National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

Slides:



Advertisements
Similar presentations
Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.
Advertisements

GridWorld 2006 Use of MyProxy for the FusionGrid Mary Thompson Monte Goode GridWorld 2006.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
MyProxy Jim Basney Senior Research Scientist NCSA
GT 4 Security Goals & Plans Sam Meder
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
MyProxy: A Multi-Purpose Grid Authentication Service
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
Jim Basney GSI Credential Management with MyProxy GGF8 Production Grid Management RG Workshop June.
Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:
Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.
Grid Security. Typical Grid Scenario Users Resources.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
Deploying the TeraGrid PKI Grid Forum Korea Winter Workshop December 1, 2003 Jim Basney Senior Research Scientist National Center for Supercomputing Applications.
National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney
GGF15 Workshop MyProxy Integration with PubCookie Marty Humphrey*, Jim Jokl*, and Jim Basney** *Department of Computer Science, University of Virginia,
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.
Single Sign-On for Java Web Start Applications Using MyProxy Terry Fleury, Jim Basney, and Von Welch November 3, 2006.
Simo Niskala Teemu Pasanen
Globus Computing Infrustructure Software Globus Toolkit 11-2.
MyProxy NMI Integration Jim Basney, NCSA Marty Humphrey, University of Virginia
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.
National Computational Science National Center for Supercomputing Applications National Computational Science Alliance Setup Package Requirements Jim Basney.
National Computational Science National Center for Supercomputing Applications National Computational Science MyProxy: An Online Credential Repository.
Scaling Account Creation and Management through the TeraGrid User Portal Contact: Eric Roberts
Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor
Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor
High Performance Louisiana State University - LONI HPC Enablement Workshop – LaTech University,
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
ESP workshop, Sept 2003 the Earth System Grid data portal presented by Luca Cinquini (NCAR/SCD/VETS) Acknowledgments: ESG.
Managing Credentials with MyProxy Jim Basney National Center for Supercomputing Applications University of Illinois
Using the MyProxy Online Credential Repository Jim Basney National Center for Supercomputing Applications University of Illinois
Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
An OGSI CredentialManager Service Jim Basney, Shiva Shankar Chetan, Feng Qin, Sumin Song, Xiao Tu National Center for Supercomputing Applications, University.
Institute For Digital Research and Education Implementation of the UCLA Grid Using the Globus Toolkit Grid Center’s 2005 Community Workshop University.
Holding slide prior to starting show. A Portlet Interface for Computational Electromagnetics on the Grid Maria Lin and David Walker Cardiff University.
National Computational Science National Center for Supercomputing Applications National Computational Science Credential Management in the Grid Security.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Grid Security: Authentication Most Grids rely on a Public Key Infrastructure system for issuing credentials. Users are issued long term public and private.
Part 9: MyProxy Pragmatics This presentation and lab ends the GRIDS Center agenda Q: When do we convene again tomorrow?
EGEE-II INFSO-RI Enabling Grids for E-sciencE The GILDA training infrastructure.
GRIDS Center Middleware Overview Sandra Redman Information Technology and Systems Center and Information Technology Research Center National Space Science.
The MyProxy Online Credential Repository Jim Basney NCSA
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.
1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.
National Computational Science National Center for Supercomputing Applications National Computational Science Integration of the MyProxy Online Credential.
GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda.
Office of Science U.S. Department of Energy Grid Security at NERSC/LBL Presented by Steve Chan Network, Security and Servers
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
Feb 2-4, 2004LNCC Workshop on Computational Grids & Apps Middleware for Production Grids Jim Basney Senior Research Scientist Grid and Security Technologies.
1 Grid School Module 4: Grid Security. 2 Typical Grid Scenario Users Resources.
Using the MyProxy Online Credential Repository Jim Basney National Center for Supercomputing Applications University of Illinois
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.
Grid Security.
Creating and running applications on the NGS
The GENIUS Security Services
Use of MyProxy for the FusionGrid
Presentation transcript:

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview NASA IPG Workshop February 6, 2003 Jim Basney

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science FY02 Deliverables Grid Testbed –Support for Grid computing between IPG and NCSA resources –SGI Origin 2000 and Intel Linux clusters Grid Infrastructure Support and Development –GSI-enabled OpenSSH –MyProxy Online Credential Repository

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science Grid Testbed Results Support for Grand Challenge milestone –Expedited NCSA account requests with grid- mapfile entries –Resolved problems encountered with Grid services at NCSA –Resolved compatibility issues –GRAM, GSISSH, GridFTP, MDS –Grid Information Services provided –NCSA resources reporting to IPG GIIS

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science GSI-enabled OpenSSH Overview Secure single sign-on for remote login (ssh) and file transfer (scp/sftp) –Adds GSI authentication and delegation to standard OpenSSH software –Co-exists with other SSH authentication mechanisms (password, host-based,...)

