Presentation is loading. Please wait.

Presentation is loading. Please wait.

5-1.1 Grid Security © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification date: Feb 3, 2010.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "5-1.1 Grid Security © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification date: Feb 3, 2010."— Presentation transcript:

1 5-1.1 Grid Security © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification date: Feb 3, 2010

2 User activities on Grid Environment Run jobs using one or possibly multiple resources Transfer files from one resource to another where needed, not necessarily to/from computer system logged onto (so-called third-party transfers). Replicate/divide large data files among remote resources Develop programs to run on different types of computers as Grid resources often heterogeneous. Develop programs that can automatically discover resources and distribute work accordingly. 5-1.2

3 Objective of the security infrastructure: To make the activities using Grid resources seamless without having to manually logging onto all the computers. Key aspect - the ability to have remote resource act on our behalf – delegation.

4 Accounts No matter what, in a traditional Globus Grid environment, user accounts have to exist on each computer system that users wish to access. Each user might have an individual account on each system (as done for this class). Setting up individual accounts time-consuming. Multiple system administrators involved. Sometimes, convenient to have a group account for virtual organization and virtual organization users share this account. 5-1.4

5 (Globus) Grid Security Infrastructure (GSI) 5-1.5

6 Data Management Security Common Runtime Execution Management Information Services Web Services Components Non-WS Components Pre-WS Authentication Authorization GridFTP Grid Resource Allocation Mgmt (Pre-WS GRAM) Monitoring & Discovery System (MDS2) C Common Libraries GT2GT2 WS Authentication Authorization Reliable File Transfer OGSA-DAI [Tech Preview] Grid Resource Allocation Mgmt (WS GRAM) Monitoring & Discovery System (MDS4) Java WS Core Community Authorization Service GT3GT3 Replica Location Service XIO GT3GT3 Credential Management GT4GT4 Python WS Core [contribution] C WS Core Community Scheduler Framework [contribution] Delegation Service GT4GT4 Globus Software I Foster 5-1.6 Security

7 GSI Communication Protocols GT3/GT4 based upon Web services security. Two types Transport-level protocols Message-level protocols. 5-1.7

8 Transport-level protocols In transport-level protocols, whole message encrypted before being sent and decrypted when received. Transport-level protocol in SSL (Secure Sockets Layer) and TLS (Transport Layer Security, the successor to SSL). 5-1.8

9 Message-level protocols Only message content, or specific portions of message contents encrypted. Provides greater. Various authentication schemes and intermediate message processing can be employed. Conceptually, at a higher level than transport-level protocols and can use various transport-level protocols. However, slower than transport-level protocols. 5-1.9

10 Transport-level and message-level protocols 5-1.10

11 Authentication -- Process of deciding whether a particular identity is who he says he is (applies to humans and systems) Authorization -- Process of deciding whether a particular identity can access a particular resource –Assumes identify has been previously validated through authentication –Access control - what type of access Finer level of authorization rather than blanket ability to make any type of access 5-1.11 Authentication and authorization component Key component – WS Authentication/Authorization

12 GSI Authentication Basically same as regular PKI authentication. Users have credentials they use to prove their identity. Credentials consist of: X.509 certificate Private key Private key kept secret by owner (or on owner’s behalf at a secure repository) and encrypted with a passphrase. X.509 certificate is available to all. 5-1.12

13 “Passphase” Similar to password but implies can be very long and incorporate complete sentences with spaces. Properly chosen long passphrase makes it more secure. Good for security, but inconvenient for repeated usage. Mechanisms in place to reduce repeated access to private key. 5-1.13

14 Certificate Authorities for Grid Computing A Grid computing group (virtual organization) requires one or more certificate authorities to sign certificates. Generally, cannot use existing commercial certificate authorities because virtual organization wants to control who becomes a member of organization. Done by issuing certificates signed by a certificate authority of the virtual organization. 5-1.14

