GridShib Project Update Tom Barton 1, Tim Freeman 1, Kate Keahey 1, Raj Kettimuthu 1, Tom Scavo 2, Frank Siebenlist 1, Von Welch 2 1 University of Chicago.

Slides:



Advertisements
Similar presentations
GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.
Advertisements

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
MyProxy Jim Basney Senior Research Scientist NCSA
Federated Identity for Grid Architects Tom Scavo NCSA
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.
MyProxy: A Multi-Purpose Grid Authentication Service
GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Identity Management, PKI and Grids Jill Gemmill, PhD University of Alabama at Birmingham.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.
Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch
SWITCHaai Team Introduction to Shibboleth.
SC06 – Powerful Beyond Imagination Tampa, FL Nov 14, 2006 Scaling TeraGrid Access: A Roadmap (Testbed) for Federated Identity Management for a Large Cyberinfrastructure.
Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
GridShib Grid-Shibboleth Integration Von Welch, Tom Barton, Kate Keahey, Frank Siebenlist GlobusWORLD 2005.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
MyVocs and GridShib: Integrated VO Management Jill Gemmill, John-Paul Robinson University of Alabama at Birmingham Tom Scavo, Von Welch National Center.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
GridShib and MyProxy Grid Credential Management and Identity Federation Von Welch NCSA
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Saml-v1_x-tech-overview-dec051 Security Assertion Markup Language SAML 1.x Technical Overview Tom Scavo NCSA.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
1 Globus Toolkit Security Rachana Ananthakrishnan Frank Siebenlist Argonne National Laboratory.
Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, GridShib, and MyProxy Tom Barton 1, Jim Basney 2, Tim Freeman.
GridShib: Campus/Grid RBAC Integration Penn State Grid Computing Workshop August 5th, 2005 Von Welch
Grid Security: Authentication Most Grids rely on a Public Key Infrastructure system for issuing credentials. Users are issued long term public and private.
GridShib CIP Seminar December 6th, 2005 Tom Scavo Von Welch NCSA.
Gridshib-tech-overview-dec051 GridShib A Technical Overview Tom Scavo NCSA.
GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.
Tools for Grid/Campus Integration: GridShib and MyProxy Internet2 Advanced Camp July 1, 2005 Von Welch
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
GridShib Grid-Shibboleth Integration An Overview Von Welch
1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
Gridshib-tech-overview-apr061 GridShib A Technical Overview Tom Scavo NCSA.
EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.
Globus Security: Features and Roadmap & Building Secure VOs using Globus Toolkit Frank Siebenlist Rachana Ananthakrishnan Computation Institute, University.
Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.
TeraGrid 08 The Third Annual TeraGrid Conference Las Vegas, NV June 9–13, 2008 Tom Scavo, Jim Basney, Terry Fleury, Von Welch.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks OpenSAML extension library and API to support.
1 Globus Toolkit Security Java Components Rachana Ananthakrishnan Frank Siebenlist.
University of Illinois at Urbana-Champaign National Center for Supercomputing Applications GridShib Grid/Shibboleth Interoperability
University of Illinois at Urbana-Champaign National Center for Supercomputing Applications GridShib Grid/Shibboleth Interoperability
2NCSA/University of Illinois
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Shibboleth for Non-Web-Based Applications: GridShib
NSF Middleware Initiative: GridShib
GridShib: Grid/Shibboleth Integration Update GGF 18 Shibboleth Developers BoF September 10-11, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey,
TeraGrid 08 The Third Annual TeraGrid Conference
TeraGrid 08 Tom Scavo, Jim Basney , Terry Fleury, Von Welch
A Grid Authorization Model for Science Gateways
TeraGrid Identity Federation Testbed Update I2MM April 25, 2007
NSF Middleware Initiative: GridShib
Presentation transcript:

GridShib Project Update Tom Barton 1, Tim Freeman 1, Kate Keahey 1, Raj Kettimuthu 1, Tom Scavo 2, Frank Siebenlist 1, Von Welch 2 1 University of Chicago 2 NCSA/University of Illinois

Outline l GridShib Overview l GridShib Components l GridShib Profiles l GridShib Roadmap

