Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.

Slides:

Advertisements

Similar presentations

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

Advertisements

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

GT 4 Security Goals & Plans Sam Meder

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

User Registration. Click on ‘Sign Up’ button. Enter Registration details and click on submit button.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Inter-Institutional Registration UNC Cause December 4, 2007.

PEER-TO-PEER Is a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures,

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Lecture 23 Internet Authentication Applications

ESnet Workshop October Current Research Directions in Collaboration Tools Deb Agarwal Lawrence Berkeley National Laboratory.

Grid Security. Typical Grid Scenario Users Resources.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

 Introduction Originally developed by Open Software Foundation (OSF), which is now called The Open Group ( Provides a set of tools and.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

X.509 support in WCF Exploring support for X.509 Certificates in Microsoft’s Windows Communication Foundation Paul Cormier UCCS CS591 Fall 2009.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

UNICORE UNiform Interface to COmputing REsources Olga Alexandrova, TITE 3 Daniela Grudinschi, TITE 3.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

APACHE SERVER By Innovationframes.com »

Installing Samba Vicki Insixiengmay Jonathan Krieger.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Working with Workgroups and Domains

CECS 474 Computer Network Interoperability Notes for Douglas E. Comer, Computer Networks and Internets (5 th Edition) Tracy Bradley Maples, Ph.D. Computer.

OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Digital Object Architecture

SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

PowerPoint Lesson 10 Sharing and Delivering Presentations Microsoft Office 2010 Advanced Cable / Morrison 1.

PostalOne! / FAST Data Exchange - Vision 02/15/05.

Kerberos: An Authentication Service for Open Network Systems Jennifer G. Steiner Clifford Neuman Jeffrey I. Schiller.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

Module 9: Fundamentals of Securing Network Communication.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

1 caGrid Security Overview Mark Grand Senior Engineer caGrid Knowledge Center February 7, 2011.

Security in Skype Prepared by Prithula Dhungel. Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Internet2 Fall Meeting1 Ad Hoc Collaboration: Technology, Applications, and Security Samir Chatterjee, Ph.D Claremont Graduate University Internet2 Fall.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Fermilab CA Infrastructure EDG CA Managers Mtg June 13, 2003.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Web Services Security Patterns Alex Mackman CM Group Ltd

Security Solutions Rachana Ananthakrishnan University of Chicago.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

External Messaging Services. Page 2 External Messaging: Extends the power of Presence and Instant Messaging outside corporate Network Provided only to.

The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.

December 14, 2000Securely Available Credentails (SACRED) - Framework Draft 1 Securely Available Credentials (SACRED) Protocol Framework, Draft Specification.

Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell 2/18/2011.

Netprog: Chat1 Chat Issues and Ideas for Service Design Refs: RFC 1459 (IRC)

The Trusted Network · · · LEFIS PKI · · · 2 nd June, 2006 · Sofia by Leonardo Catalinas · May 2006

Maryknoll Wireless Network Access Steps for Windows 7 As of Aug 20, 2012.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Pertemuan #8 Key Management Kuliah Pengaman Jaringan.

Security for Open Science

THE STEPS TO MANAGE THE GRID

NAAS 2.0 Features and Enhancements

SharePoint services Provides team collaboration through SharePoint Sites and makes it easy for communities to work together on documents, tasks, contacts,

Presentation transcript:

Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall Meeting, 2004

Internet2 Fall Meeting Context Developing and supporting collaboration tools for use by distributed science teams Concentrating on supporting the day- to-day work environment Started with traditional kerberos-based and X.509-based solutions for securing collaborative environments

Internet2 Fall Meeting Security Development Environments Shared experiment control Instant messaging –IRC –Jabber Peer-to-peer file sharing –SciShare

Internet2 Fall Meeting Requirements Ability to participate from anywhere Low threshold for entry into the system –Incorporate new users easily –No waiting for authorization to enter the system Support for identifying trusted users Ability to specify the type of authentication and authorization needed Servers are not required

Internet2 Fall Meeting Approach - Architecture Peer-to-peer system Each site can act as both server and client or either Specialized servers provide added value –Archiving –Certificate authority –User registry –Rendezvous point

Internet2 Fall Meeting Registration Model Registration methods –Self –Trusted user –Administrator Issues –Where are users registered –Who controls/administers the registry –Who decides the list of trusted users –How can identities be verified

Internet2 Fall Meeting SciShare – File-sharing Using X.509 authentication –Pseudo certificates – accept any valid chain for these certificates –Trusted users – use trusted CA signed certificates Users can authorize both types of certificates for access to resources Build trust and eventually allow sharing of trust groups among users Communication is encrypted

Internet2 Fall Meeting Jabber – Instant Messaging Current –Designed as a client/server architecture –Users self-register for a username and password Future –Run servers everywhere they are needed –Add support for X.509 –Augment to allow vetting of registrations –Allow specification of authentication level for entry to a room –Augment to allow definition of trust groups for particular levels of access

Internet2 Fall Meeting Crossing the borders Escort –Accompany a user in an area they are not normally authorized to access –Host able to control the guest’s access Vouching –A user vouches for a less privileged user –Temporarily elevates privileges of the vouchee –Vouchee able to act without escort

Internet2 Fall Meeting Some Issues for the Future Making this intuitive for the user Allowing elevation of credentials without compromising the security of the elevated levels Finding communication protocols that can operate in a heterogeneous security environment Designing the callouts and interface for adding escort and vouching to the applications Standardization so these features are available pervasively