Identifiers, Resources, EPRs,and Missing Links OSG - Middleware Security Group Meeting Mon-Tue, June 5-6, 2006, SLAC, Stanford, CA Frank Siebenlist (Argonne.

Slides:



Advertisements
Similar presentations
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
Advertisements

27 June 2005caBIG an initiative of the National Cancer Institute, NIH, DHHS caBIG the cancer Biomedical Informatics Grid Arumani Manisundaram caBIG - Project.
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Fujitsu Laboratories of Europe © 2004 What is a (Grid) Resource? Dr. David Snelling Fujitsu Laboratories of Europe W3C TAG - Edinburgh September 20, 2005.
CVRG Presenter Disclosure Information Tahsin Kurc, PhD Center for Comprehensive Informatics Emory University CardioVascular Research Grid Core Infrastructure.
A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,
High Performance Computing Course Notes Grid Computing.
SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
CaGrid Service Metadata Scott Oster - Ohio State
Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
Measurable Interoperability for Archival Data Lewis J. Frey, PhD
CORDRA Philip V.W. Dodds March The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.
Chapter 10: Authentication Guide to Computer Network Security.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.
Cancer Bioinformatics Grid (caBIG) CANS 2006 Chicago, Illinois Shannon Hastings Department of Biomedical Informatics Ohio State University.
Digital Object Architecture
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Department of Biomedical Informatics Service Oriented Bioscience Cluster at OSC Umit V. Catalyurek Associate Professor Dept. of Biomedical Informatics.
MPEG-21 : Overview MUMT 611 Doug Van Nort. Introduction Rather than audiovisual content, purpose is set of standards to deliver multimedia in secure environment.
Computer Science and Engineering 1 Service-Oriented Architecture Security 2.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of.
1 OSG Accounting Service Requirements Matteo Melani SLAC for the OSG Accounting Activity.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
1 Globus Toolkit Security Rachana Ananthakrishnan Frank Siebenlist Argonne National Laboratory.
Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
CaGrid Overview and Core Services caGrid Knowledge Center February 2011.
AADHAR TECHNOLOGY Gurneet Kaur, Nitin Mangal. What is Aadhar?  Unique Identification Number linked to a person’s demographic and biometric information.
New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Diego R. Lopez, RedIRIS JRES2005, Marseille On eduGAIN and the Coming GÉANT Middleware Infrastructure.
© 2004 IBM Corporation ICSOC2004 Panel Discussion: Grid Systems: What is needed from web service standards? Jeffrey Frey IBM.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Securing the Grid & other Middleware Challenges Ian Foster Mathematics and Computer Science Division Argonne National Laboratory and Department of Computer.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
Steve Graham WS-ResourceFramework Modeling Stateful Resources With Web services OASIS WSRF TC F2F Wednesday, April 28th, 2004.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.
Open Science Grid OSG Accounting System Matteo Melani SLAC 9/28/05 Joint OSG and EGEE Operations Workshop.
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.
Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.
Security in Research Computing John Sandefur UAB Comprehensive Cancer Center John-Paul Robinson UAB Research Computing.
Cancer Bioinformatics Grid (caBIG) CANS 2006 Chicago, Illinois
Grid Security.
Overview of MDM Site Hub
Ian Bird GDB Meeting CERN 9 September 2003
Distribution and components
Use cases for names and EPRs
THE STEPS TO MANAGE THE GRID
Gonçalo Borges, Mário David, Jorge Gomes
Shibboleth for Non-Web-Based Applications: GridShib
Federated Digital Rights Management
Review of grid computing
NSF Middleware Initiative: GridShib
Presentation transcript:

Identifiers, Resources, EPRs,and Missing Links OSG - Middleware Security Group Meeting Mon-Tue, June 5-6, 2006, SLAC, Stanford, CA Frank Siebenlist (Argonne National Laboratory / University of Chicago) -

June 5, 2006OSG - Middleware Security Group Meeting2 W3C WS-Addressing’s Endpoint References (EPR) l “A Web service endpoint is a (referenceable) entity, processor, or resource to which Web service messages can be addressed.” l “Endpoint references convey the information needed to address a Web service endpoint.” l “Endpoint Reference Comparison. This specification provides no concept of endpoint identity and therefore does not provide any mechanism to determine equality or inequality of EPRs and does not specify the consequences of their equality or inequality. However, note that it is possible for other specifications to provide a comparison function that is applicable within a limited scope.”

