The Roadmap of NAREGI Security Services Masataka Kanamori NAREGI WP5 2005.4.20

Slides:



Advertisements
Similar presentations
UPKI Inter-University Authentication and Authorization Platform for Japanese Cyber-Science Infrastructure Yasuo OKABE Academic Center for Computing and.
Advertisements

Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.
GT 4 Security Goals & Plans Sam Meder
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Toward Production Level Operation of Authentication System for High Performance Computing Infrastructure in Japan Eisaku Sakane and Kento Aida National.
Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,
Authz work in GGF David Chadwick
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
2015/6/21 UPKI project update Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University.
DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
LinuxUNIX Red HatSUSECentOSUbuntuDebianOracleAIXHP-UXSolaris Configuration Manager * * * * * * Endpoint Protection No Plans.
Grid security in NAREGI project NAREGI the Japanese national science grid project is doing research and development of grid middleware to create e- Science.
Grid security in NAREGI project July 19, 2006 National Institute of Informatics, Japan Shinichi Mineo APAN Grid-Middleware Workshop 2006.
FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)
NAREGI WP4 (Data Grid Environment) Hideo Matsuda Osaka University.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
NAREGI CA Updates Kento Aida NAREGI CA/NII Kento Aida, National Institute of Informatics APGrid PMA meeting 04/20/2008.
1 Grid Security. 2 Grid Security Concerns Control access to shared services –Address autonomous management, e.g., different policy in different work groups.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
Mar 28, 20071/9 VO Services Project Gabriele Garzoglio The VO Services Project Don Petravick for Gabriele Garzoglio Computing Division, Fermilab ISGC 2007.
Introduction of NAREGI-CA National Institute of Informatics JAPAN Toshiyuki Kataoka, July 19, 2006 APAN Grid-Middleware Workshop, Singapore.
Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
OGSA Security Roadmap Discussion GGF5 – 7/24/02. Outline l Introduction l Architecture Goal l Roadmap Goal l Proposed Specs l Challenges l Next Steps.
Andrew McNab - GridSite/EDG/GGF - 29 Sept 2003 GridSite, EDG and GGF Andrew McNab, University of Manchester
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.
Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.
1 UPKI-Federation based on Shibboleth National Institute of Informatics Motonori Nakamura Toshiyuki Kataoka, Kyoto University Yasuo Okabe.
Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.
WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.
DGC Paris WP2 Summary of Discussions and Plans Peter Z. Kunszt And the WP2 team.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
KEK GRID CA updates Takashi Sasaki Computing Research Center KEK.
2-Sep-02D.P.Kelsey, WP6 CA, Budapest1 WP6 CA report Budapest 2 Sep 2002 David Kelsey CLRC/RAL, UK
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Andrew McNabGESA/Authz, GGF9, 7 Oct 2003Slide 1 Authorization status Andrew McNab High Energy Physics University of Manchester
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly
0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
Gilda certificates. Certification Authority
Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.
Certificate Security For Users Obtaining and Using Your Personal Certificate using the OSG PKI Kyle Gross – OSG Operations Support Lead Elizabeth Prout.
NAREGI PSE with ACS S.Kawata 1, H.Usami 2, M.Yamada 3, Y.Miyahara 3, Y.Hayase 4 1 Utsunomiya University 2 National Institute of Informatics 3 FUJITSU Limited.
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
Sprint Demo Meeting Álvaro Alonso and Federico Fernández UPM – DIT Security Chapter. FIWARE.
New open source CA development as Grid research platform.
OGF PGI – EDGI Security Use Case and Requirements
The Open Grid Service Architecture (OGSA) Standard for Grid Computing
NAREGI-CA Development of NAREGI-CA NAREGI-CA Software CP/CPS Audit
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Organized by governmental sector (National Institute of information )
University of Virginia, USA GGF9, Chicago, Illinois, US
Update on EDG Security (VOMS)
What’s changed in the Shibboleth 1.2 Origin
Public Key Infrastructure from the Most Trusted Name in e-Security
Overview and Development Plans
The GENIUS Security Services
Web Service Security support in the SSE Toolbox
Presentation transcript:

The Roadmap of NAREGI Security Services Masataka Kanamori NAREGI WP

2 NAREGI WPs WP6 : Grid-Enabled Apps WP3 : Grid PSE WP3 : Grid Workflow WP1 : SuperSchedul er WP1 : Distributed Information Service WP2 : Grid Programmin g - Grid RPC - Grid MPI WP3 : Grid Visualization WP1 : Grid VM ( Globus,Condor,UNICORE  OGSA) WP5 : High-Performance & Secure Grid Networking WP4 : Packaging