15 Globus Certificate Authorities Globus certificate service A on-line certificate signing service that issues “low- quality” GSI certificates to users who want to experiment with Grid software without having to set up or have access to a certificate authority. Can be used for testing and can be used in Grid service training tutorials but insufficient for any serious Grid computing work. No means of verifying users nor does it ensure that distinguished names provided are in fact unique. 5-1.15

16 SimpleCA Simple implementation of a certificate authority Part of Globus toolkit Can be installed easily. Basically OpenSSL certificate authority configured to work with Globus. OpenSSL could be used directly. 5-1.16

17 UNC-C/UNC-W Grid computing course CAs SimpleCA used in UNC-C/UNC-W Grid computing course. Currently, we have a CA at UNC-C and at UNC-W although at the moment all certificates are being signed by UNC-C. Multiple certificate authorities possible. One at each institution for signing certificates of students at that institution. Then arrange for Globus to accept certificates signed by each certificate authority in much the same way as a browser accepts multiple CAs. 5-1.17

18 Certificate Authorities for Grid Computing Projects Some projects keep to one certificate authority -- certainly simplifies management and creates centralized point for signing. Large Grid computing projects might have multiple certificate authorities with bridge or hierarchical certificate authorities as described earlier. UK e-Science national Grid has a centralized certificate authority but uses registration authorities spread around country for identity management and accepting the initial request for a certificate. Registrations manned by individuals who will require positive proof of identity (photo ID). 5-1.18

19 Single national certificate authority with multiple registration authorities 5-1.19

20 Getting a Certificate using Globus Commands First, you need to generate your own public/private key pair. You do not actually need the public key separate from your certificate as your certificate will hold your public key, so in the process described, you will be left with your private key and your signed certificate. 5-1.20

21 Globus command grid-cert-request will create a private key pair and request for a signed certificate, that is, an unsigned certificate containing the subject name and public key. A default distinguished name (certificate subject) will be displayed for the user as part of the message. Command requires that you create a passphrase, which will be used to encrypt the private key and must be remembered. 5-1.21

22 Three files created by command in user’s.globus directory, namely: User request: usercert_request.pem User’s private key: userkey.pem Empty file: usercert.pem usercert_request.pem -- can be considered as an unsigned certificate containing the subject name and public key. userkey.pem (private key) Critical private key is not compromised. usercert.pem -- a placeholder for where the signed certificate will be put later. 5-1.22

23 Sending request usercert_request.pem file is sent to certificate authority. Typically, this file is sent by email to the administrator of the certificate authority. grid-cert-request command includes a message telling the user what to do. 5-1.23

24 CA Administrator After receiving request, administrator will run command grid-ca-sign -in usercert_request.pem -out signedcert.pem Needs passphrase used to encrpyt/decrypt certificate authority’s private key. Command generates signed certificate called signedcert.pem (in command shown). 5-1.24

25 CA Administrator Certificate authority administrator will return signed certificate to user, typically by email. It is not a major security concern. Why? User then replaces empty usercert.pem with this file (rename it to be usercert.pem). Other ways of getting signed certificate back to user, including letting administrator access user’s account to download file into user’s account. We do that in the course because we have root access to all accounts. 5-1.25

26 Getting a signed certificate using Globus commands Fig 5.4 5-1.26

27 User Credentials Finally, we have the complete set of user credentials: User’s private key: userkey.pem User’s signed certificate: usercert.pem 5-1.27

28 Computing resources also need their identity verified in a formalized manner when added to the Grid infrastructure. Need their own host certificate signed by a certificate authority trusted by the Grid. Only such machines will be allowed to participate in the Grid activities. They might be used under certain access rights and at certain times or with certain users, especially if the computers are shared with non-Grid activities. Certificates for Resources 5-1.28

