NSF Middleware Initiative: GridShib

Slides:



Advertisements
Similar presentations
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Advertisements

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.
Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
Federated Identity for Grid Architects Tom Scavo NCSA
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
GT 4 Security Goals & Plans Sam Meder
GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Identity Management, PKI and Grids Jill Gemmill, PhD University of Alabama at Birmingham.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
Knowledge Environments for Science: Representative Projects Ian Foster Argonne National Laboratory University of Chicago
Widely Distributed Access Management Tom Barton University of Chicago.
GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch
GridShib Project Update Tom Barton 1, Tim Freeman 1, Kate Keahey 1, Raj Kettimuthu 1, Tom Scavo 2, Frank Siebenlist 1, Von Welch 2 1 University of Chicago.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
GridShib Grid-Shibboleth Integration Von Welch, Tom Barton, Kate Keahey, Frank Siebenlist GlobusWORLD 2005.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
MyVocs and GridShib: Integrated VO Management Jill Gemmill, John-Paul Robinson University of Alabama at Birmingham Tom Scavo, Von Welch National Center.
Final Steps in the NMI Integration Testbed Program Mary Fran Yafchak SURA IT Program Coordinator NMI Integration Testbed Manager
TeraGrid VO Support and Plans for AAA Testbed Dane Skow, Deputy Director TeraGrid University of Chicago / Argonne National Laboratory Internet2 Member.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
GridShib and MyProxy Grid Credential Management and Identity Federation Von Welch NCSA
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.
JISC Middleware Security Workshop 20/10/05© 2005 University of Kent.1 The PERMIS Authorisation Infrastructure David Chadwick
Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, GridShib, and MyProxy Tom Barton 1, Jim Basney 2, Tim Freeman.
GridShib: Campus/Grid RBAC Integration Penn State Grid Computing Workshop August 5th, 2005 Von Welch
Grid Security: Authentication Most Grids rely on a Public Key Infrastructure system for issuing credentials. Users are issued long term public and private.
OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland
GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.
Gridshib-tech-overview-dec051 GridShib A Technical Overview Tom Scavo NCSA.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
Tools for Grid/Campus Integration: GridShib and MyProxy Internet2 Advanced Camp July 1, 2005 Von Welch
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
GridShib Grid-Shibboleth Integration An Overview Von Welch
NRENs, Grids and Integrated AAI In Search For the Utopian Solution Christos Kanellopoulos AUTH/GRNET October 17 th, 2005 skanct at physics.auth.gr 2nd.
More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago.
Gridshib-tech-overview-apr061 GridShib A Technical Overview Tom Scavo NCSA.
Adding Distributed Trust Management to Shibboleth Srinivasan Iyer Sai Chaitanya.
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
University of Illinois at Urbana-Champaign National Center for Supercomputing Applications GridShib Grid/Shibboleth Interoperability
University of Illinois at Urbana-Champaign National Center for Supercomputing Applications GridShib Grid/Shibboleth Interoperability
2NCSA/University of Illinois
Von Welch Emerging NCSA Security R&D NSF CyberSecurity Summit September 28th, 2004 Von Welch
I2/NMI Update: Signet, Grouper, & GridShib
TeraGrid Plans for Authentication and Authorization Testbed
Security for Open Science
Adding Distributed Trust Management to Shibboleth
The New Virtual Organization Membership Service (VOMS)
NMI Testbed GRID Utility for Virtual Organization
Shibboleth for Non-Web-Based Applications: GridShib
Open Source Web Initial Sign-On Packages
GridShib: Grid/Shibboleth Integration Update GGF 18 Shibboleth Developers BoF September 10-11, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey,
TeraGrid 08 The Third Annual TeraGrid Conference
Guests and Collaborators
TeraGrid 08 Tom Scavo, Jim Basney , Terry Fleury, Von Welch
A Grid Authorization Model for Science Gateways
TeraGrid Identity Federation Testbed Update I2MM April 25, 2007
Status of Grids for HEP and HENP
The JISC Core Middleware Call
NSF Middleware Initiative: GridShib
Presentation transcript:

NSF Middleware Initiative: GridShib Tom Barton University of Chicago

NSF Middleware Initiative (NMI) Grant: Policy Controlled Attribute Framework What: shibbolize NMI Grids We call it “GridShib” Participants Von Welch, UIUC/NCSA (PI) Kate Keahey, UChicago/Argonne (PI) Frank Siebenlist, Argonne Tom Barton, UChicago 2 years starting December 1, 2004 Coordination already established with related JISC-funded project at Oxford I2MM Fall 2004

Critical mass of impending need Two types of grid use cases: Large grid, far-flung participants, several types of roles among them Examples: NEESgrid, Earth System Grid, TeraGrid, Grid3 (GriPhyN, iVDGL, and PPDG) Grid-mapfile approach doesn’t scale Centralized access to campus grid resources for research computing Examples: UChicago, USC, UAB I2MM Fall 2004

Enterprise middleware value proposition fits VOs too Leverage Identity Provider operations at participants’ home organizations rather than duplicate Identity Provider activities within each Virtual Organization Participants use familiar home-issued credentials Ease resource provider’s burden by removing need to act as an Identity Provider too Overall security & auditability is improved by locating these support functions with IT staff tasked specifically for such purposes I2MM Fall 2004

Time is finally right Others are now trying non-browser-based shibbolization approaches roughly analogous to what we envision Shibboleth & SAML have shown how to authorize the anonymous user Sufficiently abstracted security related interfaces & services provided by NMI Grid componentry Plug: all code elements in prospective solution are NMI components. We’re building on work of many people over 3+ years. I2MM Fall 2004

Grid-Shib integration essentials Design principles No modification to typical grid client applications No change to shibboleth’s model of administrative and end-user maintenance of attribute release policies Leverage high-quality campus Identity Provider operations Accommodations for Grid shibbolization Identity Provider Discovery (pull models) Basic sequence of events (push models) Use of an identifer in X.509 certificate as a subject handle for use by the Attribute Authority I2MM Fall 2004

Project activities Gather use cases and requirements Extend and test Globus Toolkit, GridLogon, and Shibboleth Attribute Authority to enable 4 modes of operation User identified, attributes pulled User identified, attributes pushed User pseudonymous, attributes pulled User pseudonymous, attributes pushed I2MM Fall 2004

Highlighted elements of potential solution Globus Toolkit 4.0’s support of WSRF (Web Services Resource Framework) Transportable End Point References, used to identify Attribute Authority and grid resource to each other GridLogon extensions Itself an extension of MyProxy Integrate with local authentication service Cryptographically bind identified & anonymous X.509 certificate pairs I2MM Fall 2004

User pseudonymous, attributes pulled I2MM Fall 2004

Timeline December 1, 2004: formal start Year 1 Year 2 Basic integration: code supporting pull model with user identified Year 2 Advanced integration: code supporting push and user pseudonymity I2MM Fall 2004

Bigger picture proposition Middleware value proposition applies to common infrastructure enabling run-time VO security services … Identity management systems Authentication services & certificate authorities Attribute services like the Shibboleth Attribute Authority … and potentially to common infrastructure for managing VO privileges & groups VOMS CAS Permis Signet Grouper I2MM Fall 2004

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.