3 NAREGI WP5 WP6 : Grid-Enabled Apps WP3 : Grid PSE WP3 : Grid Workflow WP1 : SuperSchedul er WP1 : Distributed Information Service WP2 : Grid Programmin g - Grid RPC - Grid MPI WP3 : Grid Visualization WP1 : Grid VM ( Globus,Condor,UNICORE  OGSA) WP4 : Packaging WP5 : NetworkPKI

4 Security Services Architecture Privacy Services Authorization Services Trust Services Attribute Services Audit/Source- Logging Services Credential Validation Services Bridge/ Translation Services AuthenticationIdentity Mapping Credential Conversion VO Policy The Open Grid Services Architecture, Version 1.0 Hypothetical OGSA version 2.0 documents schedule Security Services :WG draft publication GGF17(’06/6)

5 Roadmap for NAREGI Security Services (NSS) AuthenticationNAREGI- CA V1.0 NAREGI- CA V1.1 NAREGI- CA V2.0 NAREGI- CA V2.1 Credential Conversion for UNICORE-Globus cooperation MyProxy+ CP/CPS+ Extended BD&DV DP ID MappingFS BD*DV&DP* VO ManagementFSBD&DVDP Bridge/Translation ServicesFSBD*DV&DP* Credential Validation ServicesFSBD*DV&DP* Trust ServicesFS&BDBD&DVDV&DP Authorization ServicesFSBD*DV&DP* Attribute ServicesFSBD*DV&DP* Audit/Source-Logging Services Forensic- FS Forensic- BD Forensic- DV Forensic- DP Privacy ServicesFSBD*DV&DP* FS :Feasibility Study, BD :Basic Design, DV :Development, DP :Deployment Core Functions OGSA Security Services Note: `*` means ‘subject to FS’

6 Authentication : NAREGI - CA NAS(NAREGI AUTHENTICATION SERVICE) Network Infrastructure AICA ( existing Certificate Authority Free Software ) LCMP RA: Registration Functions CP/CPS Auth. Policy ( single domain) Auth. Policy Extension (multi-domains) Command User Interface Web User Interface Web Service Interface VO management cooperation functions Development in 2004 After 2005Development in 2003 AuditPMA XKMS

7 Authorization assertion Authentication Authority XKMS Authentication & Authorization Service Credential X.509 Cert Policy enforcement point SAML extension in XACML Policy decision point XACML ① Service Request ② ④ VO Info ⑤⑥ ⑦ ⑧ MMJFS etc. Validate Request Reply Policy information point ③ NAREGI-CA WS-based NSS in the future

8 NAREGI CA (CD package) ontentsContents – README (Overview, install, etc..) – LICENSE – Release NOTE – naregi-ca-1.0.tar.gz Source files Source files CP/CPS, Administrator Guide, etc.. CP/CPS, Administrator Guide, etc.. – naregi-project naregi_pre.pdf (about NAREGI) naregi_pre.pdf (about NAREGI) wp5_pre.pdf (about NAREGI Work Package 5) wp5_pre.pdf (about NAREGI Work Package 5) Contact: (about CD package) (NAREGI WP5 ML) Useful Link –

NAREGI Testbed

10 Super SINET Super SINET: Src:

11 NAREGI Grid Network AIST Kyushu tech Univ. NAREGI Grid Network Kyushu Univ. IMS Tokyo tech Univ. Osaka Univ. connected will be connected NIINAREGI NAREGI NII Cluster NAREGI IMS Cluster

12 NAREGI Grid Network ( in the future ) AIST Kyushu tech Univ. NAREGI Grid Network Kyushu Univ. IMS Tokyo tech Univ. Osaka Univ. connected will be connected NIINAREGI NAREGI NII Cluster NAREGI IMS Cluster Universities Grid Network Hokkaido Univ. Tohoku Univ. Tokyo Univ. Nagoya Univ. Doshisha Univ. Kyoto Univ. Kyushu Univ. Osaka Univ.

13

14 Features of NAREGI CA separates CA server and RA (web enroll). Nobody can access a CA server directly from the Net. –OpenCA is not separated can use a license ID for OneTime authentication. provides two types of interfaces –command-based –web-based.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.