29 Host credentials Consist of the following two files: Host’s private key: hostkey.pem Host’s signed certificate: hostcert.pem typically located in /etc/grid-security/. grid-cert-request command to create host credentials: grid-cert-request -host hostname Example grid-cert-request -host coit-grid01.uncc.edu Signing follows same procedure as for user certificates with submission to certificate authority. 5-1.29

30 Certificate of Certificate Authority When a certificate authority is created, it will self-sign its own certificate (unless a certificate authority hierarchy). Certificate authority has two files:.0.signing_policy where is the hash code of the identity of certificate authority (a 32-bit number, given in hexadecimal) cert_hash.0 is the actual certificate of certificate authority cert_hash.signing_policy defines format of distinguished names of certificates signed by certificate authority. 5-1.30

31 Configuring GT4 to Trust a Particular Certificate Authority Globus can be configured to accept certificates from multiple certificate authorities. It is just a matter of placing the two files of each certificate authority:.0 and.signing_policy in /etc/grid-security/certificates. 5-1.31

32 Certificate Authorities trusted One can see certificate authorities recognized and choose one to sign your certificate request by issuing the command grid-cert-request -ca Sample output nondefaultca=true The available CA configurations installed on this host are: 1) 61de2736 - /O=Grid/OU=GlobusTest/OU=simpleCA-coit- grid02.uncc.edu/CN=Globus Simple CA 2) 76cc56e4 - /O=Grid/OU=GlobusTest/OU=simpleCA-coit- grid03.uncc.edu/CN=Globus Simple CA 3) c41c7188 - /O=UNCW /OU=Computer Science/CN=Certificate Authority Enter the index number of the CA you want to sign your cert request: 5-1.32

33 GSI Authentication Protocol Originally based on SSL protocol. B authenticating A A sends its certificate to B. B gets A’s public key and name from certificate using public key of certificate authority that signed certificate. (It must be a CA it trusts.) B creates a random number and sends it to A. A encrypts random number with its private key and sends it to B. B decrypts number with A’s public key and checks number. If correct, B is certain of A’s identity. Mutual authentication - process done both ways. 5-1.33

34 GSI Authorization To recap, authorization is the process of deciding whether a particular identity can access a particular resource and in what fashion. Apart from users and computing resources having valid signed certificates, which provides proof of identity (authentication), users need authorization to access the resources. Currently in Globus toolkit proper, only basic access control facilities provided. (Other software packages aid process.) 5-1.34

35 Accounts Authorization to access a resource implies that user needs an account to access. In our course, accounts simply set up by hand (using a script) An automated mechanism for creating and managing these accounts very desirable Use a network accessible (LDAP) database that lists users and their access privileges, and incorporates distinguished names format found in X-509 certificates. 5-1.35

36 Mapping Distinguished Names to Account gridmap file Very basic Globus way of mapping user’s distinguished names to their account names Used to give access to accounts via their distinguished name found on user’s certificate. Each user entry in list takes form: Distinguished_name local_user_account_name 5-1.36

37 Example: "/O=Grid/OU=GlobusTest/OU=simpleCA-coit- grid02.uncc.edu/OU=uncc.edu/CN=student1" student1 Distinguished name given in quotation marks to allow spaces. Must exactly match way it appears in user’s certificate. GSI uses gridmap file to establish that user may access account. 5-1.37

38 Mapping accounts using gridmap files on distributed computers Fig 5.5 5-1.38

39 Account Privileges Gridmap files often compared to access control lists, but they only provide account name mapping and blanket access. They do not provide specific types of access (levels of permissions, read/write/execute, group memberships, etc.) User access privileges will derive from local system access control list. Generally, need more powerful mechanism to control type of access, see next. 5-1.39

40 Question What is a disadvantage of using gridmap files for access control? (May be more than one) (a)It is difficult to maintain for large grids (b) It does not apply fine grain access control (c) It is difficult to verify user credentials (d) It is difficult to map distinguished names to local accounts (e) It is difficult to maintain in a dynamically changing virtual organization 5-1.40

