Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell 2/18/2011.

Slides:

Advertisements

Similar presentations

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.

Advertisements

Chapter 14 – Authentication Applications

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.

MyProxy: A Multi-Purpose Grid Authentication Service

Functional component terminology - thoughts C. Tilton.

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Network Security Essentials Chapter 4

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Report on Attribute Certificates By Ganesh Godavari.

Modifying Managed Objects Alan Frindell 3/29/2011.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.

TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.

OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.

How to Setup Step for Yahoo . Yahoo Go to and click on Yahoo Mail. Click on the “Sign Up” link that appears.

Illustration Assets for KMIP Use Case Document. Users.

Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

Demos!. Demo 1: Dropbox-like Behavior Syndicate producerconsumer.

Sanzi-1 CSE5 810 CSE5810: Intro to Biomedical Informatics Dynamically Generated Adaptive Credentials for Health Information Exchange Eugene Sanzi.

draft-kwatsen-netconf-zerotouch-01

Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)

Certificate Enrolment STEs Group Name: SEC#17.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date:

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

For Client Side Exploitation and Credential Harvesting Attacks.

SEC Identity_of_registrar_CSE Identity of Registrar CSE Group Name: SEC, ARC and PRO Source:FUJITSU Meeting Date: Agenda Item: Authentication.

Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: Jan. 8, 2007.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

1 herbert van de sompel CS 502 Computing Methods for Digital Libraries Cornell University – Computer Science Herbert Van de Sompel

The FIDO Approach to Privacy Hannes Tschofenig, ARM Limited 1.

Grid, Web services and Taverna Machiel Jansen Richard Holland.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Secure Windows App Development. Authentication.

Hands-on security Angelines Alberto Morillas Ciemat.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

API Auth By Kyle Bradley. Role Definitions  User (Resource Owner)  The resource owner is the person who is giving access to some portion of their account.

© SafeNet Confidential and Proprietary KMIP Entity Object and Client Registration Alan Frindell Contributors: Robert Haas, Indra Fitzgerald SafeNet, Inc.

KMIP PKCS#12 February 2014 Tim Hudson – 1.

Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011.

Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/27/2011.

Reef Setup for Students. Login to D2L, access your course, and open the Reef registration link (usually in the Content area).

AuthZ WG Conceptual Grid Authorization Framework document Presentation of Chapter 2 GGF8 Seattle June 25th 2003 Document AID 222 draft-ggf-authz-framework pdf.

Subject Identification Method August, 2004 Tim Polk, NIST.

Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011.

Trusted Organizations In the grid world one single CA usually covers a predefined geographic region or administrative domain: – Organization – Country.

OGF 43, Washington 26 March FELIX background information Authorization NSI Proposed solution Summary.

Soapbox (S-Series) Certificate Validation Jens Jensen, STFC.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

PRACE user authentication and vetting Vincent RIBAILLIER, 29 th EUGridPMA meeting, Bucharest, September 9 th, 2013.

WMarket For Developers API && Authorization.

UVOS and VOMS differences

EDC Process Proposal Brian Brandaw Manager of IT Common Platforms

Cryptography and Network Security

Authentication Applications

KMIP Client Registration Ideas for Discussion

KMIP Entity Object and Client Registration

OSCAR/Surface How to register

Create New User in Database. First Connect the System.

Record your QUESTIONS as your read.

Azure AD Simon May Technical Evangelist.

Classification: GE Internal

Presentation transcript:

Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell 2/18/2011

Certificate Entity: Implicit self-registration  Server creates Entity record as a side effect of another KMIP request  No special TTLV required – KMIP server extracts needed values from TLS certificate  Assumed the client already has a cert signed by a CA trusted by KMIP server  Result: Entity UUID: ABCD-1234 Credential Subject Type: X.509 Certificate Identifer Subject Value:, Subject Auth Info Type: X.509 Certificate Subject Auth Info: 2

Certificate Entity: Explicit self-registration  Register Entity Credential Subject Type: X.509 Certificate Identifier x-custom1: custom-value1 x-custom2: custom-value2  Certificate fields extracted from TLS 3

Certificate Entity: Registration  Register Entity Credential Subject Type: X.509 Certificate Identifier Subject Auth Info Type: X.509 Certificate Subject Auth Info: x-custom1: custom-value1 x-custom2: custom-value2  Assumed registering Entity has privilege to register Entities 4

Certificate Entity: Authentication and Access Control  Authentication Credential Subject Type: X.509 Certificate Identifier  Server looks up Entity based on TLS certificate information  Server checks Entity UUID against request object Owner attribute 5

Username/Password User: Registration  Register Entity Credential Subject Type: Username Subject Value: “user1” Subject Auth Info Type: Password Subject Auth Info: “password” x-custom1: custom-value1 x-custom2: custom-value2 6

Username/Password User: Authentication and Access Control  Authentication Credential Subject Type: Username Subject Value: “user1” Subject Auth Info Type: Password Subject Auth Info: “password”  Server looks up Entity based on Subject Value  Server checks Entity UUID against request object Owner attribute 7

Multi-factor Entity: Registration  Register Entity Credential Subject Type: Username Subject Value: “user1” Subject Auth Info Type: Password Subject Auth Info: “password” Credenital Subject Type: X.509 Certificate Identifier Subject Auth Info Type: X.509 Certificate Subject Auth Info: 8

Multi-factor Entity: Authentication  Authentication Credential Subject Type: Username Subject Value: “user1” Subject Auth Info Type: Password Subject Auth Info: “password” Credenital Subject Type: X.509 Certificate Identifier  Server looks up Entity based on each Subject Value – all must resolve to the same Entity  Server checks Entity UUID against request object Owner attribute 9