TERENA TF-EMC2 Workshop David Groep, 2004.11.04

Slides:



Advertisements
Similar presentations
Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer
Advertisements

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
DOE’s PKI service for Grids Tony J. Genovese Malaga, Spain November 2003.
A responsibility based model EDG CA Managers Meeting June 13, 2003.
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp:// Call for note takers!
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
A history of the CACG, EUGridPMA, and the IGTF (and some next steps) First APGridPMA Face-to-Face Meeting Beijing David Groep,
National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney
Grid Security in EGEE/LCG ISGC 2005, Taipei, Taiwan 29 April 2005 David Kelsey CCLRC/RAL, UK
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Policy Issues for Identity Management (and other attributes) EGI Technical.
The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
Grid Trust Fabric TNC 2006, Catania 16 May 2006 David Kelsey CCLRC/RAL, UK
Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
The CA Distribution Process David Groep, July 2007.
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
LCG/EGEE Security Update HEPiX, Fall 2004 BNL, 18 October 2004 David Kelsey CCLRC/RAL, UK
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
DOE Grids New subordinate CP/CPS v2.3 New subordinate CP/CPS v2.3 New name DOEGrids.org New name DOEGrids.org Old name DOESciencegrid.org Old name DOESciencegrid.org.
Grid and NREN operational support Tony Genovese ATF team ESnet Lawrence Berkeley National Laboratory.
Updates from the EUGridPMA David Groep, July 16 st, 2007.
3-Nov-00D.P.Kelsey, HEPiX, JLAB1 Certificates for DataGRID David Kelsey CLRC/RAL, UK
3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK
TAGPMA & the Bridge WG (Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec 2006 PKI Activities and Applications Update - Chicago, IL.
European Grid Policy Management Authority. Event - 2/total Speaker Name – Coverage of the EUGridPMA Green: Countries with an accredited.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America EELA Infrastructure (WP2) Roberto Barbera.
White paper overview 2 nd eIRG meeting April, 16 th 2004 Fotis Karayannis, Editor GRNET - Greek Research & Technology Network
ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Distribution Repository Structure David Groep,
Updates from the EUGridPMA David Groep, May 9 st, 2007.
NRENs, Grids and Integrated AAI In Search For the Utopian Solution Christos Kanellopoulos AUTH/GRNET October 17 th, 2005 skanct at physics.auth.gr 2nd.
2-Sep-02D.P.Kelsey, WP6 CA, Budapest1 WP6 CA report Budapest 2 Sep 2002 David Kelsey CLRC/RAL, UK
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Updates from the European Side of the Pond David Groep, November 2006.
INFSO-RI Enabling Grids for E-sciencE An overview of EGEE operations & support procedures Jules Wolfrat SARA.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
EGEE is a project funded by the European Union under contract IST EGEE Security Åke Edlund Security Head EU IST-FP6 Concertation, 17 th September.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
EGEE is a project funded by the European Union CA overview and requirements Ognjen Prnjat, Nikos Vogiatzis GRNET EGEE-SEE regional kick-off, April 7-8.
18-May-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) Barcelona 18 May 2004 David Kelsey CCLRC/RAL, UK
TACAR Updates version David Groep, NIKHEF. 9 th EUGridPMA ‘RAL’ meeting – Jan David Groep – TACAR Aims  Trusted and.
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
David Groep Nikhef Amsterdam PDP & Grid Bring the WLCG federation Home Extending your trust options beyond bottom-up identity by collaborating with global.
Security, Authentication and Authorization on Grid Computing 1st Chinese-French workshop on LHC Physics and Associated Grid Computing Beijing, December.
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security aspects (based on Romain Wartel’s.
Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.
GRID-FR French CA Alice de Bignicourt.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Ake Edlund for JRA3 EGEE EU Review (CERN) May 23-24, 2006.
INFSO-RI Enabling Grids for E-sciencE JRA3 Åke Edlund On behalf of JRA3 EGEE 8th All-activity meeting January 18-19,
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
Bob Jones EGEE Technical Director
Classic X.509 AP updates (v4.1)
LCG Security Status and Issues
HellasGrid CA & euGridPMA
SWIM Common PKI and policies & procedures for establishing a Trust Framework                           Kick-off meeting Patrick MANA Project lead 29 November.
Presentation transcript:

TERENA TF-EMC2 Workshop David Groep,

TF-EMC2 meeting, November David Groep – A PKI for Grids  PKI model fits the lack of hierarchical relations between users and resources in the Grid  Users can join collaborations (VOs), that are independent of both resources and home organisations  mainly unilateral trust relations (RP/subscriber -> CA) limited mutual trust (CA->CA within PMA)  Both users and services need a credential  Revocation:  of authZ via the VOs,  of AuthN via the CAs (latter only of the identity is compromised)

TF-EMC2 meeting, November David Groep – The EUGridPMA European Grid Authentication Policy Management Authority for e-Science  Coordinates authentication for people and services for European, national, and related Grid projects EGEE, DEISA, SEEGRID, LCG, …  PMA manages authentication guidelines policies  Trust domain for research and academic grids

TF-EMC2 meeting, November David Groep – Certificate Authority Coordination  Evolved from the CA Coordination Group in DataGrid, CrossGrid, LCG, …  collection of national and regional CAs  better local identity vetting  national legislation  all meet or exceed minimum requirements  identity checking (in-person, photo-ID)  physical security (signing key protection, storage)  naming (unique certificate names)  revocation (updated lists, retrieval)  Clearly defined accreditation procedure  Basic tools and distribution mechanisms

TF-EMC2 meeting, November David Groep – Accreditation process  Codification of procedures in a CP(S) for each CA  de facto lots of copy/paste, except for vetting sections  Peer-review process for evaluation  comments welcomed from all PMA members  two assigned referees  In-person appearance during the review meeting

TF-EMC2 meeting, November David Groep – Accredited Authorities  Everyone (almost) in Europe has a national CA  Green: CA Accredited  Yellow: being discussed Other Accredited CAs:  DoEGrids (US)  GridCanada  ASCCG (Taiwan)  ArmeSFO (Armenia)  CERN  Russia (HEP)  FNAL Service CA (US)  Israel  Pakistan

TF-EMC2 meeting, November David Groep – The Catch-All CAs Project-centric “catch all” Authorities  For those left out of the rain in EGEE  CNRS “catch-all” (Sophie Nicoud)  coverage for all EGEE partners  For the South-East European Region  regional catch-all CA  For LCG world-wide  DoeGrids CA (Tony Genovese & Mike Helm, ESnet)  Registration Authorities through Ian Neilson

TF-EMC2 meeting, November David Groep – Distribution RPM distribution to facilitate deployment projects  validation must be done via TACAR (or out-of-band means)  releases contain  CA root cert  CRL URL  CA URL  namespace-policy file (used by software for enforcement)  dependency information (for hierarchical PKIs)  meta-RPMs “ca_policy_eugridpma” for triggering dependencies in install software (yum/apt)  releases every ~ 4-12 weeks

TF-EMC2 meeting, November David Groep – Global interoperation  PMAs collaborate bilaterally in an interoperation framework: the International Grid Federation see Americas PMA being formed EUGridPMA APGridPMA

TF-EMC2 meeting, November David Groep – Commonality  Common services to all European eInfrastructure  EUGridPMA:  All EU Grid infrastructure FP6 programmes  CAs also cover inter-organisational national projects  TERENA TACAR provides the trust validation  Grid projects rely on TACAR to validate roots-of-trust  Minimum Requirements form bases of IGF  Coherency in AP modelled on EUGridPMA  Americas are planning to build an AMSGridPMA

TF-EMC2 meeting, November David Groep – Current topics of discussion  Continuing updates to minimum requirements as experience grows to comply better with evolving Grid middleware to comply with evolving industry standards  User key hygiene worries abound Can the user be trusted with key care? (hardly…)  Complexity for users, services the server-certificate service!  On-line CA methodologies Guidelines and Minimum Requirements Site-local solutions (SIPS) Active Certificate Stores (credential repositories, escrow services) CA-generated key pairs and ease-of-use

TF-EMC2 meeting, November David Groep –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.