41 Delegation The process of giving authority to another identity (in this context, a computer) to act on your behalf. A critical requirement for Grid computing. Coupled with delegation is single sign-on, which enables a user and its agents to acquire additional resources without repeated physical authentication by the user (that is, submitting passwords/passphrases). 5-1.41

42 Delegation in third-party file transfers Files moved from one remote site say site A to another remote site say site B, initiated from where user is located. User interacts with local file transfer service and mutually authenticates with that service. With the user’s delegated authority, local file transfer service then contacts file transfer services at site A and B that are to do the actual file transfer. Both site A and site B receive delegated authority from local file transfer service to perform transfer, and local file transfer service has delegated authority from user. Fig 5.6 5-1.42

43 Proxy Certificates A way of implementing delegation introduced by Globus. Used extensively in GSI. Proxy certificate, (a proxy) gives resource possessing proxy the authority to act on your behalf, just as proxy vote can be used for someone to place a vote on your behalf. Proxy credentials consist of: Proxy certificate (with its public key) and Proxy private key. Subject of proxy certificate is identity of entity giving the proxy authority with /CN=proxy or /CN= added to name to show that certificate is a proxy certificate. 5-1.43

44 Proxy Certificates Signed by subject, not certificate authority. Can be compared to a proxy vote being signed by you but placed by someone on your behalf. Your signature should be checked. With proxy certificates, that is done by checking signature on the proxy certificate, which requires public key of user. Public key of user requires checking signature on the user’s certificate, which requires public key of certificate authority. So proxy certificate alone is not sufficient. User’s certificate and certificate of certificate authority (or at least their public keys) needed also by resource to act on your behalf—three certificates in all 5-1.44

45 Validation at proxy site Fig 5.7 5-1.45

46 Proxy private key and certificate lifetime User certificates usually have long lifetimes, maybe a year. User’s private key is kept very secure in an encrypted form based upon passphrase established by user. Each time user performs a PKI authentication protocol, user’s private key must be decrypted with passphrase. At that point, brief opening for breach of security, but as soon as possible decrypted private key must be destroyed. 5-1.46

47 Proxy private key and certificate lifetime If proxy’s private key also encrypted, would need a passphrase to decrypt it each time, which would defeat purpose of just having a single sign-on with one application of passphrase. Consequently, proxy’s private key simply protected by operating system file permissions which does not need a decrypting passphrase to access. Proxy is given a limited lifetime, say 2 hours, so that any breach of security/potential damage limited. 5-1.47

48 Because proxy has its own subject name (user’s name plus being a proxy), it can be used in authentication and authorization mechanisms as a separate entity. Would be possible, and a good idea, for a proxy of a user not to carry the full access rights of the user. It could be limited to the type of actions contemplated. Delegation rights can be encoded into the certificate in a “ProxyCertInfo” X.509 extension field - not currently standardized. 5-1.48

49 In a Globus environment, one immediately provides delegated authority. User must create a proxy which can be done manually with the grid-proxy-init command. Its contents can be examined with grid-proxy-info. Proxy can be destroyed with grid-proxy-destroy, 5-1.49

50 5-1.50 User Server Request to create a proxy grid-proxy-init Create Proxy public and private keys Proxy Private Key grid-proxy-init Sign proxy with user private key Proxy certificate request Proxy certificate Decrypt user’s private key with passphrase

51 Delegation of authority to another host Fig 5.8 5-1.51

52 Chain of trust Fig 5.9 5-1.52

53 MyProxy Grid Credential Repository A repository developed for certificates. Widely used in Grid computing. Provide short lifetime proxies upon request. Originally separate to Globus, Later incorporated into Globus 4.0 Has become an integrated part of Globus environment especially with GridSphere portal. 5-1.53

54 MyProxy Grid Credential Repository Two ways that MyProxy might be used: 1. As a repository for user’s credentials or 2. As a repository for proxy credentials. 5-1.54