What is GridShib? l GridShib enables secure attribute sharing among Grid virtual organizations and higher-educational institutions l The goal of GridShib is to allow interoperability between the Globus Toolkit® with Shibboleth® l GridShib adds attribute-based authorization to Globus Toolkit

Some Background l Large scientific projects have spawned Virtual Organizations (VOs) l The cyberinfrastructure and software systems to support VOs are called grids l Globus Toolkit is the de facto standard software solution for grids l Grid Security Infrastructure (GSI) provides basic security services for grids

Grid Authentication l Globus Toolkit provides authentication services via X.509 credentials l When requesting a service, the user presents an X.509 certificate, usually a proxy certificate l GridShib leverages the existing authentication mechanisms in GT

Grid Authorization l Today, Globus Toolkit provides identity- based authorization mechanisms: u Access control lists (called grid-mapfiles) map DNs to local identity (e.g., Unix logins) u Community Authorization Service (CAS) l PERMIS and VOMS l GridShib provides attribute-based authorization based on Shibboleth

GridShib Project Motivation l VOs are difficult to manage u Goal: Leverage existing identity management infrastructure l Identity-based access control methods are inflexible and do not scale u Goal: Use attribute-based access control l Solution: Leverage Shibboleth with Globus Toolkit!

GridShib Use Cases l Three use cases under consideration: 1. Established grid user (non-browser) 2. New grid user (non-browser) 3. Portal grid user (browser) l Initial efforts concentrated on the non- browser use cases l Current efforts are focused on the portal grid user

Established Grid User l User possesses an X.509 end entity certificate l User may or may not use MyProxy Server to manage X.509 credentials l User authenticates to Grid SP with a proxy certificate l The current GridShib implementation addresses this use case

New Grid User l User does not possess an X.509 end entity certificate l User relies on GridShib CA to obtain short- lived X.509 certificates l User authenticates to Grid SP using short- lived X.509 credential l The myVocs-GridShib integration addresses this use case

Portal Grid User l User does not possess an X.509 cert l A browser user authenticates to a Grid Portal (which may or may not be Shib- enabled) l The user delegates the Grid Portal to request a service at the Grid SP l The Grid Portal authenticates to the Grid SP using its “community credential”

Outline l GridShib Overview l GridShib Components l GridShib Profiles l GridShib Roadmap

Software Components l GridShib for Globus Toolkit l GridShib for Shibboleth u Includes GridShib Certificate Registry l GridShib Certificate Authority l GridShib Authentication Assertion Client l Shibboleth IdP Tester l Globus SAML Library (not distributed)

GridShib for Globus Toolkit l GridShib for Globus Toolkit is a plugin for GT 4.0 (or later) l Features: u Standalone attribute requester u SAML attribute consumption u Attribute-based access control u Attribute-based local account mapping u SAML metadata consumption

GridShib for Shibboleth l GridShib for Shibboleth is a plugin for a Shibboleth IdP v1.3 (or later) l Features: u Name Mapper l Supports name mappings in both files and tables u SAML name identifier implementations l X509SubjectName, Address, etc. u Certificate Registry l Supports the established grid user

GridShib Certificate Registry l A Certificate Registry is integrated into GridShib for Shibboleth 0.5: l An established grid user authenticates and registers an X.509 end-entity cert l The Registry binds the cert to the principal name and persists the binding in a database l On the backend, GridShib maps the DN in a query to a principal name in the DB

GridShib Authn Assertion Client l The GridShib Authn Assertion Client is a standalone tool that creates an X.509 proxy certificate with bound SAML authn assertion l The client uses the proxy to authenticate to a Grid SP l The Grid SP queries a Shibboleth AA based on the information in the bound SAML assertion

Shibboleth IdP Tester l The Shibboleth IdP Tester is a tool that queries a Shibboleth AA for attributes l The IdP Tester can be used to: u Test an ordinary Shibboleth AA u Test a GridShib-enabled AA l The IdP Tester installs as a Shib IdP extension (i.e., it does not disturb an existing Shib deployment)

GridShib CA l The GridShib Certificate Authority is a web- based CA for new grid users: l The GridShib CA is protected by a Shib SP and backended by either OpenSSL or the MyProxy Online CA l The CA issues short-term credentials suitable for authentication to a Grid SP l Credentials are downloaded to the desktop via Java Web Start

