
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

Similar presentations

Ads by Google