UPKI Inter-University Authentication and Authorization Platform for Japanese Cyber-Science Infrastructure Yasuo OKABE Academic Center for Computing and.

Slides:

Advertisements

Similar presentations

The Access Grid Ivan R. Judson 5/25/2004.

Advertisements

eduroam Delegate Authentication System with Shibboleth SSO

Steps towards E-Government in Syria

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

Lesson 1. Course Outline E-Commerce and its types, Internet and WWW Basics, Internet standards and protocols, IP addressing, Data communication on internet,

Agenda A world class university Why internationalization? The Global 30 Projects in Japan Nagoya University’s E-elements What’s next ?

Toward Production Level Operation of Authentication System for High Performance Computing Infrastructure in Japan Eisaku Sakane and Kento Aida National.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

2015/6/21 UPKI project update Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University.

Understanding Active Directory

China Distance Learning Activities Updates Jie An Tsinghua University CERNET Aug 27, 2002.

Addressing Information Security at Heller October 16, 2013 secureHeller.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Information and Communication Technologies in the field of general education in Armenia NATIONAL CENTER OF EDUCATIONAL TECHNOLOGIES.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

EduRoam Australia Project Experience in location independent wireless networking with international collaboration with TERENA EduRoam Project 19 th APAN.

F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

Grid security in NAREGI project NAREGI the Japanese national science grid project is doing research and development of grid middleware to create e- Science.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Grid security in NAREGI project July 19, 2006 National Institute of Informatics, Japan Shinichi Mineo APAN Grid-Middleware Workshop 2006.

FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)

IT in the Swedish public sector Britta Johansson

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

Eduroam JP and development of UPKI roaming Yoshikazu Watanabe*, Satoru Yamano* Hideaki Goto**, Hideaki Sone** * NEC Corporation, Japan ** Tohoku University,

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

1 NII and its new information service GeNii Akira MIYAZAWA 2004/09/26.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Introduction of NAREGI-CA National Institute of Informatics JAPAN Toshiyuki Kataoka, July 19, 2006 APAN Grid-Middleware Workshop, Singapore.

Dartmouth PKI Update Robert Brentrup Internet2 Member Meeting April 21, 2004.

Jun Adachi & Masamitsu Negishi National Institute of Informatics, Japan NII October 23, 2006 Beijing, China Cyber Science Infrastructure for.

Campus Wireless Network kitenet Koji OKAMURA Research Institute for Information Technology, Kyushu University.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

Configuring Network Access Protection

Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

1 UPKI-Federation based on Shibboleth National Institute of Informatics Motonori Nakamura Toshiyuki Kataoka, Kyoto University Yasuo Okabe.

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

UPKI Activities - July NII & UPKI Initiative Hideaki Sone, Tohoku University.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Exploring Access to External Content Providers with Digital Certificates University of Chicago Team Charles Blair James Mouw.

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

Agenda Past & Present Who we are & what we do Activities Challenges.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

The Roadmap of NAREGI Security Services Masataka Kanamori NAREGI WP

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Accessing the VI-SEEM infrastructure

Implementing Network Access Protection

NAAS 2.0 Features and Enhancements

Goals Introduce the Windows Server 2003 family of operating systems

Updates on Recent Activities in eduroam-JP

Presentation transcript:

UPKI Inter-University Authentication and Authorization Platform for Japanese Cyber-Science Infrastructure Yasuo OKABE Academic Center for Computing and Media Studies, Kyoto University

Tohoku University Information Synergy Center Hokkaido University Information Initiative Center University of Tokyo Information Technology Center Nagoya University Information Technology Center Kyoto University Academic Center for Computing and Media Studies Osaka University Cybermedia Center Kyushu University Computing and Communications Center Sapporo Sendai TokyoKyoto Osaka Fukuoka Information Infrastructure Centers in the Seven Universities in JAPAN Nagoya National Institute of Informatics (NII)

Brief history of the federation among the Centers Established as supercomputer centers for nation-wide service 1981 Connected by commercial X.25 service 1986 Dedicated interuniversity X.25 network service was started by NACSIS (predecessor of NII) Federated Identity Management ( 2004) Unified ID Online subscription to secondary centers 1988 JAIN (Japan Academic Inter- university Network) project started IP over X SINET, the academic Internet backbone service was started by NACSIS 2002 Operation of SuperSINET was started 2003 NAREGI (National Research Grid Initiative) project started

