Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

Slides:



Advertisements
Similar presentations
The Access Grid Ivan R. Judson 5/25/2004.
Advertisements

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
VO Support and directions in OMII-UK Steven Newhouse, Director.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
MyProxy: A Multi-Purpose Grid Authentication Service
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Grid Services at NERSC Shreyas Cholia Open Software and Programming Group, NERSC NERSC User Group Meeting September 17, 2007.
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)
Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
3-Nov-00D.P.Kelsey, HEPiX, JLAB1 Certificates for DataGRID David Kelsey CLRC/RAL, UK
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Actualog Social PIM Helps Companies to Manage and Share Product Information Using Secure, Scalable Ease of Microsoft Azure MICROSOFT AZURE ISV PROFILE:
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Internet2 AdvCollab Apps 1 Access Grid Vision To create virtual spaces where distributed people can work together. Challenges:
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.
1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.
Using the ARCS Grid and Compute Cloud Jim McGovern.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
MAPS Middleware Action Plan & Strategy Project Middleware Action Plan & Strategy Project (MAPS) Patricia McMillan, Project Manager.
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
Built on the Powerful Microsoft Azure Platform, Forensic Advantage Helps Public Safety and National Security Agencies Collect, Analyze, Report, and Distribute.
Tutorial on Science Gateways, Roma, Riccardo Rotondo Introduction on Science Gateway Understanding access and functionalities.
European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland.
Discover How You Can Increase Collaboration with External Partners While Reducing Your Cost in Managing an Extranet from the Azure Cloud MICROSOFT AZURE.
Bringing Federated Identity to Grid Computing Dave Dykstra CISRC16 April 6, 2016.
Accessing the VI-SEEM infrastructure
WLCG Update Hannah Short, CERN Computer Security.
LIGO Identity and Access Management
Neil Witheridge’s slides
Australia's National Information Infrastructure for Research Markus Buchhorn Director, ICT Environments, The Australian National University (and APAC,
Community AAI with Check-In
AAI in EGI Status and Evolution
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010

Neil Witheridge APAN29 Sydney February 2010 Overview ARCS & Platforms for Collaboration ARCS Mission & Structure Research Group Needs ARCS Services and Tools Authorisation Services’ Role ARCS Authorisation Infrastructure Strategy, Challenges & Future direction

Neil Witheridge APAN29 Sydney February 2010 Australian Government eResearch Investment National Collaborative Research Infrastructure Strategy - Platforms for Collaboration (PfC) investment ( ) Super Science Initiative eResearch Components ( ) … critical importance of eResearch Infrastructure to future research competitiveness … intended to enhance research collaborations, assist researchers to manage massive data sets, and provide super- computing and analysis tools that enable Australian researchers to tackle the complex, national and global issues needed to secure Australia's future. Source:

Neil Witheridge APAN29 Sydney February 2010 Platforms for Collaboration PfC component investments: Australian Research Collaboration Service (ARCS) – Develop and operate services linking systems and resources nationwide – Develop and operate collaboration and workflow tools for researchers – Includes “Authorisation Services” Australian National Data Service (ANDS) National Computational Infrastructure (NCI) Australian Access Federation (AAF) and Research Networks (AARNET) Source:

Neil Witheridge APAN29 Sydney February 2010 ARCS Mission To provide long-term eResearch support services including, but not limited to, interoperability and collaboration infrastructure and services through a continuous and open process of consultation and engagement with the Australian research community. ARCS is an unincorporated collaborative venture of the Members of ARCS: ANU, CSIRO, eRSA, Intersect, QCIF, iVEC, TPAC, VPAC … serves as the vehicle for the coordinated delivery of national eResearch support, services and tools. Source:

Neil Witheridge APAN29 Sydney February 2010 Research Group Needs CMS / Wiki Instrument Data Storage HPC Grid Services Repository Analyse Data Write & Publish Report Store Data Run Experiment Generate Data Collaboratively Create web content VO configured for accessing Grid resources Collaborate Communicate Meet Authentication and authorisation for protection of valuable resources Researcher Principal Investigator Researchers Research Group IdP Identity Mgnt in AAF IdP(s) IdP AAF