55 MyProxy server with separate certificate authority Fig 5.10 5-1.55

56 MyProxy Commands Some user commands on command line (or through MyProxy portlet): myproxy-store Store user credentials found in ~/.globus/ usercert.pem and ~/.globus/userkey.pem in MyProxy server myproxy-init -t hours Store proxy where hours is the lifetime (default 12 hours) myproxy-logon (formerly myproxy-get- delegation) Retrieve proxy myproxy-info Query stored credentials myproxy-destroy Remove credential 5-1.56

57 A typical sequence using myproxy-init is myproxy-init -s myproxy.coit_grid02.uncc.edu Your identity: /C=US/O=UNCC/CN=Barry Wilkinson Enter GRID pass phrase for this identity: Creating proxy........................................... Done Your proxy is valid until Fri Sep 13 13:52:56 2008 Enter MyProxy Pass Phrase: Verifying password - Enter MyProxy Pass Phrase: A proxy valid for 168 hours (7.0 days) for user abw now exists on myproxy.coit_grid02.uncc.edu. 5-1.57

58 Then, user might wish to retrieve proxy, i.e., myproxy-logon -s myproxy.coit_grid02.uncc.edu Enter MyProxy Pass Phrase: A proxy has been received for user abw in /tmp/x509up_u500 5-1.58

59 Would typically store long-term user credentials in MyProxy server using MyProxy administrator commands. A certificate authority has been integrated into the MyProxy software (from version 3.0 onwards) specifically for issuing short lifetime credentials. When enabled, myproxy-login command will return a signed user certificate from this certificate authority Using MyProxy with PURse registration within a portal 5-1.59

60 Higher-Level Authorization Tools Gridmap files -- the basic way that Globus provides for mapping distinguished names to local machine accounts but very primitive way that does not scale well. Also does not include any finer access control or any higher-level control of authorization for a Grid environment. Several tools have been developed to provide higher-level authorization. 5-1.60

61 Security Assertion Markup Language (SAML) XML language for making “assertions” for authentication and authorization decisions and A request-response protocol for such assertions. Developed by OASIS for facilitating exchange of security information between business partners, in particular to obtain single sign-on for Web users Addresses where a user accesses a Web site that might require user’s request to be redirected to another affiliated site after being authenticated, e.g. travel bookings and automobile reservations. Has been applied in Grid computing. 5-1.61

62 SAML components for Web site redirection 5-1.62 Fig 5.11

63 SAML provides for communication of user authentication, authorization and attribute information. Three components: Assertions - information being communicated Protocol - way that message exchanges done Binding - mapping to concrete SOAP exchanges and specific protocols (usually HTTP) Three forms of assertions: Authentication statements Attribute statements Authorization decision statements 5-1.63

64 Authentication assertion statements –confirm to service provider the user's identity. Attribute assertion statements –Provides specific information about user to establish access decisions. –Attributes might for example include that a users is an administrator (root privileges) or has limited user privileges. SAML authorization decisions –e.g. might state that subject (user) is allowed to perform the specified operation on the specified resource. 5-1.64

65 Using Certificates for Authorization Original purpose of X.509 certificates is to prove identity (authentication). When these certificates sent to resources, both authentication and authorization decisions often made at the same time. One could add additional information in certificates for authorization. X.509 format allows additional information in non- critical X.509 extensions enabling existing software to pass on such certificates for authorization decisions. 5-1.65

66 Communication Authorization Service (CAS) Developed to provide authorization service in a Globus environment of using proxy certificates. Part of Globus 4 CAS server issues proxy to user that includes authorization assertions inserted as non-critical X- 509 extensions in certificate. Now uses SAML assertions (not originally). Approach enables proxy certificates to be processed by existing software. 5-1.66

