Presentation is loading. Please wait.

Presentation is loading. Please wait.

UPKI Inter-University Authentication and Authorization Platform for Japanese Cyber-Science Infrastructure Yasuo OKABE Academic Center for Computing and.

Published byJasmine Rodgers Modified over 10 years ago

Similar presentations

Presentation on theme: "UPKI Inter-University Authentication and Authorization Platform for Japanese Cyber-Science Infrastructure Yasuo OKABE Academic Center for Computing and."— Presentation transcript:

1 UPKI Inter-University Authentication and Authorization Platform for Japanese Cyber-Science Infrastructure Yasuo OKABE Academic Center for Computing and Media Studies, Kyoto University okabe@i.kyoto-u.ac.jp

2 Tohoku University Information Synergy Center Hokkaido University Information Initiative Center University of Tokyo Information Technology Center Nagoya University Information Technology Center Kyoto University Academic Center for Computing and Media Studies Osaka University Cybermedia Center Kyushu University Computing and Communications Center Sapporo Sendai TokyoKyoto Osaka Fukuoka Information Infrastructure Centers in the Seven Universities in JAPAN Nagoya National Institute of Informatics (NII)

3 Brief history of the federation among the Centers 1968 69 Established as supercomputer centers for nation-wide service 1981 Connected by commercial X.25 service 1986 Dedicated interuniversity X.25 network service was started by NACSIS (predecessor of NII) Federated Identity Management ( 2004) Unified ID Online subscription to secondary centers 1988 JAIN (Japan Academic Inter- university Network) project started IP over X.25 1992 SINET, the academic Internet backbone service was started by NACSIS 2002 Operation of SuperSINET was started 2003 NAREGI (National Research Grid Initiative) project started

4 Fundamental Resources for Academic and Research Activities Education and Training / Encouraging Young Talent NAREGI (National Research Grid Initiative) NII-REO (Repository of Electronic Journals and Online Publications NII: Toward Cyber-Science Infrastructure NII: Toward Cyber-Science Infrastructure Next-generation Academic Information Infrastructure for Interuniversity Collaboration UPKI: Authentication and Authorization Platform Cyber-Science Infrastructure SINET/SuperSINET National Academic Internet Backbone GeNii (Global Environment for Networked Intellectual Information) Corporation with Industry International Collaboration

5 UPKI: concept Authentication and Authorization platform for Cyber-Science Infrastructure in Japan Targets various applications SSO of Web services Network service wireless LAN roaming, VPN, public IP phone/Web terminals Grid computing Utilization PKI

6 UPKI: project member NII SINET Headquarter Authentication and Authorization Working Group Yasuo Okabe, Kyoto University (chair) Noboru Sonehara, NII (vice chair) Yoshiaki Takai, Hokkaido University Hideaki Sone, Tohoku University Hiroyuki Sato, University of Tokyo Yasushi Hirano, Nagoya University Shinji Shimojo, Osaka University Takahiro Suzuki, Kyushu University Satoshi Matsuoka, Tokyo Institute of Technology Setsuya Kawabata, KEK

7 repository registrar Campus Public Wireless AP Certif. Prof. A Pub key Certf. user Prof. A Policy mapping Hokkaido Univ. register Authentication for campus wireless LAN PKI Campus LAN authenticatio authorization private key PKI token Bridge CA CA Mutual auth Prof. A is visiting other univ. Roaming service Mutual auth

8 UPKI: requirements Scalability up to 800 universities in Japan Centralized system will never work Federated ID management is indispensable Security against so many cyber attacks and increasing physical attacks Privacy Compliant to the law of privacy protection in Japan Enforced since April 2005. Mobility Both students and professors may visit other universities Cost National Universities has become an independent agency since 2004.

9 UPKI: basic idea Deployment of Grid/PKI middleware for national academic AA infrastructure Management of faculty members, administrative staffs and students Virtual Organizations (VO) like committees, research groups or academic societies should be supported Targets all of Educational activities like E-learning Administrative works like exchange of credits among universities Research activities like Grid computing Other networking services like WLAN roaming and a single infrastructure is by all applications AA based on Federated Identity Management is the key PKI solves some authentication issues, but not all PKI itself has many problems in deployment

10 NAREGI National Research Grid Initiative http://www.naregi.org/ collaboration projects among industry, academic sector and the government.

