Presentation is loading. Please wait.

Presentation is loading. Please wait.

GWS-WG agenda and meeting goals Agenda Summary of reference implementations VOStore progress VOStore issues and plans –How to reconcile VOStore and VOSpace?

Published byEdith Montgomery Modified over 8 years ago

Similar presentations

Presentation on theme: "GWS-WG agenda and meeting goals Agenda Summary of reference implementations VOStore progress VOStore issues and plans –How to reconcile VOStore and VOSpace?"— Presentation transcript:

1 GWS-WG agenda and meeting goals Agenda Summary of reference implementations VOStore progress VOStore issues and plans –How to reconcile VOStore and VOSpace? –Does the DIME attachment method really work? VO basic profile Security progress –NVO progress (M. Graham: presentation) –EuroVO progressEuroVO Security issues –Updated thoughts on certificate authorities –How to encode group attributes? –Details of delegation interface. –What community services do we need? Presentation: Italian work with Grid Universal Worker Service: needed by other groups? –Theory group –NVO/opticon s/w environment

2 Reference implementations VOSI –Caltech –JHU? –(AstroGrid) VOStore –AstroGrid –Caltech –ESO –JHU SSO –JHU –NCSA (including community services) –ESO –AstroGrid Any others?

3 VOStore/VOSpace issue Original plan: VOStore in 2005; VOSpace later –=> independently accessible VOStore –=> more function in VOStore than needed with VOSpace –=> allows v1.0 PR ~ December 2005 Do we still want to do this? –Could we delay VOStore to wait for VOSpace? How much function does VOStore need to be independent? –How to handle naming of files? –Can we handle file sharing? –Can we handle groups?

4 VOStore DIME issue VOStore v0.18 says DIME is mandatory DIME implementations suck DIME is obsolete anyway (c.f. MTOM) Do we want to keep DIME in VOStore? If not, what replaces it?

5 Security components Community services Credential cache Client application A SOAP Service MyProxySAML LocalProxy Digital Signature Delegation Another SOAP Service Delegation An HTTPS service TLS

6 Security issues: group attributes Several ways to encode “user x belongs to group y”: –SAML attributes in SOAP header (“push”) –SAML authority service in community (“pull”) –SAML in user id certificate (“push”) –Extra attribute certificates (“push” or “pull”) –Any others? Which? Can we defer the decision until SSO v2?

7 Security issues: community services What services are to be IVOA standard? MyProxy SAML? Standard sign-on service? –UI, so need not be fully standard

8 Security issues: CAs EuroVO CA ESA CA Sign VO service ESA user Grid service Grid CA Sign VO service ESA user Grid service

9 Security issues: delegation Need delegation interface on SOAP services. –Delegating client signs proxy credential for service receiving delegation –One SOAP method to get unsigned credential –Another SOAP method to send signed credential –Precedes secured method(s) –OK? Similar with HTTPS –OK?

Download ppt "GWS-WG agenda and meeting goals Agenda Summary of reference implementations VOStore progress VOStore issues and plans –How to reconcile VOStore and VOSpace?"

Similar presentations

A PPARC funded project Single Sign-On Proposal Guy Rixon IVOA Interoperability Meeting Cambridge MA, May 2004.

A PPARC funded project Single Sign-On Proposal Guy Rixon IVOA Interoperability Meeting Cambridge MA, May 2004.
GWS-WG results, Victoria Interop, May 2006 Slide 1 GWS-WG results IVOA Interop meeting, Victoria BC, May 2006.

GWS-WG results, Victoria Interop, May 2006 Slide 1 GWS-WG results IVOA Interop meeting, Victoria BC, May 2006.
IVOA Interop, May 2006 Slide 1 GWS-WG agenda and goals.

IVOA Interop, May 2006 Slide 1 GWS-WG agenda and goals.
Single sign-on authentication: introduction GWS-WG session, IVOA interop meeting, Kyoto, May 2005 Guy Rixon.

Single sign-on authentication: introduction GWS-WG session, IVOA interop meeting, Kyoto, May 2005 Guy Rixon.
GWS Status Recommendations: –None since Cambridge Proposed Recommendations: –None since Cambridge Working Drafts: –VOSpace 1.1* Internal Drafts: –VO-WS-Basic.

GWS Status Recommendations: –None since Cambridge Proposed Recommendations: –None since Cambridge Working Drafts: –VOSpace 1.1* Internal Drafts: –VO-WS-Basic.
22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.

22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.
VOStore meetings, 2005-03-07 Slide 1 Ticket-based access control for VOStore? Guy Rixon March 2005.

VOStore meetings, Slide 1 Ticket-based access control for VOStore? Guy Rixon March 2005.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
September 13, 2004NVO Summer School1 VO Protocols Overview Tom McGlynn NASA/GSFC T HE US N ATIONAL V IRTUAL O BSERVATORY.

September 13, 2004NVO Summer School1 VO Protocols Overview Tom McGlynn NASA/GSFC T HE US N ATIONAL V IRTUAL O BSERVATORY.
Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
A Public Web Services Security Framework Based on Current and Future Usage Scenarios J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software.

A Public Web Services Security Framework Based on Current and Future Usage Scenarios J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software.
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
It’s not about security... it’s about access! Grid Security Pieter van Beek.

It’s not about security... it’s about access! Grid Security Pieter van Beek.
Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Similar presentations

Ads by Google