67 CAS structure Fig 5.13 5-1.67

68 Attribute (Authorization) Certificates A separate certificate in addition to X-509 certificate, just for authorization. Proposed as a standard. Attribute certificate bound to a particular identity and digitally signed to validate it. 5-1.68

69 Attribute certificate mechanism— concept Fig 5.13 5-1.69

70 Questions 5-1.70

71 If a third party intercepts a communication using (encrypted) transport-level protocol, what can it discover? (a) Nothing (b) Everything about the message and its contents, i.e., it can read the whole message (c) It can discover who sent the message and who will receive the message (d) None of the above SAQ 5.1

72 If a third party intercepts a communication using (encrypted) message-level protocol, what can it discover? (a) Nothing (b) Everything about the message and its contents, i.e., it can read the whole message (c) It can discover who sent the message and who will receive the message (d) None of the above SAQ 5.2

73 What is the difference between the user’s credentials and the user’s certificate? (a) Nothing (b) User credentials includes both the user’s certificate and the user’s private key (c) User’s certificate includes the user’s private key (d) User’s credentials includes the user’s public key SAQ 5.3 5-1.73

74 What is a disadvantage of using gridmap files for access control? (May be more than one.) (a) It is difficult to maintain for large Grids (b) It does not apply fine-grain access control (c) It is difficult to verify user credentials (d) It is difficult to map distinguished names to local accounts (e) It is difficult to maintain in a dynamically changing virtual organization SAQ 5.6

75 In Grid security, what is delegation? (a) Process of making use of many processors to speed up the computation (b) Process of giving authority to another identity to act on your behalf (c) Process of assigning work to another processor (d) Process of creating a certificate request and getting it signed by a certificate authority SAQ 5.5 5-1.75

76 What is a proxy? (a) A certificate provided to enable resources to be acquired on the user's behalf (b) Secret key (c) A third party given authority to acquire resources on the user's behalf (d) A computer given authority to acquire resources on the user's behalf SAQ 5.8 5-1.76

77 Which of the following are encrypted? (May be more than one.) (a) User’s certificate (b) User’s private key (c) Proxy certificate (d) Proxy’s private key SAQ 5.9

78 Which of the following are encrypted? (May be more than one.) (a) User’s certificate (b) User’s private key (c) Proxy certificate (d) Proxy’s private key SAQ 5.9 5-1.78

79 Suppose there is a chain of trust with hosts A, B, C, and D. How many certificates must host D receive to establish trust? (a) 0 (b) 1 (c) 2 (d) 3 (e) 4 (f) More than 4 SAQ 5.10 5-1.79

Download ppt "5-1.1 Grid Security © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification date: Feb 3, 2010."

Similar presentations

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:

Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:
Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
MTA SZTAKI Hungarian Academy of Sciences Grid Computing Course Porto, 22-24 January 2007. Introduction to Grid portals Gergely Sipos

MTA SZTAKI Hungarian Academy of Sciences Grid Computing Course Porto, January Introduction to Grid portals Gergely Sipos
Seminar Grid Computing ‘05 Hui Li Sep 19, 2005. Overview Brief Introduction Presentations Projects Remarks.

Seminar Grid Computing ‘05 Hui Li Sep 19, Overview Brief Introduction Presentations Projects Remarks.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Globus Toolkit 4 hands-on Gergely Sipos, Gábor Kecskeméti MTA SZTAKI

Globus Toolkit 4 hands-on Gergely Sipos, Gábor Kecskeméti MTA SZTAKI
1c.1 Assignment 2 Preliminaries Review Full details in assignment write-up. ITCS 4146/5146 Grid Computing, 2007, UNC-Charlotte, B. Wilkinson. Jan 24, 2007.

1c.1 Assignment 2 Preliminaries Review Full details in assignment write-up. ITCS 4146/5146 Grid Computing, 2007, UNC-Charlotte, B. Wilkinson. Jan 24, 2007.

Similar presentations

Ads by Google