Security Solutions Rachana Ananthakrishnan University of Chicago.

Slides:

Advertisements

Similar presentations

Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.

Advertisements

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

MyProxy Jim Basney Senior Research Scientist NCSA

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

GT 4 Security Goals & Plans Sam Meder

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.

Jim Basney GSI Credential Management with MyProxy GGF8 Production Grid Management RG Workshop June.

Grid Security. Typical Grid Scenario Users Resources.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

A Modest Proposal for an Assertion Validation Service Bob Cowles (SLAC/OSG) 28-Mar-2007 thanks to discussions with Frank Siebenlist, Rachana Ananthakrishnan.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.

Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.

Identity and Access Management

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Account Reset Console Delegated and secure self password resets Joe Vachon Sales Engineer.

TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Scaling Account Creation and Management through the TeraGrid User Portal Contact: Eric Roberts

Cancer Bioinformatics Grid (caBIG) CANS 2006 Chicago, Illinois Shannon Hastings Department of Biomedical Informatics Ohio State University.

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

BIRN Update Carl Kesselman Professor of Industrial and Systems Engineering Information Sciences Institute Fellow Viterbi School of Engineering University.

1 Grid Security. 2 Grid Security Concerns Control access to shared services –Address autonomous management, e.g., different policy in different work groups.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of.

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

Using NMI Components in MGRID: A Campus Grid Infrastructure Andy Adamson Center for Information Technology Integration University of Michigan, USA.

Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.

TeraGrid CTSS Plans and Status Dane Skow for Lee Liming and JP Navarro OSG Consortium Meeting 22 August, 2006.

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

1 caGrid Security Overview Mark Grand Senior Engineer caGrid Knowledge Center February 7, 2011.

Grid Infrastructure group (Charlotte): Barry Wilkinson Jeremy Villalobos Nikul Suthar Keyur Sheth Department of Computer Science UNC-Charlotte March 16,

User Management. Basics SDMS shall maintain a database of all users. SDMS shall maintain a database of all users. SDMS shall not limit the number of registered.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

All Hands Meeting 2005 BIRN Portal Architecture: Security Jana Nguyen

Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.

VO. VOMS 1. Authentication2. Credentials 3. Authentication Client Resource.

The MyProxy Online Credential Repository Jim Basney NCSA

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

1 NIIF-Hungarnet Towards CRM (Customer Relations Management) at NIIFI Lajos Balint NIIFI TF-MSP meeting Rome,

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Federating PL-Grid Computational Resources with the Atmosphere Cloud Platform Piotr Nowakowski, Marek Kasztelnik, Tomasz Bartyński, Tomasz Gubała, Daniel.

1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.

TOPIC: AUTHENTICITY CREATED BY SWAPNIL SAHOO AuthenticityAuthorisation Access Control Basic Authentication Apache BASIC AUTHENTICATIONDIGEST ACCESS AUTHENTICATIONDHCP.

Office of Science U.S. Department of Energy Grid Security at NERSC/LBL Presented by Steve Chan Network, Security and Servers

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

1 Grid School Module 4: Grid Security. 2 Typical Grid Scenario Users Resources.

National Energy Research Scientific Computing Center (NERSC) Visportal : interface to grid enabled NERC resources Cristina Siegerist NERSC Center Division,

Introduction to Portals.

CaGrid 1.0 Security Infrastructure Stephen Langella, Scott Oster, Shannon Hastings, David Ervin, Joshua Phillips, Vinay Kumar, Tahsin Kurc, Joel Saltz.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

1 Globus Toolkit Security Java Components Rachana Ananthakrishnan Frank Siebenlist.

Gateways security Aashish Sharma Security Engineer National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign.

BIRN: Where We Have Been, Where We are Going. Carl Kesselman BIRN Principal Investigator Professor of Industrial and Systems Engineering Information Sciences.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Cancer Bioinformatics Grid (caBIG) CANS 2006 Chicago, Illinois

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

A Grid Authorization Model for Science Gateways

Presentation transcript:

Security Solutions Rachana Ananthakrishnan University of Chicago

Security Requirements Vet new user request for community membership Provide new user identity Provide single sign-on for users Manage access control policy Enforce access policy on resources Manage user groups for projects within community Address potential security issues

BIRN Security Solutions Hosted services for common requirements Tools and clients for integration with community resources Security Vulnerability Handling System Expertise and consultation for community application integration

Registration and Credential Management End User BIRN Identity Provider BIRN Registration Service BIRN Credential Service Administrator Community 1 Identity Provider Community 2 Identity Provider Community 1 Resource Community 2 Resource BIRN Portal BIRN Credential Service Clients

FBIRN Integration Administrator End User BIRN Identity Provider BIRN Registration Service BIRN Credential Service BIRN Portal Username/ password BIRN Credential Service Clients X.509 Certificates FBIRN Site 1 GridFTP Server FBIRN Site 2 GridFTP Server Username/ password

XNAT Integration (Proposed) Administrator BIRN Identity Provider BIRN Registration Service BIRN Credential Service BIRN Portal XNAT Server XNAT REST Interface XNAT Portal Interface Username/ password Registered User

XNAT Integration (Proposed) Administrator Registered User BIRN Identity Provider BIRN Registration Service BIRN Credential Service BIRN Portal Username/ password BIRN Credential Service Clients X.509 Certificates XNAT Server XNAT REST Interface XNAT Portal Interface Username/ password

Group Management & Authorization Registered User BIRN Group Management Administrator BIRN Portal Community 1 Resource Group Mgmt Client Authorization Policy Community 2 Resource Group Mgmt Client Authorization Policy

FBIRN Site FBIRN Integration Registered User Group Administrator BIRN Group Management Service BIRN Portal Group Mgmt Client Authorization Policy FBIRN Site 1 GridFTP Server

NHPRC Site NHPRC Integration Administrator BIRN Group Management Service BIRN Portal Group Mgmt Client Authorization Policy NHPRC Mediator Service Registered User

Security Software Grid Account Management Service MyProxy server Globus SimpleCA Group provisioning tools GridGrouper Service Liferay Portal Dorian Service (planned)

Summary Features provided: – Common security services – Configuration and provisioning of security – Integration with resources Future plans: – Auditing support – High-level data usage policy – Automate service credential issuance

Further Information BIRN Website: Capabilities: Security WG: CC/Security+WG CC/Security+WG