Globus SAML Library l GridShib forked the OpenSAML 1.1 source library in Jan 2006 l Globus SAML Library is in synch with OpenSAML 1.1 CVS HEAD l Globus SAML Library is bundled with GridShib for GT l Globus SAML Library adds new features to OpenSAML 1.1

Outline l GridShib Overview l GridShib Components l GridShib Profiles l GridShib Roadmap

GridShib Attribute Pull Profile l In the “Classic GridShib” profile, a Grid SP “pulls” attributes from a Shib IdP l The Client is assumed to have an account (i.e., local principal name) at the IdP l The Grid SP and the IdP have been assigned a unique identifier (entityID) IdP Grid SP CLIENTCLIENT CLIENTCLIENT

1 GridShib Attribute Pull Step 1 l The Grid Client requests a service at the Grid SP l The Client presents an X.509 certificate to the Grid SP l The Client may provide a pointer to its preferred IdP u This is the so-called IdP Discovery problem IdP Grid SP CLIENTCLIENT CLIENTCLIENT

2 1 GridShib Attribute Pull Step 2 l The Grid SP authenticates the Client and extracts the DN from the proxy cert l The Grid SP queries the Attribute Authority (AA) at the IdP using the DN as a SAML name identifier IdP Grid SP CLIENTCLIENT CLIENTCLIENT

32 1 GridShib Attribute Pull Step 3 l The AA authenticates the requester and maps the DN to a local principal name l The AA returns an attribute assertion to the Grid SP u The assertion is subject to Attribute Release Policy (ARP) at the IdP IdP Grid SP CLIENTCLIENT CLIENTCLIENT

GridShib Attribute Pull Step 4 l The Grid SP parses the attribute assertion and performs the requested service l The attributes are cached as necessary l A response is returned to the Grid Client IdP Grid SP CLIENTCLIENT CLIENTCLIENT

IdP Discovery l Like the Shibboleth SP-initiated browser flows, the Grid SP needs to know the user’s preferred IdP l SAML assertions bound to X.509 certs give clues as to the user’s preferred IdP For example, the GridShib Authentication Assertion Client sets the NameQualifier attribute to the unique identifier of the IdP Unfortunately, the NameQualifier attribute is deprecated in SAML V2.0

IdP Discovery (cont’d) The Issuer attribute is a better indicator of the user’s preferred IdP However, for self-issued assertions (assertion issuer == certificate issuer) the Issuer is a DN, which doesn’t help IdP discovery l Solution: Set the X.509 Subject Information Access extension to the IdP entityID

GridShib Attribute Push Profile l The Client may push attributes at step 1 l SAML assertions are bound to X.509 certificates or SOAP messages l The Grid SP may or may not query for attributes in this case IdP Grid SP CLIENTCLIENT CLIENTCLIENT

Outline l GridShib Overview l GridShib Components l GridShib Profiles l GridShib Roadmap

Online Roadmap l We present current plans and timelines l Roadmap online at GridShib dev.globus incubator site l Roadmap will be maintained as work progresses, check web page for updates

Attribute Push l For the past six months, GridShib has concentrated on attribute push l Advantages of attribute push: u IdP Discovery is less of an issue l Disadvantages of attribute push: u What to push? (we call this “SP Discovery”)

GridShib X.509 Certificate l The anatomy of an X.509 certificate suitable for GridShib attribute push: u short lifetime u IdP entityID in Subject Information Access extension u SAML Subject in the Subject Alt Name extension u SAML assertion(s) bound to X.509 v3 certificate extension u SSO assertion(s) nested in the Advice element of a bound SAML assertion

X.509 Binding for SAML l We bind an ASN.1 SEQUENCE of SAML elements at a well-known, non-critical X.509 v3 certificate extension GridShib and Globus CAS already have limited ability to bind elements to X.509 proxy certificates l Future versions of the GridShib CA will bind SAML to end-entity certificates

