UVOS and VOMS differences

Slides:

Advertisements

Similar presentations

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

Advertisements

Windows Server 2003 AD 安裝設定與管理維護林寶森

Futures – Alpha Cloud Deployment and Application Management.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

VOMRS/VOMS-Admin 2.0.x 2.5.x comparison Mar 28, 2008 Middleware Security Group Meeting Tanya Levshina and Gabriele Garzoglio Computing Division, Fermilab.

SOCIAL NETWORK INFORMATION CONSOLIDATION Developers:  Klasquin Tomer  Nisimov Yaron  Rabih Erez Advisors:  Academic: Prof. Elovici Yuval  Technical:

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse 2.

® IBM Software Group © 2009 IBM Corporation Rational Publishing Engine RQM Multi Level Report Tutorial David Rennie, IBM Rational Services A/NZ

Hands-On Microsoft Windows Server 2008

Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) VOMS Installation and configuration Bouchra

CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.

Module Info Web Application and Development Digital Media Department Unit Credit Value : 4 Essential Learning time : 120 hours

ArcGIS Server and Portal for ArcGIS An Introduction to Security

SIMDAT Authentification and Autorisation Matteo Dell’Acqua ET-CTS meeting, Toulouse, May 2008.

1 What’s the difference between DocuShare 3.1 and 4.0?

Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.

1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.

Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.

Moving towards VOMS-admin Alberto Rodríguez Peón IT-PES-PS.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.

Workforce Scheduling Release 5.0 for Windows Implementation Overview OWS Development Team.

Monte-Carlo Event Database: current status Sergey Belov, JINR, Dubna.

Enigma Mutiara Sdn Bhd Computer Based Learning (CBL) HSE Procedures.

Virtual Organization Membership Service eXtension (VOX) Ian Fisk On behalf of the VOX Project Fermilab.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

ASSIGNMENT 2 Salim Malakouti. Ticketing Website  User submits tickets  Admins answer tickets or take appropriate actions.

Ákos FROHNER – DataGrid Security n° 1 Security Group TODO

VOX Project Tanya Levshina. 05/17/2004 VOX Project2 Presentation overview Introduction VOX Project VOMRS Concepts Roles Registration flow EDG VOMS Open.

National Workshop on ANSN Capacity Building IT modules OAP, Thailand 25 th – 27 th June 2013 KUNJEER Sameer B Pool of experts database and further enhancements.

Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

VO Management Tanya Levshina Computing Division, Fermilab.

Virtual Organization Management Registration Service (VOMRS) T. Levshina J. Weigand S. White Co-Authors: L. Bauerdick, G. Carcassi, I. Fisk, A. Heavey,

UNICORE and Argus integration Krzysztof Benedyczak ICM / UNICORE Security PT.

CIS Host Manager Bryce Johnston CIS 597 May 8, 2009.

Virtual Organisations and the NGS Mike Jones Research Computing Services e-Science & “The Grid” for Bio/Health Informaticians, IT January 2008.

Sample Registration - Introduction

Architecture Review 10/11/2004

Key management issues in PGP

Trust Profiling for Adaptive Trust Negotiation

Using Your Own Authentication System with ArcGIS Online

OGF PGI – EDGI Security Use Case and Requirements

Federation made simple

School Management Systems

Using E-Business Suite Attachments

Module Overview Installing and Configuring a Network Policy Server

CARA 3.10 Major New Features

Cryptography and Network Security

Single Sample Registration

VI-SEEM Data Discovery Service

Active Directory Administration

CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather.

HR Portal Team Dr. Ashraf Armoush Supervisor Ala’eddeen Awwad

Update on EDG Security (VOMS)

Auditing in SQL Server 2008 DBA-364-M

Grid Security M. Jouvin / C. Loomis (LAL-Orsay)

Community AAI with Check-In

EUDAT Site and Service Registry

Rational Publishing Engine RQM Multi Level Report Tutorial

BEMS user Manual Fundación cartif.