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science GSISSH FY02 Results NCSA supported since January 2002 Packaged with Grid Packaging Tools (GPT) –Support for Globus Toolkit 2.0 & 2.2 Tracked OpenSSH releases –3.0.2p1, 3.1p1, 3.2.3p1, 3.3p1, 3.4p1, 3.5p1 –Support for privilege separation added Added GSI authentication over SSH1 protocol for backward-compatibility Added implicit subject to login name mapping using grid-mapfile –Don’t need to remember different usernames at different sites

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science MyProxy Overview Online repository for Grid credentials –Credentials encrypted with user’s passphrase Allows Grid portals to retrieve credentials to act on your behalf –Used by Allows you to retrieve credentials when and where you need them Allows trusted services to renew your credentials when needed

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science MyProxy FY02 Results Packaged with Grid Packaging Tools (GPT) –Support for Globus Toolkit 2.0 & 2.2 Added support for –Users retrieving credentials directly –Storing multiple credentials per user –Per-credential access policies –Encrypting credentials in the repository –Credential renewal Ongoing work –Integration with Condor-G for credential renewal –Single sign-on to Grid portals –Support for storing long-term credentials with optional CA integration (myproxy-adduser)

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science Using MyProxy with Grid Portals Drawbacks: –Sends password to portal –Separate sign-on to each Grid portal Grid Portal MyProxy Server Username Password Proxy Credential

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science Secure Portal Sign-on with MyProxy 1.Visit portal 2.Redirect to MyProxy 3.MyProxy password- based login 4.Store MyProxy session cookie & redirect to portal with portal cookie 5.Portal authenticates with cookie 6.Portal retrieves credential Grid Portal MyProxy Server User Workstation

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science Web Single Sign-on with MyProxy 1.Visit another portal 2.Redirect to MyProxy 3.MyProxy login with session cookie 4.Redirect to portal with portal cookie 5.Portal authenticates with cookie 6.Portal retrieves credential Grid Portal MyProxy Server User Workstation

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science Credential Renewal Long-lived jobs need credentials –Job lifetime is difficult to predict Don’t want to delegate long-lived credentials –Fear of compromise Instead, renew credentials as needed during the job’s lifetime –Renewal service provides a single point of monitoring and control –Renewal policy can be modified at any time –For example, disable renewals if compromise is detected or suspected

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science Credential Renewal Job Broker MyProxy Server Resource Manager Job HomeRemote Submit Jobs Enable Renewal Launch Job Retrieve Credentials Refresh Credentials

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science Enterprise Credential Repository Credentials generated and stored in online repository at account creation time –Users retrieve short-term credentials when needed –Optionally allow experts to retrieve long-term credentials Long-term credentials stored securely in repository –Revoke credentials by removing from repository –Long-term credentials can be automatically renewed –Site-wide password policies can be enforced –Monitor repository to detect credential compromise Unlike online CA, separates credential creation and management for more flexibility

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science Managing Many Grid Credentials Identity credentials –Different mechanisms (X.509, Kerberos,.NET) –Different authorities (CAs, KDCs) –Different purposes (authentication, signing, encryption) –Different roles (project-based, security levels) Authorization credentials –X.509 attribute certificates –SAML/XACML/XrML assertions Trusted credentials –CA certificates and policies –Other certificates and public keys (SSH, PGP)

National Computational Science National Center for Supercomputing ApplicationsNational Computational Science Credential Wallet User interface to credential management –Add, remove, or modify credentials –Associate policies with credentials –Create authorization credentials –Receive notification of events One-stop credential access point –Single sign-on unlocks credentials for a session –Retrieve short-term credentials into web browser –Contains pointers to available credential services Manage credentials on my behalf –Example: credential renewal