1. Shib Authn Request (Redirect) 2. SAML Authn Response 3. SAML Authn Response (POST) 4. SAML Attribute Query (SOAP) 5. SAML Attribute Response 6. HTTP 200 OK (Java Web Start) 7. WS-RF Service Request (SOAP) 8. WS-RF Service Response GridShib, an NSF-funded project between NCSA and the University of Chicago, integrates federated identity management infrastructure (Shibboleth) with Grid technology (Globus Toolkit) to provide attribute-based authorization for distributed scientific communities ( We propose to bind SAML assertions to X.509 certificates to facilitate GridShib Attribute Push, which overcomes some limitations of Classic GridShib (Attribute Pull). Two use cases for GridShib Attribute Push are depicted below. Two use cases for GridShib Attribute Push involve the GridShib CA and the TeraGrid Science Gateway. The GridShib CA binds SAML to an X.509 end-entity certificate after step 5. The Science Gateway binds SAML to an X.509 proxy certificate after step 9. The client presents the X.509 certificate to the GridShib Service Provider (SP). The GridShib SP extracts the SAML, parses the attributes, and makes an informed access control decision. Classic GridShib Use Case: GridShib CA Use Case: Science Gateway X.509 Certificate 1. WS-RF Service Request (SOAP) 2. WS-RF Service Response 1. Shib Authn Request (Redirect) 2. SAML Authn Response 3. SAML Authn Response (POST) 4. SAML Attribute Query (SOAP) 5. SAML Attribute Response 6. HTTP 200 OK An X.509 Binding for SAML Shibboleth Identity Provider Web Portal BrowserBrowser BrowserBrowser GridShib Client X.509 Issuer SAML Issuer GridShib Service Provider Shibboleth Identity Provider GridShib CA BrowserBrowser BrowserBrowser 8 7 GridShib Service Provider Grid Client Grid Service Provider Grid Client BrowserBrowser BrowserBrowser Shibboleth Identity Provider Shibboleth Service Provider = 4 1. WS-RF Service Request (SOAP) 2. SAML Attribute Query (SOAP) 3. SAML Attribute Response 4. WS-RF Service Response GridShib Identity Provider GridShib Service Provider Grid Client … … … X.509 v3 Certificate Extension OID

X.509 Binding for SAML (cont’d) Initially, we bind a element to the X.509 certificate l Eventually we would like to support: u

X.509 Binding: Use Cases l Presenter is the Subject u Principal Self-assertion u Principal Self-query u Shib-enabled GridShib CA u MyProxy Online CA u Community Authorization Service l Presenter Acting on Behalf of the Subject: u nanoHUB Pull u National Virtual Observatory (NVO) Push u Shib-enabled Science Gateway

Use Case: nanoHUB nanoHUB LDAP nanoHUB portal nanoHUB IdP Grid SP nanoHUB user nanoHUB LDAP nanoHUB portal nanoHUB IdP Grid SPnanoHUB user

Use Case: NVO Authn Authority Attribute Authority MyProxy GSI Client Portal Grid SP BrowserBrowser Attribute Store SAML (inputs) X.509 EEC CA

Use Case: Science Gateway Authn Authority Attribute Authority SAML X.509 Binding Tool GSI Client Portal (Shib- enabled) Grid SP BrowserBrowser Attribute Store SAML (inputs) X.509 Proxy (inputs) SSO Assertion

Work in the Pipeline l New versions of GridShib for GT, GridShib for Shib, and GridShib CA l GridShib Authn Assertion Client => GridShib SAML Issuer Tool l Shibboleth IdP Tester => GridShib Attribute Query Client l GridShib SAML Tools l Enhancements to Globus SAML Library

GridShib for GT Versions l GridShib for GT 0.5 u Announced Nov 30, 2006 l GridShib for GT u Expected ? l GridShib for GT 0.6 u Expected ?

