TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Experiences with GridWay on CRO NGI infrastructure / EGEE User Forum 2009 Experiences with GridWay on CRO NGI infrastructure Emir Imamagic, Srce EGEE User.

GT 4 Security Goals & Plans Sam Meder

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Why Web services should care about grid security Taavi Hupponen, CSC.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

CGW 2009 Vine Toolkit A uniform access and portal solution to existing grid middleware services P.Dziubecki, T.Kuczynski, K.Kurowski, D.Szejnfeld, D.Tarnawczyk,

Public Key Infrastructure Ben Sangster February 23, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

ICPCA 2008 Research of architecture for digital campus LBS in Pervasive Computing Environment 1.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

OPeNDAP Hyrax Back-End Server (BES) Authentication and Authorization Patrick West

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong

HPDC 2007 / Grid Infrastructure Monitoring System Based on Nagios Grid Infrastructure Monitoring System Based on Nagios E. Imamagic, D. Dobrenic SRCE HPDC.

Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

Grid Chemistry System Architecture Overview Akylbek Zhumabayev.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.

Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.

Connect. Communicate. Collaborate AAI scenario: How AutoBAHN system will use the eduGAIN federation for Authentication and Authorization Simon Muyal,

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Globus: A Report. Introduction What is Globus? Need for Globus. Goal of Globus Approach used by Globus: –Develop High level tools and basic technologies.

Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA

INFSO-RI Enabling Grids for E-sciencE - II VOMS Attributes from Shibboleth (VASH) JRA1 All-Hands meeting Catania 8 March 2007.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Regional Nagios Emir Imamagic /SRCE EGEE’09,

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.

EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.

Trusted Organizations In the grid world one single CA usually covers a predefined geographic region or administrative domain: – Organization – Country.

A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.

18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.

2007© SWITCH SWITCHslcs the new AAI-based short-lived credential service for Grid users C.Witzig Swiss Grid Day, Berne, May 7, 2007.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.

CAISO Public Key Infrastructure: Supporting Secure ICCP Leslie DeAnda Senior Information Security Analyst, Information Security, CAISO EMS Users Group.

Tweaking the Certificate Lifecycle for the UK eScience CA

NAAS 2.0 Features and Enhancements

a middleware implementation

Emir Imamagić University Computing Centre (Srce)

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir Imamagic, Dobrisa Dobrenic, Miroslav Milinovic SRCE Miroslav Popovic FER Terena Networking Conference 2008

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Overview Motivation Short Lived Certificate Service OpenCA SLCS architecture OpenCA extensions RA application CRO NGI Future work Conclusions

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Motivation X509 certificates issues for end-users identity validation process heavy maintenance users mobility Many organizations and countries have established their own AAI

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Short-term certificate based on existing Identity Management System automatic identity validation lifetime – 1 million seconds (approx. 11 days) International Grid Trust Federation (IGTF) profile Bridge between AAIs and X509 certificates

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Croatian national academic AAI federation Distributed LDAP directories Several authentication mechanisms LDAP RADIUS web service (HTTPS/SOAP) Federation Web Service (FWS) web service interface

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI OpenCA Certificate Authority (CA) framework Open source Features web interface database backend Hardware Security Module (HSM) support

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI SLCS Architecture Register Get certificate AuthN & Get attributes AuthZ Issue certificate

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI OpenCA Extensions Public component extensions FWS-based authentication certificate request generation (FWS & RA Application) interaction with CA component extension CA component extension automatic certificate issuing SSL-based communication with Public

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI RA Application Registration Authority (RA) performs users authorization Web interface user request submission RA management interfaces Web service interface integration with public component

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI CRO NGI Croatian National Grid Infrastructure coordinated by SRCE permanent part in state budget Available for research and academia Grid middleware Globus Toolkit 2 & 4 based on X509 certificates Use case for SLCS

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Future Work IGTF accreditation Short Lived Credential Services Authentication profile Command line interface enable retrieval from grid UIs MICS implementation long-lived certificates relevant for long running applications

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Conclusions X509 certificates heavyweight for average users Organizational & national AAIs handle large number of users users are familiar with them SLCS important for wide adoption of X509-based infrastructures

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Thank You! Questions?