Presentation is loading. Please wait.

Presentation is loading. Please wait.

Discussions on the Life Ray Portal and credential management David Groep, Oct 11 th, 2011.

Published byJocelin Warner Modified over 8 years ago

Similar presentations

Presentation on theme: "Discussions on the Life Ray Portal and credential management David Groep, Oct 11 th, 2011."— Presentation transcript:

1 Discussions on the Life Ray Portal and credential management David Groep, Oct 11 th, 2011

2 TAGPMA 13 and OGF32 – Jul 2011 - 2 David Groep – davidg@eugridpma.org

3 TAGPMA 13 and OGF32 – Jul 2011 - 3 David Groep – davidg@eugridpma.org

4 TAGPMA 13 and OGF32 – Jul 2011 - 4 David Groep – davidg@eugridpma.org

5 TAGPMA 13 and OGF32 – Jul 2011 - 5 David Groep – davidg@eugridpma.org

6 TAGPMA 13 and OGF32 – Jul 2011 - 6 David Groep – davidg@eugridpma.org

7 TAGPMA 13 and OGF32 – Jul 2011 - 7 David Groep – davidg@eugridpma.org

8 TAGPMA 13 and OGF32 – Jul 2011 - 8 David Groep – davidg@eugridpma.org

9 TAGPMA 13 and OGF32 – Jul 2011 - 9 David Groep – davidg@eugridpma.org Separation of security functions

10 TAGPMA 13 and OGF32 – Jul 2011 - 10 David Groep – davidg@eugridpma.org

11 TAGPMA 13 and OGF32 – Jul 2011 - 11 David Groep – davidg@eugridpma.org EUGridPMA discussion  Separation of functions  thin portal: all credential management on dedicated box  may combine bridge, MyProxy and Uploader on 1 box  Quality of IdM is governed by MICS acceptability  i.e. must be of comparable LoA as TCS Personal  including eligibility requirements  Make sure superfluous keypairs are removed  only the proxy is needed, just like in the uploader case  remove MICS keypair when proxy generation completes  Portal security box acts like a UI to the user  only on explicit request of user & under user control  covered under PKP Guidelines – seems similar to the common ‘remote UI’ use case

12 TAGPMA 13 and OGF32 – Jul 2011 - 12 David Groep – davidg@eugridpma.org Proliferation  Aim to have a limited number of credential management systems, for potentially many portals. But initially one for Italy  Leverage existing MICS CAs as far as possible  no new CA for each portal or portal instance  aim to leverage TERENA TCS eScience Personal  but policy compatibility should still be understood  acceptability of portal instance comes down to CA, i.e. not revoking the certs  it is the MICS CA policy that must be satisfied  PMA only looks at CAs (not at the portals, please)

13 TAGPMA 13 and OGF32 – Jul 2011 - 13 David Groep – davidg@eugridpma.org Next steps  Updated design white paper will reflect changes  Prototype will be developed and demonstrated at later date to appropriate PMAs  Roberto C (and TCS PMA ;-) to study compatibility with TCS Personal Should be a significant step towards better usability!

Download ppt "Discussions on the Life Ray Portal and credential management David Groep, Oct 11 th, 2011."

Similar presentations

INFN CA1 active since July 1998 manager: –Roberto Cecchini types of certificates released: –personal –server –object signing.

INFN CA1 active since July manager: –Roberto Cecchini types of certificates released: –personal –server –object signing.
Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer

Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Portals and Authentication Issues and Solution Directions from a CA and IGTF Perspective David.

INFSO-RI Enabling Grids for E-sciencE Portals and Authentication Issues and Solution Directions from a CA and IGTF Perspective David.
4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp://www.apgridpma.org/meetings/index.html Call for note takers!

4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp:// Call for note takers!
Bridging the Usability Gap New models for secure and usable authentication APGridPMA Plenary Meeting Taipei, 8 March 2010.

Bridging the Usability Gap New models for secure and usable authentication APGridPMA Plenary Meeting Taipei, 8 March 2010.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Policy Issues for Identity Management (and other attributes) EGI Technical.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Policy Issues for Identity Management (and other attributes) EGI Technical.
CVE-2008-0166, lessons learned and actions David Groep, Nov 7 nd, 2008.

CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.
The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin

The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin
Updates from the EUGridPMA David Groep, Apr 20 th, 2009.

Updates from the EUGridPMA David Groep, Apr 20 th, 2009.
Updates from the EUGridPMA David Groep, Oct 11 th, 2011.

Updates from the EUGridPMA David Groep, Oct 11 th, 2011.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
© 2006 Open Grid Forum Some Thoughts on IDEL OGF37, Charlottesville, VA, US David Groep, Nikhef based also on work by Willem van Engen en Mischa Salle.

© 2006 Open Grid Forum Some Thoughts on IDEL OGF37, Charlottesville, VA, US David Groep, Nikhef based also on work by Willem van Engen en Mischa Salle.
Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.

Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.
Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA
Large-scale issuing of host certs in a member-integrated or institutional CA environment.

Large-scale issuing of host certs in a member-integrated or institutional CA environment.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
The CA Distribution Process David Groep, July 2007.

The CA Distribution Process David Groep, July 2007.

Similar presentations

Ads by Google