GridShib for GT 0.5 l GridShib for GT 0.5 announced Nov 30 u Compatible with both GT4.0 and GT4.1 l GT4.1 introduces powerful authz framework l Separate binaries for each GT version l Source build auto-senses target GT platform u New identity-based authorization feature l Uses grid-mapfile instead of DN ACLs u Logging enhancements u Bug fixes

GridShib for GT l GridShib for GT (expected ?) u Combined VOMS/SAML attribute to account mapping l As with the current gridmap situation, GT4.0.x deployments cannot take advantage of permit overrides and arbitrarily configure fallbacks l To accommodate this we’ll allow for a name mapping scheme that checks in this order and continues to fall back if no match/authz is granted: gridmap, VOMS, Shibboleth/SAML

GridShib for GT 0.6 l GridShib for GT 0.6 (expected ?) u Full-featured attribute push PIP l TBA u More powerful attribute-based authz policies l Allow unique issuer in authz policy rules

GridShib for Shib Versions l GridShib for Shib u Announced Aug 8, 2006 l GridShib for Shib 0.6 u Expected Jan 2007 u Will include SAML Issuer Tool (derived from Shib resolvertest tool)

GridShib for Shib 0.6 l GridShib for Shib 0.6 (expected Jan 2007) u Core (already included in 0.5) l Requires Shib IdP l Includes basic plugins and handlers u Certificate Registry (already included in 0.5) l Requires GridShib for Shib Core l Includes Derby embedded database u SAML Tools (new in 0.6) l Requires GridShib for Shib Core l Includes SAML Issuer Tool and SAML X.509 Binding Tool

GridShib CA Versions l GridShib CA 0.3 u Announced Nov 27, 2006 l GridShib CA 0.4 u Expected March, 2007

GridShib CA 0.3 l GridShib CA 0.3 announced Nov 27, 2006 u Substantial improvement over version 0.2 u More robust protocol u Installation of trusted CAs at the client u Pluggable back-end CAs l Uses an openssl-based CA by default l A module to use a MyProxy CA is included u Certificate registry functionality l A module that auto-registers DNs with myVocs

GridShib SAML Tools l GridShib SAML Issuer Tool u Derived from Authentication Assertion Client l Shibboleth SAML Issuer Tool u Derived from Shib resolvertest tool l GridShib Attribute Query Client u Derived from Shib IdP Tester l GridShib X.509 Binding Tool u Derived from GT CAS/SAML utilities

GridShib SAML Tools (cont’d) Shibboleth SAML Issuer Tool SAML X.509 Binding Tool (inputs) X.509 SAML Shibboleth IdP Config GridShib SAML Issuer Tool SAML X.509 Binding Tool (inputs) X.509 SAML Config Files

GridShib SAML Tools (cont’d) Shibboleth SAML Issuer Tool GridShib SAML Issuer Tool SAML X.509 Binding Tool (inputs) X.509 SAML GridShib Attribute Query Client (inputs)

SAML Tool Distributions l The Shib SAML Issuer Tool and the SAML X.509 Binding Tool will be distributed with GridShib for Shib 0.6 l The GridShib SAML Issuer Tool, GridShib Attribute Query Client, and SAML X.509 Binding Tool will be distributed as a single, standalone package l Note: The latter does not require GridShib for Shib or GridShib for GT

Globus SAML Library l Features and enhancements: u Support for SAML V2.0 metadata u SAML object equivalence implementation u Enhanced SAMLNameIdentifier class u SAML NameIdentifier format handlers u New SAMLSubjectAssertion class u New SubjectStatement class u Additional unit tests and examples u Requires JDK 1.4 or above

New Software Components l GridShib for Globus Toolkit 0.6 l GridShib for Shibboleth 0.6 u Optional Certificate Registry u Optional SAML Issuer Tool l GridShib Certificate Authority 0.4 l GridShib SAML Tools u SAML Issuer Tool u Attribute Query Client u SAML X.509 Binding Tool l Globus SAML Library (enhanced)

Profiles and Bindings Specs l SAML V1.1 Profiles for X.509 Subjects l Subject-based Assertion Profile for SAML V1.1 l X.509 Binding for SAML Assertions l Attribute Query Profile for SAML V1.1 l SAML V1.1 Deployment Profiles for X.509 Subjects l SAML V2.0 Deployment Profiles for X.509 Subjects

Acknowledgments l GridShib is a project funded by the NSF Middleware Initiative u NMI awards and u Opinions and recommendations are those of the authors and do not necessarily reflect the views of the National Science Foundation. l Also many thanks to Internet2 Shibboleth Project

Summary l GridShib has a number of tools for leveraging Shibboleth for the Grid l Both for user authentication and attribute-based authorization l Deploys easily on Shibboleth 1.3 and Globus 4.0 l Available under Apache2 license For more information and software: l l l

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.