Discussions on the Life Ray Portal and credential management David Groep, Oct 11 th, 2011.

Slides:



Advertisements
Similar presentations
INFN CA1 active since July manager: –Roberto Cecchini types of certificates released: –personal –server –object signing.
Advertisements

Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
INFSO-RI Enabling Grids for E-sciencE Portals and Authentication Issues and Solution Directions from a CA and IGTF Perspective David.
4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp:// Call for note takers!
Bridging the Usability Gap New models for secure and usable authentication APGridPMA Plenary Meeting Taipei, 8 March 2010.
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Policy Issues for Identity Management (and other attributes) EGI Technical.
CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.
The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin
Updates from the EUGridPMA David Groep, Apr 20 th, 2009.
Updates from the EUGridPMA David Groep, Oct 11 th, 2011.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
© 2006 Open Grid Forum Some Thoughts on IDEL OGF37, Charlottesville, VA, US David Groep, Nikhef based also on work by Willem van Engen en Mischa Salle.
Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.
Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA
Large-scale issuing of host certs in a member-integrated or institutional CA environment.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
The CA Distribution Process David Groep, July 2007.
Networks ∙ Services ∙ People David Groep TCS TNC2015 Workshop TCS SAML demo background June 16, 2015 TCS PMA.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
Revocation in MICS §4.4 May 11-13, 2009 Zürich, Switzerland.
TERENA TF-EMC2 Workshop David Groep,
Updates from the EUGridPMA David Groep, July 16 st, 2007.
EUGridPMA Status, current trends and some technical topics March 2013 Boulder, CO, USA David Groep, Nikhef & EUGridPMA.
Updates from the EUGridPMA David Groep, Nov 7 nd, 2008.
EUGridPMA status and updates David Groep, GGF18. EUGridPMA Status Update, TAGPMA Ottawa David Groep – Items  EUGridPMA.
White paper overview 2 nd eIRG meeting April, 16 th 2004 Fotis Karayannis, Editor GRNET - Greek Research & Technology Network
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.
SHA-2, current trends and some technical topics March 2013 Taipei, TW David Groep, Nikhef & EUGridPMA.
National Institute of Advanced Industrial Science and Technology Some topics from the OGF20 and the EUGrid PMA F2F Meeting Yoshio Tanaka Grid Technology.
EUGridPMA Status, current trends and some technical topics March 2013 Taipei, TW David Groep, Nikhef & EUGridPMA.
Distribution Repository Structure David Groep,
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
IOTA AP Towards Differentiated Identity Assurance David Groep, Nikhef supported by the Netherlands e-Infrastructure and SURFsara.
Updates from the EUGridPMA David Groep, May 9 st, 2007.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Updates from the European Side of the Pond David Groep, November 2006.
EUGridPMA status and updates David Groep, TAGPMA Ottawa Summit 2006.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF EUGridPMA status update SHA-2, OCSP, and more David.
Grid Security Update David Kelsey (RAL) HEPiX, LBNL 28 Oct 2009.
TACAR Updates version David Groep, NIKHEF. 9 th EUGridPMA ‘RAL’ meeting – Jan David Groep – TACAR Aims  Trusted and.
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
EUGridPMA Status Review … and proposals February 28, 2012 Taipei, TW David Groep, Nikhef, EUGridPMA, EGI and BiG Grid.
20-21 January 2005 Athens, January 2005 HellasGrid CA & euGridPMA EGEE 3rd Parties Advanced Induction Course January, NTUA, Athens Kanellopoulos.
TERENA Certificate Service (TCS) 2 August Slide 2 ›TCS is a competitively tendered bulk-buy contract between TERENA and Comodo Limited on behalf.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security aspects (based on Romain Wartel’s.
Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.
On live video supported F2F May 9-11, 2016 Abingdon, Oxfordshire, UK.
A Survey of Certificate Management Processes and Procedures in OSG Gabriel Ghinita and Mine Altunay
Welcome to Amsterdam EUGridPMA35 September EUGridPMA Amsterdam 2015 meeting – 2 David Groep – Welcome back in Amsterdam.
The Americas Grid Policy Management Authority TAGPMA Update Derek Simmel 27 th EUGridPMA Meeting Rome, Italy January 14-16, 2013.
Jens' obligatory soap box Can't be a PMA without a SoapBox A random collection of Soapy things Nicosia, Jan 2009.
EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF & EUGridPMA status update SHA-2 – and more (David Groep,
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
Updates from the EUGridPMA David Groep, Oct 17 st, 2007.
IGTF Generalised Assurance comments by federation operators with a SAML background September 19-21, 2016 CERN, Geneva, CH.
EUGridPMA CAOPS-WG and IGTF Issues March 2013 Charlottesville, VA, USA David Groep, Nikhef, EUGridPMA, and EGI.
Virtual Face to Face Meetings for ID-check
Update on EDG Security (VOMS)
The IGTF Charter Name uniqueness throughout the IGTF is anchored in the Charter Current Charter assigns a namespace to an Authority, implying that the.
Program of IGTF All-Hands Meeting on 1 April 2019
Presentation transcript:

Discussions on the Life Ray Portal and credential management David Groep, Oct 11 th, 2011

TAGPMA 13 and OGF32 – Jul David Groep –

TAGPMA 13 and OGF32 – Jul David Groep –

TAGPMA 13 and OGF32 – Jul David Groep –

TAGPMA 13 and OGF32 – Jul David Groep –

TAGPMA 13 and OGF32 – Jul David Groep –

TAGPMA 13 and OGF32 – Jul David Groep –

TAGPMA 13 and OGF32 – Jul David Groep –

TAGPMA 13 and OGF32 – Jul David Groep – Separation of security functions

TAGPMA 13 and OGF32 – Jul David Groep –

TAGPMA 13 and OGF32 – Jul David Groep – EUGridPMA discussion  Separation of functions  thin portal: all credential management on dedicated box  may combine bridge, MyProxy and Uploader on 1 box  Quality of IdM is governed by MICS acceptability  i.e. must be of comparable LoA as TCS Personal  including eligibility requirements  Make sure superfluous keypairs are removed  only the proxy is needed, just like in the uploader case  remove MICS keypair when proxy generation completes  Portal security box acts like a UI to the user  only on explicit request of user & under user control  covered under PKP Guidelines – seems similar to the common ‘remote UI’ use case

TAGPMA 13 and OGF32 – Jul David Groep – Proliferation  Aim to have a limited number of credential management systems, for potentially many portals. But initially one for Italy  Leverage existing MICS CAs as far as possible  no new CA for each portal or portal instance  aim to leverage TERENA TCS eScience Personal  but policy compatibility should still be understood  acceptability of portal instance comes down to CA, i.e. not revoking the certs  it is the MICS CA policy that must be satisfied  PMA only looks at CAs (not at the portals, please)

TAGPMA 13 and OGF32 – Jul David Groep – Next steps  Updated design white paper will reflect changes  Prototype will be developed and demonstrated at later date to appropriate PMAs  Roberto C (and TCS PMA ;-) to study compatibility with TCS Personal Should be a significant step towards better usability!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.