Authorisation Jens Jensen, Phil Kershaw (STFC) et al. contrail is co-funded by the EC 7th Framework Programme under Grant Agreement nr. 257438 contrail-project.eu.

Slides:

Advertisements

Similar presentations

22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.

Advertisements

© 2006 Open Grid Forum Federated Identity in the Cloud OGF 32, Salt Lake City.

1 SensorWebs and Security Experiences Dan Mandl Presented at WGISS Meeting in Toulouse, France May 11, 2009.

CLARIN AAI, Web Services Security Requirements

Canada-EU Future Internet Workshop Waterloo, Canada March 24th, 2011 Ignacio M. Llorente DSA-Research.org Distributed Systems Architecture Research Group.

Implementing Federated Security with ConSec Jens Jensen, STFC OGF40, Oxford, 16 Jan 2014.

Contrail and Federated Identity Management

Module 5: Configuring Access to Internal Resources.

Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.

Movie Recommendation System

MTA SZTAKI Hungarian Academy of Sciences Grid Computing Course Porto, January Introduction to Grid portals Gergely Sipos

Seminar Grid Computing ‘05 Hui Li Sep 19, Overview Brief Introduction Presentations Projects Remarks.

Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Company LOGO Remote Method Invocation Georgi Cholakov, Emil Doychev, University of Plovdiv “Paisii.

H The MashMyData Project MashMyData [1] is a NERC (Natural Environment Research Council) funded Technology Proof of Concept project whose aim is to enable.

Globus Computing Infrustructure Software Globus Toolkit 11-2.

Web Service Implementation Maitreya, Kishore, Jeff.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

TOPIC 1 – SERVER SIDE APPLICATIONS IFS 234 – SERVER SIDE APPLICATION DEVELOPMENT.

© 2013 HP development company L.P. The Contrail Demonstrator and other use cases Christian Temporale, Hewlett Packard 1 contrail.

Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.

Survey of Identity Repository Security Models JSR 351, Sep 2012.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

London e-Science Centre Imperial College London Making the Grid Pay Economic Services - Pricing and Payment William Lee.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

The Internet Identity Layer OpenID Connect Update for HIT Standards Committee’s Privacy and Security Workgroup Wednesday, March 12th from 10:00-2:45 PM.

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

Interfedoperation Interoperating WS-Federation Jens Jensen, RAL OGF31/Taipei.

Distributed Objects and Middleware. Sockets and Ports Source: G. Coulouris et al., Distributed Systems: Concepts and Design.

Practical Access Control Using NDG Security e-Science All Hands Meeting 11 September 2007 Philip Kershaw BADC Bryan Lawrence BADC Jon Blower ESSC.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.

Cole David Ronnie Julio. Introduction Globus is A community of users and developers who collaborate on the use and development of open source software,

S imple O bject A ccess P rotocol Karthikeyan Chandrasekaran & Nandakumar Padmanabhan.

WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.

Problem Scope Objective To demonstrate/determine clearly the need for an edge protocol that allows a user to interact with an agent in the network for.

1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.

Cloud Service Provisioning Jens Jensen (STFC), Piyush Harsh (INRIA) et al contrail is co-funded by the EC 7th Framework Programme under Grant Agreement.

Intro to Web Services Dr. John P. Abraham UTPA. What are Web Services? Applications execute across multiple computers on a network.  The machine on which.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

1 - Genias and Contrail - WP14 Communication and Dissemination Ad Emmen, Genias Benelux bv contrail is co-funded by the EC 7th Framework Programme under.

Introduction to Web Services Presented by Sarath Chandra Dorbala.

EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B2ACCESS LSDMA.

Research and innovation Research and innovation 1 STEPMAN The project Development of a STEP and STEP-NC standard based integrated product lifecycle management.

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6 - Essentials of Design an the Design Activities.

Vmware 2V0-621D Vmware Exam Questions & Answers VMware Certified Professional 6 Presents

DM Collaboration – OMA & BBF: Deployment Scenarios Group Name: WG5 - MAS Source: Tim Carey, ALU, Meeting Date:

OGF 43, Washington 26 March FELIX background information Authorization NSI Proposed solution Summary.

FLEX - FIRE LTE TESTBEDS FOR OPEN EXPERIMENTATION PROJECT OVERVIEW Nikos Makris, University of Thessaly (UTH) Contract number: Starting date: 1/1/2014.

ECMWF 24 th November 2008 Deploying secure OGC services in front of a heterogeneous data archive. Bryan Lawrence, Phil Kershaw, Dominic Lowe, and Stephen.

The Mapper project receives funding from the EC's Seventh Framework Programme (FP7/ ) under grant agreement n° RI EGI and PRACE ecosystem.

Survey of Identity Repository Security Models JSR 351, Sep 2012.

Practical Access Control Using NDG Security

EMI Interoperability Activities

Unit – 5 JAVA Web Services

GF and RS, Dept. of CS, Mangalore University

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Web Services CO5027.

SharePoint Online Authentication Patterns

Western Mass Microsoft Technology Users Group

Data Portability It’s Mine, Mine, Mine!

Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS.

TDR authentication requirements

Presentation transcript:

Authorisation Jens Jensen, Phil Kershaw (STFC) et al. contrail is co-funded by the EC 7th Framework Programme under Grant Agreement nr contrail-project.eu 01

Background Using OAuth2 to obtain delegated certificate Project internally uses RESTful webservices – Except a few SOAPful instances Own implementation of OAuth2 – Python – Collaboration with NDG (CEDA) Need to use and delegate X.509 certificates

Use Cases for Delegation User credential – To virtual machine = access data Host credential – No longer needed? Virtual networks – secured with certificates

Non-interactive Delegation Interface (2-legged OAuth) 4

Interactive Delegation Interface (OAuth)

Delegation to VMI

Experiences Need to link access token with permissions – Authorisation server to resource server – Projects have investigated magic access tokens Interoperation between Java and Python impl. Full OAuth – need socket open on client!!! – Unusable for real life scenarios Protocol features – Some essential things out of scope of protocol: authentication, discovery – Relies heavily on HTTP redirections Not a standard yet – Simpler than OAuth – but getting complex??

Funded under: FP7 (Seventh Framework Programme) Area: Internet of Services, Software & virtualization (ICT ) Project reference: Total cost: 11,29 million euro EU contribution: 8,3 million euro Execution: From untill Duration: 36 months Contract type: Collaborative project (generic) contrail is co-funded by the EC 7th Framework Programme contrail-project.eu 09