Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay OSG Security Officer.

Published byJean Adams Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay OSG Security Officer."— Presentation transcript:

1 Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay OSG Security Officer Fermilab maltunay@fnal.gov

2 June, 2011 CERN ID Management Workshop Current Status of Identity Management in OSG OSG uses IGTF accredited CAs + 2 TeraGrid CAs Mainly uses DOEGrids CA for issuing personal and service certificates OSG does not run its own CA.  Runs a Registration Authority for handling requests.  Certificates are issued by DOEGrids CA 3-5 day approval period per certificate

3 June, 2011 CERN ID Management Workshop Challenges, Needs Desires:  Accelerating the approval/renewal period  Strong desire to use Federation-enabled CAs (CILogon); leveraging existing university identities  Easing user experience, enabling SAML tokens when appropriate 3

4 June, 2011 CERN ID Management Workshop InCommon and Educational Identity Providers in the US InCommon is the largest identity federation for educational institutions in the USA. (see Jim Basney’s talk)  Spans DOE National Labs, over 200 major universities, NSF, NIH, and so on InCommon has different levels of assurances for Identity Providers: Bronze, Silver, and Basic (http://www.incommon.org/assurance/) 4

5 June, 2011 CERN ID Management Workshop Challenges Challenges:  There are no InCommon Identity Providers who are accredited at Silver or Bronze level; equiv to IGTF levels.  All IdPs operate at Basic level.  CILogon CA serves InCommon IdPs  Two flavors of CILogon CA: CILogon Silver CA serves InCommon Silver IdPs; CILogon Basic serves all IdPs.  Expectation is InCommon members will get their accreditations individually, but requirements are heavy and adoption is slow. 5

6 June, 2011 CERN ID Management Workshop Future Directions  How can we find a common ground between InCommon Basic IdP and IGTF identity vetting requirements?  Normally falls under IGTF SLCS profile with requirements for identity vetting  Can we create a new TAGPMA profile that does not require stringent identity vetting at the certificate issuance from Basic IdPs?  Equivalent to NIST LoA1.  Certificates does not have to match user’s legal name  User vetting and authorization happens at VO registration 6

7 June, 2011 CERN ID Management Workshop Not all the VOs can comply, but LHC VOs already applies stringent identity checks at VO registration step. (Double identity vetting) For example, CMS VO checks  CERN id number  Birthdate  Supervisor approval  And then adds the certificate into VOMS There is existing work in IGTF for VO registration guidelines What about allowing CILogon Basic CA for VOs who operate and comply with IGTF VO requirements? 7

8 June, 2011 CERN ID Management Workshop Future Directions OSG is joining InCommon as a member entity. While waiting to leverage existing University IdPs, OSG may  Run its own IdP as an InCommon member, OR  Leverage Identities given out by major US institutions Fermilab and BNL.  Fermi and BNL plan on running a Shibboleth IdP  We can integrate these IdPs with a Federation-CA such as CILogon  Will need IdP accreditation 8

Download ppt "Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay OSG Security Officer."

Similar presentations

EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.
Going for the Silver Winter 2010 CSG January 13, 2010.

Going for the Silver Winter 2010 CSG January 13, 2010.
Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.

Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.
OSG PKI RA Training Mine Altunay, Jim Basney OSG PKI Team October 1, 2012.

OSG PKI RA Training Mine Altunay, Jim Basney OSG PKI Team October 1, 2012.
Case Studies in Identity Management for Scientific Collaboration 2014 Technology Exchange Jim Basney CILogon This material is.

Case Studies in Identity Management for Scientific Collaboration 2014 Technology Exchange Jim Basney CILogon This material is.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/02/2014.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/02/2014.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006 www.opensciencegrid.org.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April
OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Federated Identity for Scientific Collaborations: Policy Issues Jim Basney 2 nd Workshop on Federated Identity Systems for Scientific.

Federated Identity for Scientific Collaborations: Policy Issues Jim Basney 2 nd Workshop on Federated Identity Systems for Scientific.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Policy Issues for Identity Management (and other attributes) EGI Technical.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Policy Issues for Identity Management (and other attributes) EGI Technical.
2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.

2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.
Mary Dunker Common Solutions Group January 12, 2010.

Mary Dunker Common Solutions Group January 12, 2010.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.

Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 01/29/2014.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 01/29/2014.
GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch

GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation

Similar presentations

Ads by Google