CA-OPS Authentication Profiles Tony Genovese ATF team ESnet Lawrence Berkeley National Laboratory.

Slides:

Advertisements

Similar presentations

RPKI Standards Activity Geoff Huston APNIC February 2010.

Advertisements

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.

Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer

International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May CAOPS-WG session #2.

© 2006 Open Grid Forum Security Area OGF19 Standard All Hands.

© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

DOE’s PKI service for Grids Tony J. Genovese Malaga, Spain November 2003.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

GRID Security Infrastructure: Overview and problems PKI-COORD Meeting, Amsterdam November 26, 2001 Yuri Demchenko.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.

National Institute of Advanced Industrial Science and Technology Proposals for auditing Yoshio Tanaka Grid Technology Research.

Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin

1 Directory related work in the Global Grid Forum 3rd TF-LSD Meeting in Antalya Peter Gietz

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

Digital Object Architecture

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

DOE Grids New subordinate CP/CPS v2.3 New subordinate CP/CPS v2.3 New name DOEGrids.org New name DOEGrids.org Old name DOESciencegrid.org Old name DOESciencegrid.org.

TERENA TF-EMC2 Workshop David Groep,

Ning Zhang, the University of Manchester, UK David Groep, National Institute for Nuclear and High Energy Physics, NL Blair Dillaway, OGF Security Area.

Grid and NREN operational support Tony Genovese ATF team ESnet Lawrence Berkeley National Laboratory.

Updates from the EUGridPMA David Groep, July 16 st, 2007.

1 caGrid Security Overview Mark Grand Senior Engineer caGrid Knowledge Center February 7, 2011.

OGSA Security Roadmap Discussion GGF5 – 7/24/02. Outline l Introduction l Architecture Goal l Roadmap Goal l Proposed Specs l Challenges l Next Steps.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.

Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.

Updates from the European Side of the Pond David Groep, November 2006.

With ADFS and Azure Active Directory

Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA

PKI Policy Determination Process Input from PKI Decision Process PKI Policy Determination Process Application(s) Workflows Players.

EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.

GIRAF Grid Integrated Radius Authentication Fabric A Whole Bunch of People GGF-11 June 9, 2004.

Illinois Health Network The 14th Global Grid Forum Chicago, Illinois June 27, 2005.

DataGrid Security Wrapup Linda Cornwall 4 th March 2004.

Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.

18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.

Cyber Security Issues in HEP and NP Grids Bob Cowles — SLAC NC August 2004.

UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.

29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.

Soapbox (S-Series) Certificate Validation Jens Jensen, STFC.

© 2007 Open Grid Forum Authentication Service Profile Christos Kanellopoulos 14 th EUGridPMA, Lisbon, PT October 7 th, 2008.

Agenda Status of CAOPS-WG – Darcy (1’) Status of Documents – Darcy (5’) OCSP Requirements for OCSP – Olle (20’) Authentication Profiles – Tony (20’) Auditing.

IGTF in 10 years enabling the interoperable global trust federation Nikhef, Amsterdam supported the Dutch national e-Infrastructure funded and coordinated.

Identity and Access Management

JRA3 Introduction Åke Edlund EGEE Security Head

Classic X.509 AP updates (v4.1)

Solving the Identity Crisis

LCG Security Status and Issues

HellasGrid CA & euGridPMA

SWIM Common PKI and policies & procedures for establishing a Trust Framework Kick-off meeting Patrick MANA Project lead 29 November.

Security in ebXML Messaging

The E-Authentication Initiative

Emir Imamagić University Computing Centre (Srce)

Presentation transcript:

CA-OPS Authentication Profiles Tony Genovese ATF team ESnet Lawrence Berkeley National Laboratory

February 2005 TERENA TF-EMC2 1 Outline Authentication Profiles Authentication Profiles Why authentication profiles?Why authentication profiles? What is in it?What is in it? General Federation documentGeneral Federation document

February 2005 TERENA TF-EMC2 2 Why Authentication Profiles? New Authentication services will fragment the current global trust model. New Authentication services will fragment the current global trust model. Yet, we must allow for innovations in Authentication services. Yet, we must allow for innovations in Authentication services. Classic PKI procrustean bed no longer works.Classic PKI procrustean bed no longer works. Currently a draft GGF informational doc. Currently a draft GGF informational doc.

February 2005 TERENA TF-EMC2 3 Authentication Profile what is in it? Authentication Services must provide basic information on: Authentication Services must provide basic information on: The governance of authentication service.The governance of authentication service. A set of membership and operational requirements.A set of membership and operational requirements. Publishing model that Relying parties can trust.Publishing model that Relying parties can trust.

February 2005 TERENA TF-EMC2 4 General Federation Document 1. Federation definition - description 2. General architecture 3. Identity management 4. Operational requirements 5. Site security. 6. Publication and repository responsibilities 7. Liability 8. Financial responsibilities 9. Audits and compliance 10. Privacy and confidentiality 11. Compromise and disaster recovery 12. Federation administration

February 2005 TERENA TF-EMC2 5 New Federations that can be profiled Any Federation with common AuthN services. Any Federation with common AuthN services. SIPS - Site Integrated Proxy services SIPS - Site Integrated Proxy services KCA exampleKCA example Site SSL support - Host certificate service Site SSL support - Host certificate service RAF - RADIUS Authentication Fabric RAF - RADIUS Authentication Fabric Active Credential Stores Active Credential Stores

February 2005 TERENA TF-EMC2 6 Status of document Mostly guidance material being added Mostly guidance material being added Change name to reflect focus Change name to reflect focus Authentication Federations for GridsAuthentication Federations for Grids Grid Federation templateGrid Federation template Trust Federation setupTrust Federation setup Being used by the Americas Grid PMA for chartering. Being used by the Americas Grid PMA for chartering.