LIGO's Evolving Certificate Authority and Account Management Needs Warren G. Anderson University of Wisconsin-Milwaukee LIGO Scientific Collaboration.

Slides:

Advertisements

Similar presentations

Customer Service through Technology Michael Jordan, Director of Operations ESP Computer Services …or How Programming and Technology Can Contribute to Better.

Advertisements

EAuthentication Before accessing the Delphi eInvoicing System, you must be an authenticated user. This authentication process is called eAuthentication.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Sonnenglanz Consulting BV 28 September CPA Management Idea’s for large-scale deployments E.J. Van Nigtevecht Sonnenglanz Consulting BV.

OSG PKI RA Training Mine Altunay, Jim Basney OSG PKI Team October 1, 2012.

Report on Attribute Certificates By Ganesh Godavari.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,

Tele’Ware Software Application. Helping you manage your clients….

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Grid Services at NERSC Shreyas Cholia Open Software and Programming Group, NERSC NERSC User Group Meeting September 17, 2007.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Getting grid-enabled Steps involved: personal grid certificate  Request a certificate from:

CSCI 6962: Server-side Design and Programming

NAMS Account Activation Training. 2 What is NAMS? The NASA Account Management System is NASA’s centralized process for requesting and maintaining accounts.

EPCC, University of Edinburgh DIRAC and SAFE. DIRAC requirements DIRAC serves a variety of different user communities. –These have different computational.

Secure Electronic Transaction (SET)

AUTHORIZATION STEPS Fingerprinting Authorizations Responsibilities School Bus Driver Inservice

OSG PKI Grid Admin (GA) Training Mine Altunay, Jim Basney OSG PKI Team October 8, 2012.

CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.

VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.

OSG RA plans Doug Olson, LBNL May Contents RA, agent, sponsor layout & OU=People use case Sample web form Agent Role GridAdmin Role Questions.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

G RID M IDDLEWARE AND S ECURITY Suchandra Thapa Computation Institute University of Chicago.

Computing Division Helpdesk Activity Report Rick Thies May 23, 2006.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

The huge amount of resources available in the Grids, and the necessity to have the most up-to-date experimental software deployed in all the sites within.

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

Google Apps (Education Edition) A step guide to a successful deployment January 10 th, 2008 California Technology Assistance Project

Rob Quick OSG Operations Area Coordinator Manager High Throughput Computing Indiana University Integrating OSG Operational Services Rob Quick OSG Operations.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch October 16, 2012.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

INFSO-RI Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.

G Z LIGO's Physics at the Information Frontier Grant and OSG: Update Warren Anderson for Patrick Brady (PIF PI) OSG Executive Board Meeting Caltech.

OSG RA, DOEGrids CA features Doug Olson, LBNL August 2006.

The NGS Support Centre Katie Weeks. NGS Support Centre SLD Many areas to NGS Support Centre –SLD defines supported areas including: Certification Authority.

EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.

Support Services APIs Support Case Management API Dispatch Request API Warranty Status API.

X509 Web Authentication From the perspective of security or An Introduction to Certificates.

Gilda certificates. Certification Authority

OSG Security: Updates on OSG CA & Federated Identities Mine Altunay, PhD OSG Security Team OSG AHM March 24, 2015.

OSG PKI Transition Mine Altunay OSG Security Officer

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

A Survey of Certificate Management Processes and Procedures in OSG Gabriel Ghinita and Mine Altunay

Computing Division Helpdesk Activity Report Rick Thies October 10, 2006.

Certificate Security For Users Obtaining and Using Your Personal Certificate using the OSG PKI Kyle Gross – OSG Operations Support Lead Elizabeth Prout.

Virtual Organization Management Registration Service (VOMRS) T. Levshina J. Weigand S. White Co-Authors: L. Bauerdick, G. Carcassi, I. Fisk, A. Heavey,

Bringing Federated Identity to Grid Computing Dave Dykstra CISRC16 April 6, 2016.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Authentication, Authorisation and Security

OGF PGI – EDGI Security Use Case and Requirements

EDC Process Proposal Brian Brandaw Manager of IT Common Platforms

CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather.