The OpenAthens Admin Dashboard provides a high-level snapshot of account activity and resource usage, along with shortcuts to other areas of the Admin.

Security - Forms Authentication

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

UVOS and VOMS differences Krzysztof Benedyczak ICM Warsaw University

ICM, University of Warsaw Introduction By "VOMS" I mean either VOMS-Admin or VOMS common properties (like DB schema) - depending on context. Purpose: establish a complete list of differences between VOMS and UVOS. This list will be an input for selection of critical/important/nice-to-have features which are needed in VOMS for replacing UVOS. It is much more important to know what UVOS features are not in VOMS. Feature counterparts and ideological differences must be also collected. 6/1/2018 ICM, University of Warsaw

Conceptual differences In VOMS the role is a special concept (e.g. one can assign (generic) attributes to role owners). In UVOS all attributes are "equal". VOMS uses special generic attributes. In VOMS one VO is served per server, and each user registered in VOMS is automatically member of this VO. In UVOS VO==top-level group, one server can serve multiple VOs, users can be registered in database without assignment to any of the VOs. The VOMS-Admin is managed by a WWW application. UVOS doesn't offer such (except for users registration and web authentication) but provides a sophisticated standalone GUI manager (RCP - eclipse based). UVOS and VOMS internal authorization is solved in a different way but at first it seems that possibilities offered by both solutions are similar. 6/1/2018 ICM, University of Warsaw

UVOS features not present in VOMS Notifications: UVOS administrator may configure UVOS to send (currently email) notifications when any of the management operations takes place. This is useful when multiple admins maintain the DB. UVOS supports multiple identities which can represent the same person (e.g. different certificates). UVOS supports email-type identity (note that this is not an attribute) along with password used for authentication. UVOS supports SAML Web-based authentication. This allows web portal to be very easily integrated with authentication based on UVOS. If user has email identity in UVOS this allows for logging with user & password. 6/1/2018 ICM, University of Warsaw

UVOS features not present in VOMS UVOS registration forms are quite different to what VOMS offers. TODO - what is offered by VOMS registration form? How it is managed? UVOS: administrator can configure registration form dynamically using UVOS client. Name, description, agreement. Supported identity formats including CSR (if UVOS is integrated with an on-line CA) - for tutorials/open infrastructures etc. Mandatory: primary group/VO. Possibility to apply for additional subgroup membership. and attributes (e.g. role). User must fill what the form requires and provide some additional info about herself (e.g. email, telephone). 6/1/2018 ICM, University of Warsaw

UVOS features not present in VOMS UVOS supports 3rd party SAML queries (under work in VOMS Admin) Attribute scopes: in UVOS all attributes can be group-scoped. In VOMS only the role. Attributes inheritance: in UVOS attributes assigned in subgroup are also visible in the parent group (e.g. role=admin in assigned in /users/staff is also valid in /users). TODO - describe management UI differences. Might result in several points. Possibility to access demo VOMS-Admin? 6/1/2018 ICM, University of Warsaw

UVOS features not present in VOMS UVOS can be deployed with embedded (no-config) database and with PostgeSQL and MySQL databases. Support for the two first is missing in VOMS. UVOS records all DB management events, therefore admin can check what happened. E.g. what identity removal actions were done since a given date. UVOS provides possibility to go back in time and browse (of course in read only mode) a snapshot of the database at a given point in the past. UVOS supports filtering of attributes served by SAML interface. 6/1/2018 ICM, University of Warsaw

VOMS features not present in UVOS Note: title has been changed! UVOS doesn't support AUP management (except of showing a VO agreement upon users registration). UVOS doesn't issue ACs (so what is done by VOMS, and not by VOMS- Admin). It is not possible to assign a specified attribute to all owners of other attribute. VOMS supports this for the Role attribute. 6/1/2018 ICM, University of Warsaw