Neil Witheridge APAN29 Sydney February 2010 ARCS’ Current Tools and Services Compute Cloud* Grid Services Infrastructure* Virtual Machine Hosting Data Fabric* Database Service Data Transfer Service * Immediately accessible, others require request and coordinated provision to research group. Web-based Collaboration – Sakai – Plone – Jabber – Joomla – Twiki Video Collaboration – Desktop solution: EVO* – Room solution: Access Grid Security Services – Grid Certificates* – Access Service

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Role Support Research Groups and Service Providers in delivering services requiring authentication and authorisation (authNZ) Analyse requirements, and provide expertise, advice, exemplars Exemplars (demonstrate what can be done to protect resources) Implement (procure/develop) and deploy authNZ solutions satisfying research groups’ and service provider’s security requirements Provide customer support for ARCS Authorisation Services ARCS CA’s, ARCS IdP, ARCS SLCS Server & Clients, ARCS Access Service Develop and pursue a ‘unified strategy’ for authNZ Apply security technologies and protocols & track international trends Rely on the AAF for Federated Access (i.e. use Shibboleth) Integrate with Grid Security Infrastructure Analyse access scenarios and identify patterns & solutions

Neil Witheridge APAN29 Sydney February 2010 ARCS Access Service Provides a Gateway to ARCS Services Registration (assignment of Default Authorisation Rights) Tracking user communities (auEduPersonSharedToken) Allocate ARCS Username (ARCS Services unique identifier) consistent user naming across ARCS Services Caching attributes at time of registration Allow detection of attribute change (e.g. IdP, affiliation) Authorisation Rights Management Register Authorisation Rights tokens urn: :

Neil Witheridge APAN29 Sydney February 2010 Current focus on Authentication IdP ARCS CMS / Wiki Instrument ARCS Data Fabric HPC (Grid) ARCS Repository researcher Belongs to Federation IdP Analyse Data Research Group Member of Research Group Write & Publish Report Store Data Run Experiment Generate Data Collaboratively Create web content VO configured for accessing Grid resources SP ARCS SLCS Service SP ARCS IdP Check SP ARCS Access Service Register via Access Service for SLCS, Data Fabric, Wiki, Repository Generate Grid (SLCS) Credential Confirm Attributes Released by IdP SP GSI SP GSI SP LDAP webDAV

AAF Identity Provider Authenticate ARCS SLCS CA SP ARCS SLCS Service Grid Cert enabled Service ARCS internal/ backend processing Get SLCS Certificate Access using IdP username and password via AAF Login Access using ARCS SLCS cert or proxy (e.g. Grid Services, iRODS via iCommands) ARCS MyProxy Get Proxy Certificate Arbitrary username & password ARCS LDAP Access using ARCS username and password ARCS username & password Register ARCS internal/ backend processing SP (12 wks timeout) ARCS Access Service ARCS Cred’s enabled Service Access using IdP username and password via AAF Login (e.g. Data Fabric via webDAV) SP AAF- enabled Service ARCS internal/ backend processing Access using IdP username and password via AAF Login (e.g. Data Fabric, Plone, TWiki)

Neil Witheridge APAN29 Sydney February 2010 ARCS Auth Svcs Future Directions Authentication IGTF Accreditation for SLCS (Level-2) CA Explore MICS (Long-lived Grid credentials from IdPs) Understand AAF & Shibboleth Roadmap implications New Shibboleth profiles (ECP, Key-holder) AusCERT PKI and implications Understand Grid Services trends and implications Authorisation Develop and utilise the ARCS Access Service Implement Authorisation Rights Management Develop authorisation exemplars (e.g. use of XACML)

Neil Witheridge APAN29 Sydney February 2010 Thankyou Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.