Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services.

Slides:



Advertisements
Similar presentations
30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.
Advertisements

Security middleware Andrew McNab University of Manchester.
DataGrid is a project funded by the European Union CHEP 2003 – March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,
Metadata Progress GridPP18 20 March 2007 Mike Kenyon.
29 June 2006 GridSite Andrew McNabwww.gridsite.org GridSite Storage Andrew McNab University of Manchester.
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.
Data Management Expert Panel. RLS Globus-EDG Replica Location Service u Joint Design in the form of the Giggle architecture u Reference Implementation.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.
Jianlin Zhu Huazhong Normal University Running AliEn Secure Services.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The GridSite Security Framework Andrew McNab University of Manchester.
20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 6 November Old version of website was maintained from Unix command line => needed (gsi)ssh access.
Java Server Team 8. Overview What is a Java Server? History Architecture Advantages Disadvantages Current Technologies Conclusion.
Apache Jakarta Tomcat Suh, Junho. Road Map Tomcat Overview Tomcat Overview History History What is Tomcat? What is Tomcat? Servlet Container.
Server-side Technologies
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
10 May 2007 HTTP - - User data via HTTP(S) Andrew McNab University of Manchester.
Andrew McNab - GACL - 16 Dec 2003 Grid Access Control Language Andrew McNab, University of Manchester
3 May 2006 GridSite Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.
Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.
Presentation 8: SOAP in a distributed object framework, Application Servers & AXIS SOAP.
Andrew McNab - GridPP Security - 24 Feb 2003 GridPP Security Middleware Andrew McNab, University of Manchester
Andrew McNab - SlashGrid, HTTPS, fileGridSite SlashGrid, HTTPS and fileGridSite 30 October 2002 Andrew McNab, University of Manchester
Andrew McNab - GridSite/G-HTTPS - 17 Feb 2003 GridSite and G-HTTPS update Andrew McNab, University of Manchester
Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Grid Security and VO Management Andrew McNab University of Manchester.
The GridSite Security System Andrew McNab and Shiv Kaushal University of Manchester.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
Andrew McNab - Access Control - 28 May 2002 Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester.
EU DataGrid (EDG) & GridPP Authorization and Access Control User VOMS C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups,
Δ Storage Middleware GridPP10 What’s new since GridPP9? CERN, June 2004.
EGEE is a project funded by the European Union under contract IST Gap analysis draft v2 Olle Mulmo, David Groep, Joni Hahkala JRA3 Gap, 10.
Security Middleware in GridPP2 5 Feb 2004 Security Middleware in GridPP2 Current Status – GridSite GridPP2 Themes – libgridsite.
Andrew McNab - GridSite/EDG/GGF - 29 Sept 2003 GridSite, EDG and GGF Andrew McNab, University of Manchester
EDG Security European DataGrid Project Security Coordination Group
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 14 Database Connectivity and Web Technologies.
Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.
Http protocol Response-request Clients not limited to web browsers. Anything that can access code implementing the protocol works: –Standalone programs.
Andrew McNab - Security - 1 July 2003 Security: Authorization, Access Control and Usage Control Andrew McNab, University of Manchester
Andrew McNab - Grid HTTP/HTTPS extensions Grid HTTP/HTTPS extensions 18 November 2002 Andrew McNab, University of Manchester
SEE-GRID-SCI The SEE-GRID-SCI initiative is co-funded by the European Commission under the FP7 Research Infrastructures contract no.
GridSite Web Servers for bulk file transfers & storage Andrew McNab Grid Security Research Fellow University of Manchester, UK.
EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 1 Grid Work in 2002 Andrew McNab High Energy Physics University of Manchester.
INFSO-RI Enabling Grids for E-sciencE ARDA Experiment Dashboard Ricardo Rocha (ARDA – CERN) on behalf of the Dashboard Team.
Andrew McNab - EDG Access Control - 17 Jun 2003 EU DataGrid and GridPP Authorization and Access Control Andrew McNab, University of Manchester
Grid Security work in 2004 Andrew McNab Grid Security Research Fellow University of Manchester.
Modern Programming Language. Web Container & Web Applications Web applications are server side applications The most essential requirement.
Data Manipulation with Globus Toolkit Ivan Ivanovski TU München,
INFSO-RI Enabling Grids for E-sciencE EGEE is a project funded by the European Union under contract IST Job sandboxes.
Security Middleware Andrew McNab University of Manchester.
INFSO-RI Enabling Grids for E-sciencE Web Services Mike Mineter National e-Science Centre, Edinburgh.
Andrew McNab - HTTP/HTTPS extensions HTTP/HTTPS as Grid data transport 6 March 2003 Andrew McNab, University of Manchester
(ITI310) By Eng. BASSEM ALSAID SESSIONS 10: Internet Information Services (IIS)
EGI Technical Forum Amsterdam, 16 September 2010 Sylvain Reynaud.
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
Storage Element Security Jens G Jensen, WP5 Barcelona, May 2003.
Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.
GridSite status Andrew McNab University of Manchester.
J Jensen / WP5 /RAL UCL 4/5 March 2004 GridPP / DataGrid wrap-up Mass Storage Management J Jensen
Noel Winstanley - Server Side AstroRuntime Noel Winstanley A PPARC funded project.
Third Party Transfers & Attribute URI ideas
Web App vs Mobile App.
Shiv Kaushal, University of Manchester
Presentation transcript:

Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services hosting – Delegation – XACML – libgridsite toolkit

Security Middleware 3 June 2004 Current Status GridSite is current production release – In production on since December – Plus various other sites (see next slide) Includes – libgridsite: Grid ACL access control + HTTP / X.509 / GSI / VOMS utilities – gridsite-admin.cgi: user editing of pages, groups etc – mod_gridsite: support for GACL / GSI / VOMS in Apache 2.0 – htcp command line tools (like scp but with GSI/https)

Security Middleware 3 June 2004 GridPP ourselves

Security Middleware 3 June 2004 LCG Grid Operations Centre

Security Middleware 3 June 2004 Manchester (which runs on an AFS filesystem)

Security Middleware 3 June 2004 National Grid Service

Security Middleware 3 June 2004 Grid Ireland

Security Middleware 3 June 2004 And Mike Jones' triumph of middleware portability, frik...

Security Middleware 3 June 2004 GridSite/Apache Architecture mod_ssl: plain HTTPS > env vars mod_gridsite: GACL access control + GACL > env vars mod_gridsite:.html headers and footers.shtml, mod_perl CGI, PHP mod_jk: JSP with Tomcat HTTP Grst-admin.cgi: page editing, file upload, ACL editing etc. mod_gridsite: file PUT and DELETE GridSite 1.0.x mod_gridsite: GSI / VOMS OpenSSL callback wrappers

Security Middleware 3 June 2004 C/C++/Scripting Web Services Most Web Services attention goes on Java – However, in HEP we have a continued (and growing!) investment in C++ code, applications in the form of native binaries and scripting languages as glue. Most of the web is based on the same Apache httpd tradition GridSite builds on – For CGI binaries, Perl Scripts, PHP pages etc, Apache is the equivalent of a Java servlet container like Tomcat. GridSite adds the “missing” Grid Security to Apache – develop it as a Grid Service hosting environment?

Security Middleware 3 June 2004 Web Services on Apache Various systems already exist for hosting non-Java SOAP and Web Services on standard Apache – eg SOAP::Lite for Perl and gSOAP for C/C++ Apache gives us industrial strength quality, high efficiency, huge developer base, rapid attention to security vulnerabilities Also, can run multiple small services on same host, even if implemented in different technologies So GridSite needs to make security information available to these environments in a natural way

Security Middleware 3 June 2004 Delegation It was relatively straightforward to add GSI proxy support to HTTPS servers – but delegation is still missing During EDG we produced a delegation-over-HTTPS extension to GridSite – (protocol implemented for Java Security by WP2) However, EGEE JRA3 has agreed to support delegation via a web services Delegation PortType – We've undertaken to provide “C World” support for this via GridSite

Security Middleware 3 June 2004 XACML Currently we support our of access policy language, GACL Via the library, this is in use by various pieces of ex- EDG middleware – WP1 L&B and WP4 LCAS plugin – Also added to GridFTP by NorduGrid However, XACML has emerged as Web Services policy language that “everyone” is moving to – Shiv Kaushal is now working on adding XACML support to GridSite, while retaining existing API

Security Middleware 3 June 2004 libgridsite toolkit Core functions of GridSite pulled out into a library Currently only C and C-to-C++ API – Intend to provide scripting language APIs (eg Perl modules) and probably OO C++ API. More functionality to be added – eg library version of parallel HTTP etc from htcp command line tool Aim to provide a general C/C++ Grid Security toolkit, for both client and server side implementations

Security Middleware 3 June 2004 Summary GridPP1 security middleware in (increasing) use Multiple external sites are now using GridSite for website management Architecture gives Grid Security to the many different technologies hosted by Apache We want to extend this with further support for Apache as a Web/Grid Services hosting environment Adding support for XACML standard Implementing Delegation PortType Aim to provide reusable components via libgridsite

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.