Information Security message M one-way hash fingerprint f = H(M)

Creating a new Central Data Exchange (CDX) Account (to access NetDMR)

جايگاه گواهی ديجيتالی در ايران

To the ETS – Encumbrance Online Training Course

PKI (Public Key Infrastructure)

Module 2.1 Facilities Management

Presentation transcript:

LIGO's Evolving Certificate Authority and Account Management Needs Warren G. Anderson University of Wisconsin-Milwaukee LIGO Scientific Collaboration

20/08/2006Seattle, WA2 Outline Concerns for certificates for LIGO Data Grid (not OSG) users. Quick revocation (obsolete/done) Identification of LIGO certificate requests (done) Automatic coupling of certificates to accounts (LIGO) Persistent certificates (OSG/LIGO) LIGO specific infrastructure (OSG/LIGO) General RA agent issues (OSG)

20/08/2006Seattle, WA3 Quick Revocation (obsolete/done) LIGO Computing Committee (LCC) requested that LIGO CA have ability for quick (<24 hr) revocation to control account access. Account control for LIGO data grid should be done at account level, not certificate level. Immediate revocation available via DOEGrids certificate management web interface.

20/08/2006Seattle, WA4 Identification of LIGO Certificate Requests (done) In the past, LIGO users have received certificates through non-LIGO iVDGL channels.  e.g. A LIGO user is at an institution who belongs to iVDGL via CMS/Atlas AND LIGO. User gets certificate through CMS/Atlas channel but wants to use it for LIGO account.  Nothing wrong with this in principle, but it caused confusion because it was assumed that all iVDGL certs used to apply for LIGO accounts were authenticated through LIGO channels. LIGO as OSG VO has resolved this issue. We have fixed our scripts, still need to train our users.

20/08/2006Seattle, WA5 Automatic Coupling of Certificates to Accounts (LIGO) LCC has requested that approval of certificate by LIGO CA automatically invoke creation of accounts without a second user verification step. This can be implemented in the context of DOEGrids via the script that retrieves the signed certificate from the DOEGrids web interface.

20/08/2006Seattle, WA6 Automatic Coupling of Certificates to Accounts (LIGO)

20/08/2006Seattle, WA7 Persistent Certificates (OSG/LIGO) LIGO is starting real-time analysis of multiyear data sets.  As data is acquired, metadata is published at intervals of minutes.  For each astrophysical search, an instance of the Online Analysis System (onasys) runs continuously, managing data analysis.  onasys queries metadata at regular intervals (a few minutes to a day) to determine what new data is available.  Service certificates used for GSI-based query authentication.  If service certificate (or CA certificate) expires before end of data- taking, data analysis halts until new certificates are acquired.

20/08/2006Seattle, WA8 LIGO Specific Infrastructure (OSG/LIGO) To reduce confusion at LIGO in dealing with certificates, LIGO requests:  LIGO specific metadata – LIGO is a distributed effort. LIGO RA's depend on LIGO group PI's to verify user requests for certificates. –It would be nice if the group PI information input by the user in the certificate request could be transmitted to RA agents.  LIGO specific retrieval/renewal messages – LIGO has custom scripts for retrieving (LSCretrieveCert) and renewing (LSCrenewCert) certificates. –We would like to replace DOE generic instructional s with s giving urls of our instructions for using our scripts (and DOE serial #).

20/08/2006Seattle, WA9 General RA Agent Issues (OSG) To aid in RA agent responsibilities:  VO specific RA s – Is there anyway that RA agents can be notified of only requests pertaining to certificates for their VO?  Ability to change request fields – for instance, changing affiliation for users who enter iVDGL instead of OSG:LIGO.  Certificate management documentation – is there documentation to help RA agents make more efficient use of the web interface, e.g.: –What is the difference between “reject” and “cancel”? –Can RA agents use the validity dates fields to grant certificates of longer/future periods of validity (valid for 2 years, or starting next year).