Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Slides:



Advertisements
Similar presentations
Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer
Advertisements

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
A history of the CACG, EUGridPMA, and the IGTF (and some next steps) First APGridPMA Face-to-Face Meeting Beijing David Groep,
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Grid Security in EGEE/LCG ISGC 2005, Taipei, Taiwan 29 April 2005 David Kelsey CCLRC/RAL, UK
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin
The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.
GRID workshop Enabling Grids for E-sciencE iag.iucc.ac.il PKI, Certificates and CAs – Oh My! Hank Nussbacher Israel InterUniversity Computation.
Grid Trust Fabric TNC 2006, Catania 16 May 2006 David Kelsey CCLRC/RAL, UK
Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
20-May-03D.P.Kelsey, LCG-1 Security, HEPiX1 Grid Security for LCG-1 HEPiX, NIKHEF, 20 May 2003 David Kelsey CCLRC/RAL, UK
LCG/EGEE Security Update HEPiX, Fall 2004 BNL, 18 October 2004 David Kelsey CCLRC/RAL, UK
High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005
DOE Grids New subordinate CP/CPS v2.3 New subordinate CP/CPS v2.3 New name DOEGrids.org New name DOEGrids.org Old name DOESciencegrid.org Old name DOESciencegrid.org.
TERENA TF-EMC2 Workshop David Groep,
Updates from the EUGridPMA David Groep, July 16 st, 2007.
EGEE is proposed as a project funded by the European Union under contract IST EU eInfrastructure project initiatives FP6-EGEE Fabrizio Gagliardi.
10-Jun-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 10 June 2003 David Kelsey CCLRC/RAL, UK
ESnet PKI Developed for the DOE Science Grid and SciDAC.
DataGrid WP6/CA CA Trust Matrices Trinity College Dublin (TCD) Brian Coghlan CERN DEC-2002.
23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX1 LCG Security Update HEPiX-HEPNT, TRIUMF, 23 October 2003 David Kelsey CCLRC/RAL, UK
8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK
3-Nov-00D.P.Kelsey, HEPiX, JLAB1 Certificates for DataGRID David Kelsey CLRC/RAL, UK
EIRG – e-Infrastructure Reflection Group Dieter Kranzlmüller e-IRG Chairman
3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK
TAGPMA & the Bridge WG (Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec 2006 PKI Activities and Applications Update - Chicago, IL.
Security Mechanisms The European DataGrid Project Team
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Linda Cornwall CCLRC (RAL) FP6 Security workshop.
23-Oct-02D.P.Kelsey, Grid Security, HEPiX, FNAL1 LCG/EDG Security - update and plans HEPiX/HEPNT - FNAL 23 Oct 2002 David Kelsey CLRC/RAL, UK
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Updates from the EUGridPMA David Groep, May 9 st, 2007.
NRENs, Grids and Integrated AAI In Search For the Utopian Solution Christos Kanellopoulos AUTH/GRNET October 17 th, 2005 skanct at physics.auth.gr 2nd.
2-Sep-02D.P.Kelsey, WP6 CA, Budapest1 WP6 CA report Budapest 2 Sep 2002 David Kelsey CLRC/RAL, UK
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
11-Dec-00D.P.Kelsey, Certificates, WP6 meeting, Milan1 Certificates for DataGrid Testbed0 David Kelsey CLRC/RAL, UK
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
EGEE is a project funded by the European Union under contract IST EGEE Security Åke Edlund Security Head EU IST-FP6 Concertation, 17 th September.
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
EGEE is a project funded by the European Union CA overview and requirements Ognjen Prnjat, Nikos Vogiatzis GRNET EGEE-SEE regional kick-off, April 7-8.
18-May-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) Barcelona 18 May 2004 David Kelsey CCLRC/RAL, UK
15-May-03D.P.Kelsey, SCG Summary1 Security Coord Group (SCG) EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
EGEE is a project funded by the European Union under contract IST eInfrastructures Fotis Karayannis EGEE SEE Fed. Representative in PMB, GRNET.
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
10-May-01D.P.Kelsey, WP6 Security1 Certificates/Authorisation for DataGrid Testbeds David Kelsey CLRC/RAL, UK
TACAR Updates version David Groep, NIKHEF. 9 th EUGridPMA ‘RAL’ meeting – Jan David Groep – TACAR Aims  Trusted and.
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
20-21 January 2005 Athens, January 2005 HellasGrid CA & euGridPMA EGEE 3rd Parties Advanced Induction Course January, NTUA, Athens Kanellopoulos.
GRID-FR French CA Alice de Bignicourt.
EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF & EUGridPMA status update SHA-2 – and more (David Groep,
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.
David Kelsey CLRC/RAL, UK
David Kelsey CCLRC/RAL, UK
JRA3 Introduction Åke Edlund EGEE Security Head
Grids & PKI: TAGPMA & Bridges (Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec 2006 PKI Implementers Workshop - Chicago, IL.
HellasGrid CA & euGridPMA
David Kelsey CCLRC/RAL, UK
Presentation transcript:

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

eInfrastructure Workshop, Dublin- 2 David Kelsey – Authentication Policy – 15 Apr 2004 Outline  Grid Authentication Background  Current Status  The EU Grid PMA  Policy Guidelines  TACAR  Summary

eInfrastructure Workshop, Dublin- 3 David Kelsey – Authentication Policy – 15 Apr 2004 Grid Authentication Background  Many Grids use the Grid Security Infrastructure (GSI)  For Authentication  Based on X.509 Public Key Infrastructure (PKI)  The EDG Certification Authorities Coordination Group (CACG) – started in December 2000  Coordinated the CAs for use by (EU FP5)  EU DataGrid (EDG)  DataTAG  CrossGrid  & Many national Grid projects  Global requirements driven by LCG (HEP)

eInfrastructure Workshop, Dublin- 4 David Kelsey – Authentication Policy – 15 Apr 2004 EDG CACG ( )  User Single “Sign-on”  Once per session (and delegation)  Identity credentials accepted by many Grids  Hierarchical root – not possible in GSI  Most appropriate scale is one CA per nation  Timely Revocation is important  Establish common trust domain  minimum requirements/best practice/peer review  Certificates from trusted CA can be used anywhere  Common repository of trust anchors  Robust Registration Authority procedures are needed  RAs need to be close to the user’s home institute

eInfrastructure Workshop, Dublin- 5 David Kelsey – Authentication Policy – 15 Apr 2004 Current Status – 21 Approved CAs and number of certificates issued to date Armenia 0 Taiwan 80 CERN 640 Czech Rep365 France 1400 Cyprus 18 Spain 408 USA 2807 FNAL(US) 1 Canada 570 Ireland 170 Germany 364 Greece 49 Italy 1956 Portugal 61 Netherlands 321 Nordic 579 Poland 266 Russia 230 Slovakia 26 UK 1856 Total 12167

eInfrastructure Workshop, Dublin- 6 David Kelsey – Authentication Policy – 15 Apr 2004 EU Grid PMA coverage  Most countries in Europe have a national CA  “Catch-all” for EGEE (France) and SEE-GRID for S.East  Green: CA Accredited  Yellow: being discussed Other Accredited CAs:  DoEGrids (USA)  GridCanada  ASCCG (Taiwan)  ArmeSFO (Armenia)  CERN  Russia (LCG)  FNAL Service CA (USA)  Israel  Pakistan

eInfrastructure Workshop, Dublin- 7 David Kelsey – Authentication Policy – 15 Apr 2004 The EU Grid PMA “Policy Management Authority”  Continues from the EDG CACG  Defines Minimum requirements and Best practices  Accredits Authorities  General authentication – not just PKI  Members  Accredited Authorities  Major relying parties (EGEE, DEISA, SEE-GRID, LCG,…)  TERENA (TACAR)  1 st meeting – April 2004 – Florence (INFN)  Charter approved  David Groep (NIKHEF) appointed as Chair

eInfrastructure Workshop, Dublin- 8 David Kelsey – Authentication Policy – 15 Apr 2004 Authentication Policy Guidelines  Wherever possible  No more than one CA per country  Aim for widest possible cover  PMA does not provide identity assertions  Certificates issued meet or exceed the guidelines  Identity for Grid/eScience Authentication only  No support of data encryption or non- repudiation  No support for financial transactions  No liability!

eInfrastructure Workshop, Dublin- 9 David Kelsey – Authentication Policy – 15 Apr 2004 Policy Guidelines (2)  A single authoritative source for verifying roots of trust is needed (see TACAR)  We must work in the global arena (GGF & gridpma.org) gridpma.org  GSI imposes technical constraints which must be met  The PMA is mainly technical  Development needs technical experts

eInfrastructure Workshop, Dublin- 10 David Kelsey – Authentication Policy – 15 Apr 2004 TACAR  The TERENA Academic CA Repository  Created by task force TF-AACE  Aimed at facilitating the use of PKI in Europe  Repository of “trust anchors”  Like root certificates distributed with web- browsers  NREN CAs and non-for-profit projects (eg Grid)  Published policy and procedures for registration  No evaluation of CA policies or procedures  An important service for Grid Authentication  Authoritative source of roots of trust

eInfrastructure Workshop, Dublin- 11 David Kelsey – Authentication Policy – 15 Apr 2004 Summary  The CACG built a strong base for Grid Authentication  The EU Grid PMA is now instrumental for FP6 Grid projects in the global arena via a single Trust Domain  EGEE, DEISA and SEE-GRID are all relying party members of the PMA and will use this PKI  And other global and national Grids, e.g. LCG  A single common repository for authentication will promote the trust anchor (TACAR)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.