Fundamental Resources for Academic and Research Activities Education and Training / Encouraging Young Talent NAREGI (National Research Grid Initiative) NII-REO (Repository of Electronic Journals and Online Publications NII: Toward Cyber-Science Infrastructure NII: Toward Cyber-Science Infrastructure Next-generation Academic Information Infrastructure for Interuniversity Collaboration UPKI: Authentication and Authorization Platform Cyber-Science Infrastructure SINET/SuperSINET National Academic Internet Backbone GeNii (Global Environment for Networked Intellectual Information) Corporation with Industry International Collaboration

UPKI: concept Authentication and Authorization platform for Cyber-Science Infrastructure in Japan Targets various applications SSO of Web services Network service wireless LAN roaming, VPN, public IP phone/Web terminals Grid computing Utilization PKI

UPKI: project member NII SINET Headquarter Authentication and Authorization Working Group Yasuo Okabe, Kyoto University (chair) Noboru Sonehara, NII (vice chair) Yoshiaki Takai, Hokkaido University Hideaki Sone, Tohoku University Hiroyuki Sato, University of Tokyo Yasushi Hirano, Nagoya University Shinji Shimojo, Osaka University Takahiro Suzuki, Kyushu University Satoshi Matsuoka, Tokyo Institute of Technology Setsuya Kawabata, KEK

repository registrar Campus Public Wireless AP Certif. Prof. A Pub key Certf. user Prof. A Policy mapping Hokkaido Univ. register Authentication for campus wireless LAN PKI Campus LAN authenticatio authorization private key PKI token Bridge CA CA Mutual auth Prof. A is visiting other univ. Roaming service Mutual auth

UPKI: requirements Scalability up to 800 universities in Japan Centralized system will never work Federated ID management is indispensable Security against so many cyber attacks and increasing physical attacks Privacy Compliant to the law of privacy protection in Japan Enforced since April Mobility Both students and professors may visit other universities Cost National Universities has become an independent agency since 2004.

UPKI: basic idea Deployment of Grid/PKI middleware for national academic AA infrastructure Management of faculty members, administrative staffs and students Virtual Organizations (VO) like committees, research groups or academic societies should be supported Targets all of Educational activities like E-learning Administrative works like exchange of credits among universities Research activities like Grid computing Other networking services like WLAN roaming and a single infrastructure is by all applications AA based on Federated Identity Management is the key PKI solves some authentication issues, but not all PKI itself has many problems in deployment

NAREGI National Research Grid Initiative collaboration projects among industry, academic sector and the government.

NAREGI Grid Middleware stack

NAREGI CA A full-fledged CA (Certificate Authority) Software for PKI Originally developed for Grid computing, but can be used for general purpose Free open source software Version is available at the download site

Comparison among CA softwares Producut nameIssue of Certif.CRL periodic al LDAPHSMMultipl e CA Profile managem ent HW token Operat or Loggin g NAREGI CA file, bulk, WEB, LCMP OpenSSL file ××× ×××× Microsoft Certificate Server WEB, LDAP (Active Directory only) (Domain Controlle r onlu) × (Domain Controller only) × (Event logging) Entrust Authority CMP, bulk, LDAP,WEB, SCEP × available × not available some restriction

Case study The Consortium of Universities in Kyoto Consortium of 50 universities in Kyoto 3 national, 2 prefectural, 2 municipal, 43 private Most of them are in the center area of Kyoto City Activities Shared lecture rooms near JR Kyoto Shinkansen station. Class for ordinary students, evening classes and classes for graduated adults Open Web terminals, WLAN services Exchange of credits among universities in very conventional manner How academic AAI will help them?

UPKI: issues How various services can be provided on a single AA infrastructure Web services Grid computing Network services Existing works GridShib: Shibolleth for non-web-based applications EduRoam campus wireless roaming service architecture EGEE multi-VO support and delegation via MyProxy E-authentication by the U.S. government GPKI, LGPKI and JPKI for Japanese e-government How we learn from and how we can collaborate with?

Summary UPKI national academic authentication and authorization infrastructure project has just started. Conducted by NII and the information infrastructure centers in 7 universities As a basis of CSI (Cyber Science Infrastructure), the next generation of SINET/SuperSINET Actually, federated identity management is unavoidable even in a (big) university And political issues also exist We have started later, so we have get same advantage International federation/collaboration is a very important issue.