Presentation is loading. Please wait.

Presentation is loading. Please wait.

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK"— Presentation transcript:

1 30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK d.p.kelsey@rl.ac.uk

2 30-Jan-03D.P.Kelsey, GridPP Security2 Overview EU DataGrid LHC Computing Grid (LCG) GGF UK STF GridPP participants –Andrew McNab, Jens Jensen, Linda Cornwall, DPK (and others from time to time)

3 30-Jan-03D.P.Kelsey, GridPP Security3 WP7 Security Coord Group D7.5 – Requirements and TB1 112 EDG requirements –72 essential, 37 desirable aims, 3 long-term aim Includes –Virtual Organisations (VO’s) – Role based authorisation Authorise resources as well as users –Local Authorisation Decisions and keep ACL’s local to data –Confidentiality Encrypted medical data Don’t know who is in a VO –International Collaboration – must inter-operate! D7.6 Security Design document – to be finalised during Feb 03

4 30-Jan-03D.P.Kelsey, GridPP Security4 WP6 CA group - Authentication International/Inter-project collaboration important Building “Trust” between national CA’s and VO’s/projects –EDG, CrossGrid, ( also LCG, EGEE, …) Defines list of “trusted” CA’s –Minimum requirements and best practice –Currently 16 national CA’s Includes the new UK CA –Will grow to ~20 Considering FNAL (and CERN?) Kerberos CA –And SLAC Virtual Smart Card Aim to formalise a European PKI PMA body –with links to North America, (Asia-Pacific?), …

5 30-Jan-03D.P.Kelsey, GridPP Security5 Security Design/Developments Security components developed (see EDG web) –CA Trust Matrix tools –VO/LDAP & VOMS – Authorisation –LCAS, LCMAPS – local authorisation and mapping –Gridmapdir – dynamic leased accounts –Gridsite – certificate-based web management –SlashGrid - dn-based grid homefile system –GACL – Library to parse ACL’s (XML) –edg-java-security (for Data Management, web services) –G-HTTPS (see Andrew’s slides)

6 30-Jan-03D.P.Kelsey, GridPP Security6 UserVOMS service authr map pre-proc authr LCAS LCMAPS pre-proc LCAS Coarse-grained e.g. Spitfire WP2 service dn dn + attrs Fine-grained e.g. RepMeC WP2/WP3 Coarse-grained e.g. CE, Gatekeeper WP4 Fine-grained e.g. SE, /grid WP5 Java C Authorisation authenticate acl

7 30-Jan-03D.P.Kelsey, GridPP Security7 VO Membership Service 1.Client and server authenticate themselves and establish a secure communication channel using standard Globus API. 2.The Client sends the request to the Server. 3.The Server checks the request and sends back the required info (signed by itself). 4.The Client checks the validity of the info received. 5.Steps 1—4 are repeated for each Server the Client wants to contact. 6.The Client creates a proxy certificate with an extension (non critical) containing all the info received from the contacted VOMS Servers. Query Authentication Request Auth DB VOMS pseudo- cert C=IT/O=INFN /L=CNAF /CN=Pinco Palla /CN=proxy VOMS pseudo- cert

8 30-Jan-03D.P.Kelsey, GridPP Security8 LCG - Grid Deployment Planning now for LCG-1 (summer 03) –DPK is technical expert on LCG GDB WG3 Legal, political, site security policies, etc. –Acceptable Use policies (Rules) What is needed for User Registration (single signing)? –What is acceptable to Site Security Officers? GGF Site-AAA requirements group –An extremely important area – could kill the Grid! Authorisation (important area) –VO’s need to manage their members and sites/resource providers negotiate with VO’s

9 30-Jan-03D.P.Kelsey, GridPP Security9 GGF and UK STF Global Grid Forum –We are active in the various Security Area groups CA –GridCP –CA Ops Authz –New Authorization group (McNab co-chair) Site- AAA – Requirements UK Security Task Force (core programme) –To advise the Director, and make recommendations –Jens Jensen and DPK members –http://umbriel.dcs.gla.ac.uk/NeSC/general/teams/stf/http://umbriel.dcs.gla.ac.uk/NeSC/general/teams/stf/ –NeSC Security workshop (Dec 5/6, 2002)

Download ppt "30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK"

Similar presentations

24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK

24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK

The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK

22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.

Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK

5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
DataGrid is a project funded by the European Union HEPiX Conference Amsterdam 2003 Grid Security for Site Authorization in EDG VOMS, Java Security and.

DataGrid is a project funded by the European Union HEPiX Conference Amsterdam 2003 Grid Security for Site Authorization in EDG VOMS, Java Security and.
Security Mechanisms The European DataGrid Project Team

Security Mechanisms The European DataGrid Project Team
\ 2008-11-13Grid Security and Authentication1. David Groep Physics Data Processing group Nikhef.

\ Grid Security and Authentication1. David Groep Physics Data Processing group Nikhef.
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.

EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
RomeWorkshop on eInfrastructures 9 December 2003 - 1 LCG Progress on Policies & Coming Challenges Ian Bird IT Division, CERN LCG and EGEE Rome 9 December.

RomeWorkshop on eInfrastructures 9 December LCG Progress on Policies & Coming Challenges Ian Bird IT Division, CERN LCG and EGEE Rome 9 December.
Andrew McNab - EDG Access Control - 17 Jan 2003 EDG Site Access Control (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester

Andrew McNab - EDG Access Control - 17 Jan 2003 EDG Site Access Control (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester
Andrew McNab - SlashGrid, HTTPS, fileGridSite SlashGrid, HTTPS and fileGridSite 30 October 2002 Andrew McNab, University of Manchester

Andrew McNab - SlashGrid, HTTPS, fileGridSite SlashGrid, HTTPS and fileGridSite 30 October 2002 Andrew McNab, University of Manchester
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.

13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

Similar presentations

Ads by Google