30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

Slides:



Advertisements
Similar presentations
24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
Advertisements

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
DataGrid is a project funded by the European Union HEPiX Conference Amsterdam 2003 Grid Security for Site Authorization in EDG VOMS, Java Security and.
Security Mechanisms The European DataGrid Project Team
\ Grid Security and Authentication1. David Groep Physics Data Processing group Nikhef.
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
RomeWorkshop on eInfrastructures 9 December LCG Progress on Policies & Coming Challenges Ian Bird IT Division, CERN LCG and EGEE Rome 9 December.
Andrew McNab - EDG Access Control - 17 Jan 2003 EDG Site Access Control (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester
Andrew McNab - SlashGrid, HTTPS, fileGridSite SlashGrid, HTTPS and fileGridSite 30 October 2002 Andrew McNab, University of Manchester
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
9-May-02D.P.Kelsey, Security Plans, GridPP41 Security: Plans 9 May 2002 GridPP4 meeting, Manchester David Kelsey CLRC/RAL, UK
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
EU DataGrid (EDG) & GridPP Authorization and Access Control User VOMS C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups,
10-Jun-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 10 June 2003 David Kelsey CCLRC/RAL, UK
Andrew McNab - GridSite/EDG/GGF - 29 Sept 2003 GridSite, EDG and GGF Andrew McNab, University of Manchester
DataGrid is a project funded by the European Union EDG Conference Barcelona 2003 – Title – n° 1 VOMS and LCMAPS on Global Permissions and Local Credentials.
23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX1 LCG Security Update HEPiX-HEPNT, TRIUMF, 23 October 2003 David Kelsey CCLRC/RAL, UK
EDG Security European DataGrid Project Security Coordination Group
Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.
3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK
WP3 Authorization and R-GMA Linda Cornwall WP3 workshop 2-4 April 2003.
30-Sep-03D.P.Kelsey, SCG Summary1 Security Co-ordination Group (WP7 SCG) EDG Heidelberg 30 September 2003 David Kelsey CCLRC/RAL, UK
User VOMS Java C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups, roles, capabilities Authentication Certificate Authorities.
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
23-Oct-02D.P.Kelsey, Grid Security, HEPiX, FNAL1 LCG/EDG Security - update and plans HEPiX/HEPNT - FNAL 23 Oct 2002 David Kelsey CLRC/RAL, UK
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Andrew McNab - EDG Access Control - 4 Dec 2002 EDG Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,
Security Operations David Kelsey GridPP Deployment Board 3 Mar 2005
Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 1 Grid Work in 2002 Andrew McNab High Energy Physics University of Manchester.
Andrew McNab - EDG Access Control - 17 Jun 2003 EU DataGrid and GridPP Authorization and Access Control Andrew McNab, University of Manchester
2-Sep-02D.P.Kelsey, WP6 CA, Budapest1 WP6 CA report Budapest 2 Sep 2002 David Kelsey CLRC/RAL, UK
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Grid Security work in 2004 Andrew McNab Grid Security Research Fellow University of Manchester.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
11-Dec-00D.P.Kelsey, Certificates, WP6 meeting, Milan1 Certificates for DataGrid Testbed0 David Kelsey CLRC/RAL, UK
WP3 Security and R-GMA Linda Cornwall. WP3 UserVOMS service authr map pre-proc authr LCAS LCMAPS pre-proc LCAS Coarse-grained e.g. Spitfire WP2 service.
Ákos FROHNER – DataGrid Security n° 1 Security Group TODO
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
WP7 Security Coordination 23/24 Jan 2002 David Kelsey CLRC/RAL, UK
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
VOX Project Status T. Levshina. 5/7/2003LCG SEC meetings2 Goals, team and collaborators Purpose: To facilitate the remote participation of US based physicists.
15-May-03D.P.Kelsey, SCG Summary1 Security Coord Group (SCG) EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
10-May-01D.P.Kelsey, WP6 Security1 Certificates/Authorisation for DataGrid Testbeds David Kelsey CLRC/RAL, UK
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
Gridification progress report David Groep, Oscar Koeroo Wim Som de Cerff, Gerben Venekamp Martijn Steenbakkers.
11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
9-Jul-02D.P.Kelsey, DataGrid Security1 EU DataGrid Security 9 July 2002 UK Security Task Force Meeting #2 David Kelsey CLRC/RAL, UK
Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
David Kelsey CLRC/RAL, UK
David Kelsey CCLRC/RAL, UK
R-GMA Security Principles and Plans
Update on EDG Security (VOMS)
The New Virtual Organization Membership Service (VOMS)
Presentation transcript:

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

30-Jan-03D.P.Kelsey, GridPP Security2 Overview EU DataGrid LHC Computing Grid (LCG) GGF UK STF GridPP participants –Andrew McNab, Jens Jensen, Linda Cornwall, DPK (and others from time to time)

30-Jan-03D.P.Kelsey, GridPP Security3 WP7 Security Coord Group D7.5 – Requirements and TB1 112 EDG requirements –72 essential, 37 desirable aims, 3 long-term aim Includes –Virtual Organisations (VO’s) – Role based authorisation Authorise resources as well as users –Local Authorisation Decisions and keep ACL’s local to data –Confidentiality Encrypted medical data Don’t know who is in a VO –International Collaboration – must inter-operate! D7.6 Security Design document – to be finalised during Feb 03

30-Jan-03D.P.Kelsey, GridPP Security4 WP6 CA group - Authentication International/Inter-project collaboration important Building “Trust” between national CA’s and VO’s/projects –EDG, CrossGrid, ( also LCG, EGEE, …) Defines list of “trusted” CA’s –Minimum requirements and best practice –Currently 16 national CA’s Includes the new UK CA –Will grow to ~20 Considering FNAL (and CERN?) Kerberos CA –And SLAC Virtual Smart Card Aim to formalise a European PKI PMA body –with links to North America, (Asia-Pacific?), …

30-Jan-03D.P.Kelsey, GridPP Security5 Security Design/Developments Security components developed (see EDG web) –CA Trust Matrix tools –VO/LDAP & VOMS – Authorisation –LCAS, LCMAPS – local authorisation and mapping –Gridmapdir – dynamic leased accounts –Gridsite – certificate-based web management –SlashGrid - dn-based grid homefile system –GACL – Library to parse ACL’s (XML) –edg-java-security (for Data Management, web services) –G-HTTPS (see Andrew’s slides)

30-Jan-03D.P.Kelsey, GridPP Security6 UserVOMS service authr map pre-proc authr LCAS LCMAPS pre-proc LCAS Coarse-grained e.g. Spitfire WP2 service dn dn + attrs Fine-grained e.g. RepMeC WP2/WP3 Coarse-grained e.g. CE, Gatekeeper WP4 Fine-grained e.g. SE, /grid WP5 Java C Authorisation authenticate acl

30-Jan-03D.P.Kelsey, GridPP Security7 VO Membership Service 1.Client and server authenticate themselves and establish a secure communication channel using standard Globus API. 2.The Client sends the request to the Server. 3.The Server checks the request and sends back the required info (signed by itself). 4.The Client checks the validity of the info received. 5.Steps 1—4 are repeated for each Server the Client wants to contact. 6.The Client creates a proxy certificate with an extension (non critical) containing all the info received from the contacted VOMS Servers. Query Authentication Request Auth DB VOMS pseudo- cert C=IT/O=INFN /L=CNAF /CN=Pinco Palla /CN=proxy VOMS pseudo- cert

30-Jan-03D.P.Kelsey, GridPP Security8 LCG - Grid Deployment Planning now for LCG-1 (summer 03) –DPK is technical expert on LCG GDB WG3 Legal, political, site security policies, etc. –Acceptable Use policies (Rules) What is needed for User Registration (single signing)? –What is acceptable to Site Security Officers? GGF Site-AAA requirements group –An extremely important area – could kill the Grid! Authorisation (important area) –VO’s need to manage their members and sites/resource providers negotiate with VO’s

30-Jan-03D.P.Kelsey, GridPP Security9 GGF and UK STF Global Grid Forum –We are active in the various Security Area groups CA –GridCP –CA Ops Authz –New Authorization group (McNab co-chair) Site- AAA – Requirements UK Security Task Force (core programme) –To advise the Director, and make recommendations –Jens Jensen and DPK members – –NeSC Security workshop (Dec 5/6, 2002)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.