More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago.

Slides:

Advertisements

Similar presentations

Introduction of Grid Security

Advertisements

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Federated Identity for Grid Architects Tom Scavo NCSA

GT 4 Security Goals & Plans Sam Meder

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.

Cotswolds International Middleware Meeting Upper Slaughter, UK, October 2004 Slides partially by John Martin, JISC; pictures by Ken Kingenstein.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

A Modest Proposal for an Assertion Validation Service Bob Cowles (SLAC/OSG) 28-Mar-2007 thanks to discussions with Frank Siebenlist, Rachana Ananthakrishnan.

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

FIM-ig Federated Identity Management Interest Group.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Signet and Grouper for Distributed Attribute Administration

University of Illinois at Urbana-Champaign National Center for Supercomputing Applications COI Identity Management and Federation: Design Issues, Process,

NOS Objectives, YR 4&5 Tony Rimovsky. 4.2 Expanding Secure TeraGrid Access A TeraGrid identity management infrastructure that interoperates with campus.

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Report from Breakout Session 1.2 Secure Consumerization: the Genuine Trustworthiness Revolution Chair: Craig Lee Rapporteur: Paolo Mazzetti.

GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch

Gary Brown, Senior Systems Developer, Portal Development Team Identity Management Toolkit a JISC sponsored project.

I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.

New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.

Identity Management Practical Issues Associated with Sharing Federated Services UT System Identity Management Federation William A. Weems The University.

GridShib Grid-Shibboleth Integration Von Welch, Tom Barton, Kate Keahey, Frank Siebenlist GlobusWORLD 2005.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

COMPDIRS NATHAN DORS APRIL 16, AGENDA  IAM – who we are, what we do  HRP Modernization & Workday  What’s new in IAM?  Identity.UW soft.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Running List of Comanage Framework Stuff. Parked issues Discussion of how to share the work of domesticating apps - real important to do soon, but the.

Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

Scared Straight… if you want to go outside… Authenticate Locally, Act Globally.

Identity Management Practical Issues Associated with Sharing Federated Services William A. Weems The University of Texas Health Science Center at Houston.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

GridShib Grid-Shibboleth Integration An Overview Von Welch

NRENs, Grids and Integrated AAI In Search For the Utopian Solution Christos Kanellopoulos AUTH/GRNET October 17 th, 2005 skanct at physics.auth.gr 2nd.

X.509 Proxy Certificates for Dynamic Delegation Ian Foster, Jarek Gawor, Carl Kesselman, Sam Meder, Olle Mulmo, Laura Perlman, Frank Siebenlist, Steven.

Running List: Comanage Stuff Framework – Services - Appliance.

Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL

Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.

EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.

REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

IAM VISION OUR CREATIVE INSPIRATION IAM STRATEGY & ROADMAP TEAM JUNE 3, 2015.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

Welcome to CAMP Directory Workshop Ken Klingenstein, Internet2 and University of Colorado-Boulder.

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.

Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.

I2/NMI Update: Signet, Grouper, & GridShib

NSF Middleware Initiative: GridShib

NSF Middleware Initiative: GridShib

Presentation transcript:

More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago

VO CAMP 2 1. Authority Management aka Distributed Attribute Administration All of a VO’s authoritative persons and participants are not collocated within a single administrative domain –What attribute, group, & authority management systems and process will SoAs use to make their authority manifest in run-time infrastructure? –PERMIS, CAS, VOMS, … –Signet, Grouper, possibly in conjunction with above Further work needed to determine reasonable ways of deploying the above –Maybe a cookbook

VO CAMP 3 2. Name Mapping aka Account Linking Bridge between deployed grid PKI and campus identity namespaces Similar need seen in several architectural contexts (gridshib, myproxy, condor-shib) –Anywhere campus IdM and external IdM come into contact Can we solve this just once?

VO CAMP 4 3. Easing Design & Deployment Reliance on formalized statements of practice that may refer to established standards of trustworthiness, and assurances that trusted IT operations actually do as they say –Examples: euGPMA, NIST, Federation attribute usage and operational practice profiles, CAF

VO CAMP 5 Easing Design & Deployment Need more community standards –Providers & consumers of identity, authentication, & attribute tokens can be more easily implemented, across VOs supporting the community –Reduce, or at least bound, the potential set of “security profiles” (trust anchors & attribute profiles) our designs must support Where can such discussions take place? –Egg, NISO in Library space

VO CAMP 6 Easing Design & Deployment Technical architectures require sufficient campus identity & access management practices to actually support real activities –Better organization is needed to foster campus IAM deployment/upgrade

VO CAMP 7 4. Low-Bar vs. High-Bar Most(?) actual academic, multi-org spanning collaborations are informal, <10 participants, narrow scope (e.g., write a book). –Provide faculty with what they need to be at their best, but make it easy – Jeff Huberman –Is Jill’s MyVOCS exploring a sweetspot? And is it in fact that easy, yet? If not, what’s needed? What about participants whose home org lacks sufficient IdM (or who lack a home org)?

VO CAMP 8 5. The IdM Bump in the Rug How to provide all participants with access when many are not already present in “blessed” authentication services? –K-12, unaffiliated persons, patients, affiliated persons whose orgs lack sufficient IAM practice –Preferred solution: someone else’s problem Leif: analyze the cost of user support Organizational solutions might help –Service centers Develop or leverage a friendster.com like reputation system approach??