11 NAREGI Grid Middleware stack http://www.naregi.org/concept/index_e.html#05

12 NAREGI CA A full-fledged CA (Certificate Authority) Software for PKI Originally developed for Grid computing, but can be used for general purpose Free open source software Version 1.0.1 is available at the download site http://www.naregi.org/download/

13 Comparison among CA softwares Producut nameIssue of Certif.CRL periodic al LDAPHSMMultipl e CA Profile managem ent HW token Operat or Loggin g NAREGI CA file, bulk, WEB, LCMP OpenSSL file ××× ×××× Microsoft Certificate Server WEB, LDAP (Active Directory only) (Domain Controlle r onlu) × (Domain Controller only) × (Event logging) Entrust Authority CMP, bulk, LDAP,WEB, SCEP × available × not available some restriction

14 Case study The Consortium of Universities in Kyoto http://www.consortium.or.jp/ Consortium of 50 universities in Kyoto 3 national, 2 prefectural, 2 municipal, 43 private Most of them are in the center area of Kyoto City Activities Shared lecture rooms near JR Kyoto Shinkansen station. Class for ordinary students, evening classes and classes for graduated adults Open Web terminals, WLAN services Exchange of credits among universities in very conventional manner How academic AAI will help them?

15 UPKI: issues How various services can be provided on a single AA infrastructure Web services Grid computing Network services Existing works GridShib: Shibolleth for non-web-based applications EduRoam campus wireless roaming service architecture EGEE multi-VO support and delegation via MyProxy E-authentication by the U.S. government GPKI, LGPKI and JPKI for Japanese e-government How we learn from and how we can collaborate with?

16 Summary UPKI national academic authentication and authorization infrastructure project has just started. Conducted by NII and the information infrastructure centers in 7 universities As a basis of CSI (Cyber Science Infrastructure), the next generation of SINET/SuperSINET Actually, federated identity management is unavoidable even in a (big) university And political issues also exist We have started later, so we have get same advantage International federation/collaboration is a very important issue.

Download ppt "UPKI Inter-University Authentication and Authorization Platform for Japanese Cyber-Science Infrastructure Yasuo OKABE Academic Center for Computing and."

Similar presentations

The Access Grid Ivan R. Judson 5/25/2004.

The Access Grid Ivan R. Judson 5/25/2004.
eduroam Delegate Authentication System with Shibboleth SSO

eduroam Delegate Authentication System with Shibboleth SSO
Steps towards E-Government in Syria

Steps towards E-Government in Syria
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Lesson 1. Course Outline E-Commerce and its types, Internet and WWW Basics, Internet standards and protocols, IP addressing, Data communication on internet,

Lesson 1. Course Outline E-Commerce and its types, Internet and WWW Basics, Internet standards and protocols, IP addressing, Data communication on internet,
Agenda A world class university Why internationalization? The Global 30 Projects in Japan Nagoya University’s E-elements What’s next ?

Agenda A world class university Why internationalization? The Global 30 Projects in Japan Nagoya University’s E-elements What’s next ?
Toward Production Level Operation of Authentication System for High Performance Computing Infrastructure in Japan Eisaku Sakane and Kento Aida National.

Toward Production Level Operation of Authentication System for High Performance Computing Infrastructure in Japan Eisaku Sakane and Kento Aida National.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,

Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
2015/6/21 UPKI project update Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University.

2015/6/21 UPKI project update Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University.
Understanding Active Directory

Understanding Active Directory
China Distance Learning Activities Updates Jie An Tsinghua University CERNET Aug 27, 2002.

China Distance Learning Activities Updates Jie An Tsinghua University CERNET Aug 27, 2002.
Addressing Information Security at Heller October 16, 2013 secureHeller.

Addressing Information Security at Heller October 16, 2013 secureHeller.

Similar presentations

Ads by Google