June 5, 2006OSG - Middleware Security Group Meeting3 Issues? l No way to compare EPRs… u How to associate policy/audit with them u How to “know” whether two EPRs refer to same resource l Where does the EPR point to tomorrow? u Today it refers to your bank account… u Tomorrow it may refer to yours… u (one of us will be unhappy…)

June 5, 2006OSG - Middleware Security Group Meeting4 Resource Identifier Use Case l Resource Mobility. l Assertion Target. l Resource Attributes l Resource Reference Consistency l Resource Metadata Caching l Audit Label

June 5, 2006OSG - Middleware Security Group Meeting5 EPR Minter & Endpoint Identifiers

June 5, 2006OSG - Middleware Security Group Meeting6 EPR & Identifier Consumer

June 5, 2006OSG - Middleware Security Group Meeting7 EPR, EPI and Message

June 5, 2006OSG - Middleware Security Group Meeting8 Resource Identifier requirements u required l 1.Consistency with current tooling l 2.Unambiguous referencing l 3.Client side resource-equality testing l 4.A resource identifier in every message. l 5.EPR resolution u desirable l 6.Works with current/existing tooling l 7.Consistency with W3C architecture l 8.Unique address

June 5, 2006OSG - Middleware Security Group Meeting9 GGF WS-Naming l Specifications: u Web Service Endpoint Identification and Resolution: Use Cases and Requirements u Unambiguous Web Service Endpoint Profile u Web Service Endpoint Address Identifier Profile u Web Service Endpoint Name Specification u Endpoint Reference Resolution Specification

June 5, 2006OSG - Middleware Security Group Meeting10 EPR Resolution Svcs (all)

June 5, 2006OSG - Middleware Security Group Meeting11 EPR Resolution Svcs (from EPI)

June 5, 2006OSG - Middleware Security Group Meeting12 caBIG l Cancer Grid project by NCI/NIH  The cancer Biomedical Informatics Grid, or caBIG ェ, is a voluntary network or grid connecting individuals and institutions to enable the sharing of data and tools, creating a World Wide Web of cancer research. The goal is to speed the delivery of innovative approaches for the prevention and treatment of cancer. The infrastructure and tools created by caBIG ェ also have broad utility outside the cancer community. caBIG ェ is being developed under the leadership of the National Cancer Institute's Center for Bioinformatics.National Cancer Institute's Center for Bioinformatics  BIG project: Over 800 people from more than 80 organizations are working collaboratively on over 70 projects in a three-year pilot project. u

June 5, 2006OSG - Middleware Security Group Meeting13 Identifier Services Framework l Identifier u “Naming” of individual Data-Objects u Globally Unique Name for each Data-Object l Services u Create/modify/delete name-object bindings u Resolve name to data-object l Framework u Provide for Trust Fabric => Binding Integrity u Policy-driven Administration => Curator Model u Fully Integrated with caGrid’s Architecture and Implementation

June 5, 2006OSG - Middleware Security Group Meeting14 Why (Standardized) Resource Identifiers? l Efficiency u Passing by reference vs by value (Data-Object can be many Mbytes) u Data-Object Equality test through String comparison (inequality test is no requirement…) l Consistency u Standardized way of referencing objects u Standard identifier => data-object resolution mechanism u Meta-data binding to standard object reference u Well-known primary/foreign key for (distributed) JOINs u Name for policy expression for data-object access u Name for audit entries about data-object related activities u … u Possible correlation of all of the above…

June 5, 2006OSG - Middleware Security Group Meeting15 Data-Object Identifier Properties l Identifier is a String l Identifier is a forever globally unique name for single Data-Object l Identifier can be (globally) resolved to associated Data-Object l Data-Objects are immutable, almost immutable or mutable… l Identifier value “meaningless” opaque string for consumer l Resolution information embedded in Identifier Name u Only meaningful for resolution service related components l Identifier is a Universal Resource Identifier (URI)

June 5, 2006OSG - Middleware Security Group Meeting16 Identifier Usage Model

June 5, 2006OSG - Middleware Security Group Meeting17 Naming Authority, Identifier Curator, Data Owner and Identifier User l Naming Authority (NA) u Guards integrity of identifier namespace & bindings u Maintains identifier to data-object’s endpoint mapping l Identifier Curator/Administrator u Understands semantics/access of data owner’s objects u Trusted by NA to administer binding for certain identifiers u Administers identifier to data-object’s endpoint binding l Data Owner u Provides access to data-objects through “endpoint-references” l Identifier User/Consumer u Trusts an NA for certain identifier bindings u Uses 2-step resolution to obtain data-object (identifier => endpoint => data-object) u (In-)Directly trusts Data Owner for data-object integrity

June 5, 2006OSG - Middleware Security Group Meeting18 Conclusion l Current WS-Addressing not good enough! l Need for profiles to require unambiguous use of EPRs l Need standardize identifier usage for policy/audit !!! l Need identifier services framework to provide the trust fabric for the bindings

June 5, 2006OSG - Middleware Security Group Meeting19 Identifier Consumer

June 5, 2006OSG - Middleware Security Group Meeting20 Identifier Consumer First Step

June 5, 2006OSG - Middleware Security Group Meeting21 Identifier & Data-Service

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.