Shibboleth for Non-Web-Based Applications: GridShib

Slides:

Advertisements

Similar presentations

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.

Advertisements

Federated Identity for Grid Architects Tom Scavo NCSA

© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.

GT 4 Security Goals & Plans Sam Meder

Experiences in Middleware Deployment: Teach a man to fish… Mary Fran Yafchak NMI Integration Testbed Manager SURA IT Program Coordinator.

GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

Identity Management, PKI and Grids Jill Gemmill, PhD University of Alabama at Birmingham.

EInfrastructures (Internet and Grids) - 15 April 2004 Sharing ICT Resources – Discussion of Best Practices in the U.S. Mary E. Spada Program Manager, Strategic.

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.

Knowledge Environments for Science: Representative Projects Ian Foster Argonne National Laboratory University of Chicago

Widely Distributed Access Management Tom Barton University of Chicago.

GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch

GridShib Project Update Tom Barton 1, Tim Freeman 1, Kate Keahey 1, Raj Kettimuthu 1, Tom Scavo 2, Frank Siebenlist 1, Von Welch 2 1 University of Chicago.

I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

GridShib Grid-Shibboleth Integration Von Welch, Tom Barton, Kate Keahey, Frank Siebenlist GlobusWORLD 2005.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

MyVocs and GridShib: Integrated VO Management Jill Gemmill, John-Paul Robinson University of Alabama at Birmingham Tom Scavo, Von Welch National Center.

Final Steps in the NMI Integration Testbed Program Mary Fran Yafchak SURA IT Program Coordinator NMI Integration Testbed Manager

TeraGrid VO Support and Plans for AAA Testbed Dane Skow, Deputy Director TeraGrid University of Chicago / Argonne National Laboratory Internet2 Member.

Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of.

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

GridShib and MyProxy Grid Credential Management and Identity Federation Von Welch NCSA

10/24/2015OSG at CANS1 Open Science Grid Ruth Pordes Fermilab

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.

Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, GridShib, and MyProxy Tom Barton 1, Jim Basney 2, Tim Freeman.

Authors: Ronnie Julio Cole David

GridShib: Campus/Grid RBAC Integration Penn State Grid Computing Workshop August 5th, 2005 Von Welch

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

Gridshib-tech-overview-dec051 GridShib A Technical Overview Tom Scavo NCSA.

Ruth Pordes November 2004TeraGrid GIG Site Review1 TeraGrid and Open Science Grid Ruth Pordes, Fermilab representing the Open Science.

Tools for Grid/Campus Integration: GridShib and MyProxy Internet2 Advanced Camp July 1, 2005 Von Welch

GridShib Grid-Shibboleth Integration An Overview Von Welch

GridChem Architecture Overview Rion Dooley. Presentation Outline Computational Chemistry Grid (CCG) Current Architectural Overview CCG Future Architectural.

U.S. Grid Projects and Involvement in EGEE Ian Foster Argonne National Laboratory University of Chicago EGEE-LHC Town Meeting,

Gridshib-tech-overview-apr061 GridShib A Technical Overview Tom Scavo NCSA.

Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.

An Integrated Collaboration Platform John-Paul Robinson Internet2 Member Meeting Fall 2006.

Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.

University of Illinois at Urbana-Champaign National Center for Supercomputing Applications GridShib Grid/Shibboleth Interoperability

University of Illinois at Urbana-Champaign National Center for Supercomputing Applications GridShib Grid/Shibboleth Interoperability

Dynamic Accounts: Identity Management for Site Operations Kate Keahey R. Ananthakrishnan, T. Freeman, R. Madduri, F. Siebenlist.

Security in Research Computing John Sandefur UAB Comprehensive Cancer Center John-Paul Robinson UAB Research Computing.

2NCSA/University of Illinois

Von Welch Emerging NCSA Security R&D NSF CyberSecurity Summit September 28th, 2004 Von Welch

I2/NMI Update: Signet, Grouper, & GridShib

Shibboleth Project at GSU

TeraGrid Plans for Authentication and Authorization Testbed

NMI Testbed GRID Utility for Virtual Organization

NSF Middleware Initiative: GridShib

Open Source Web Initial Sign-On Packages

GridShib: Grid/Shibboleth Integration Update GGF 18 Shibboleth Developers BoF September 10-11, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey,

OGCE Portal Applications for Grid Computing

TeraGrid 08 The Third Annual TeraGrid Conference

TeraGrid 08 Tom Scavo, Jim Basney , Terry Fleury, Von Welch

Supporting Institutions Towards a Shibbolized Infrastructure

A Grid Authorization Model for Science Gateways

TeraGrid Identity Federation Testbed Update I2MM April 25, 2007

Status of Grids for HEP and HENP

The JISC Core Middleware Call

NSF Middleware Initiative: GridShib

Presentation transcript:

Shibboleth for Non-Web-Based Applications: GridShib Tom Barton University of Chicago

NSF Middleware Initiative (NMI) Grant: Policy Controlled Attribute Framework What: shibbolize NMI Grids Participants Von Welch, UIUC/NCSA (PI) Kate Keahey, UChicago/Argonne (PI) Frank Siebenlist, Argonne Tom Barton, UChicago 2 years starting December 1, 2004 We call it “GridShib” I2MM Fall 2004

Why? Critical mass of grid deployments could use it Large grid, far-flung participants, several types of roles among them Examples: NEESgrid, Earth System Grid, TeraGrid, Grid3 (GriPhyN, iVDGL, and PPDG) Centralized access to campus grid resources for research computing Examples: UChicago, USC, UAB I2MM Fall 2004

Why? Values of integrating common infrastructure with Virtual Organizations are similar to Enterprise case I2MM Fall 2004

Time is finally right Shibboleth & SAML have shown how to Authorize the anonymous user Extend integration of common infrastructure across administrative and operational domains Sufficiently abstracted security related interfaces provided by NMI Grid componentry Others are trying non-web-based shibbolization approaches roughly analogous to what we envision Plug: all code elements above are NMI components. We’re building on work of many people over 3+ years. I2MM Fall 2004

Grid-Shib integration essentials Design principles No modification to typical grid client applications No change to shibboleth’s model of administrative and end-user maintenance of attribute release policies Leverage high-quality campus Identity Provider operations Accommodations for Grid shibbolization Identity Provider Discovery (pull models) Basic sequence of events (push models) Use of an identifer in X.509 cert as a subject handle for use by the Attribute Authority I2MM Fall 2004

Basic integration: user identified, attributes pulled I2MM Fall 2004

Advanced integration example: pseudonymous push I2MM Fall 2004

Project activities Gather use cases and requirements Extend and test Globus Toolkit, GridLogon, and Shibboleth Attribute Authority to enable 4 modes of operation User identified, attributes pulled User identified, attributes pushed User pseudonymous, attributes pulled User pseudonymous, attributes pushed I2MM Fall 2004

Timeline December 1, 2004: formal start Year 1 Year 2 Basic integration: code supporting pull model with user identified Year 2 Advanced integration: code supporting push and user pseudonymity I2MM Fall 2004

Loose ends Use of VO-operated AA vs. one embedded within an Enterprise’s Identity Provider operation May be some use cases in which this is sufficient or desirable We don’t address the problem of how to manage the attributes needed by grid resources, just how to transport them I2MM Fall 2004