Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

Introduction of Grid Security

Security Design and Solution in ARC1 Weizhong Qiang University of Oslo April 9, 2008.

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.

Identity Network Ideals – Heterogeneity & Co-existence

GT 4 Security Goals & Plans Sam Meder

Supporting further and higher education Grid Security: Present and Future Alan Robiette, JISC Development Group.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

Service Bus Service Bus Access Control.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.

A Unified Approach to Trust, Delegation, and Authorization Blair Dillaway, Greg Fee Microsoft Corporation Presented at GGF18 Copyright © 2006, Microsoft.

GRID Security Infrastructure: Overview and problems PKI-COORD Meeting, Amsterdam November 26, 2001 Yuri Demchenko.

CS 603 CORBA Security April 3, Security Service: Overview Goals –Confidentiality –Integrity –Accountability –Availability Where –IDL for security.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.

Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

SIMDAT Authentification and Autorisation Matteo Dell’Acqua ET-CTS meeting, Toulouse, May 2008.

SWIM-SUIT Information Models & Services

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

Supporting education and research Security and Authentication for the Grid Alan Robiette, JISC Development Group.

Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.

A Security Architecture for Computational Grids Ian Foster, Carl Kesselman, Gene Tsudik, Steven Tuecke Reporter : Po - Jen Lo.

Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

Prabath Siriwardena – Software Architect, WSO2. Patterns Standards Implementations Plan for the session.

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,

INSA LYON1 Security Policy Configuration Issues in Grid Computing Environments George Angelis, Stefanos Gritzalis, and Costas Lambrinoudakis Presentation.

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

National Computational Science National Center for Supercomputing Applications National Computational Science Integration of the MyProxy Online Credential.

X.509 Proxy Certificates for Dynamic Delegation Ian Foster, Jarek Gawor, Carl Kesselman, Sam Meder, Olle Mulmo, Laura Perlman, Frank Siebenlist, Steven.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

Globus: A Report. Introduction What is Globus? Need for Globus. Goal of Globus Approach used by Globus: –Develop High level tools and basic technologies.

E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content:  Seek feedback on.

Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.

EGEE is a project funded by the European Union CA overview and requirements Ognjen Prnjat, Nikos Vogiatzis GRNET EGEE-SEE regional kick-off, April 7-8.

DataGrid Security Wrapup Linda Cornwall 4 th March 2004.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

OGSA-WG Basic Profile Session #1 Security

University of Virginia, USA GGF9, Chicago, Illinois, US

Technical Approach Chris Louden Enspier

Grid Security Infrastructure

Presentation transcript:

Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004

Manish Mehta, CS 590L Overview Grid applications are  Distributed  Heterogeneous environments  Within dynamic “virtual organizations”

Manish Mehta, CS 590L OGSA aims at.. Interoperable and Usable Grids for industry, e-science, and e-business. This demands …  Trust Relationship  Secure Communication

Manish Mehta, CS 590L What Security Services are required? Authentication Authorization Confidentiality Integrity Non-repudiation Secure Delegation

Manish Mehta, CS 590L What is current status? OGSA-Sec-WG has a draft out (June 2003) Web Services (WS) Architecture has gained more attention The Grid security is going to be based on WS security Architecture. GGF has not yet accepted the WS architecture fully. But seems that they don’t have choice.

Manish Mehta, CS 590L OGSA Security Architecture

Manish Mehta, CS 590L OGSA Security Architecture (contd.)

Manish Mehta, CS 590L Basic requirements for authentication Credential processing  Validate authentication tokens Authorization  Evaluate the request against policy Credential Conversion  Bridging different Trust Domains Identity Mapping  Map identities in different domains

Manish Mehta, CS 590L GT2 model Uses PKI  Kerberos, SSH, CRISIS were also reviewed. Claims to introduce “proxy certificates” Single entity decides its own Trust Domain (consequence of PKI) Uses SSL

Manish Mehta, CS 590L GT3 Model 2 main advantages over GT2  Use of WS security protocol  Tight least-privilege model Main Difference  Uses SOAP as opposed to TCP

Manish Mehta, CS 590L What are the problems? (Mainly due to WS security architecture) Extension of the existing SSL infrastructure and use of authentication tokens at service level. Need for authentication and authorization demands more than SSL. (Two-way) Due to dynamic creation of services, key management becomes an issue.

Manish Mehta, CS 590L What is needed in future? The WS security architecture is also immature and ill defined. Concrete specification needed. OGSA does not fully adopt the WS security. GGF has to patch the holes in Architecture.