Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay, James Basney,

Slides:



Advertisements
Similar presentations
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.
Advertisements

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Case Studies in Identity Management for Scientific Collaboration 2014 Technology Exchange Jim Basney CILogon This material is.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/02/2014.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Federated Identity for Scientific Collaborations: Policy Issues Jim Basney 2 nd Workshop on Federated Identity Systems for Scientific.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney
Grid Services at NERSC Shreyas Cholia Open Software and Programming Group, NERSC NERSC User Group Meeting September 17, 2007.
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 01/29/2014.
Open Science Grid Software Stack, Virtual Data Toolkit and Interoperability Activities D. Olson, LBNL for the OSG International.
CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.
OSG Security Review Mine Altunay June 19, June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 12/21/2011.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 06/25/2014.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,
Blueprint Meeting Notes Feb 20, Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
Tier 1 Facility Status and Current Activities Rich Baker Brookhaven National Laboratory NSF/DOE Review of ATLAS Computing June 20, 2002.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/3/2013.
Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
OSG Security Review Mine Altunay December 4, 2008.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay OSG Security Officer.
Rob Quick OSG Operations Area Coordinator Manager High Throughput Computing Indiana University Integrating OSG Operational Services Rob Quick OSG Operations.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.
OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch OSG Council August 23, 2012.
OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch October 16, 2012.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 11/02/2011.
European Grid Policy Management Authority. Event - 2/total Speaker Name – Coverage of the EUGridPMA Green: Countries with an accredited.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 6/6/2012.
OSG PKI Transition: Transition Phase Report Von Welch OSG PKI Transition Lead Indiana University Center for Applied Cybersecurity Research.
ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.
Ruth Pordes November 2004TeraGrid GIG Site Review1 TeraGrid and Open Science Grid Ruth Pordes, Fermilab representing the Open Science.
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.
Challenges of Federated Authentication to TeraGrid and Open Science Grid Jim Basney
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
Grid Security and Identity Management Mine Altunay Security Officer, Open Science Grid, Fermilab.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 4/11/2012.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
Accelerating Campus Research with Connective Services for Cyberinfrastructure Rob Gardner Steve Tuecke.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 02/13/2012.
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney, Terry Fleury, Von Welch TeraGrid Round Table Update May 21, 2009.
1 Open Science Grid: Project Statement & Vision Transform compute and data intensive science through a cross- domain self-managed national distributed.
The Americas Grid Policy Management Authority TAGPMA Update Derek Simmel 35 th EUGridPMA Meeting Amsterdam, Netherlands.
OSG Security: Updates on OSG CA & Federated Identities Mine Altunay, PhD OSG Security Team OSG AHM March 24, 2015.
Open Science Grid Security Activities D. Olson, LBNL OSG Deputy Security Officer For the OSG Security Team: M. Altunay, FNAL, OSG Security Officer, D.O.,
Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.
OSG PKI Transition Mine Altunay OSG Security Officer
OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.
A Survey of Certificate Management Processes and Procedures in OSG Gabriel Ghinita and Mine Altunay
The Americas Grid Policy Management Authority TAGPMA Update Derek Simmel 27 th EUGridPMA Meeting Rome, Italy January 14-16, 2013.
Certificate Security For Users Obtaining and Using Your Personal Certificate using the OSG PKI Kyle Gross – OSG Operations Support Lead Elizabeth Prout.
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
OSG PKI Transition: Status and Next Steps (and Lessons Learned) Von Welch OSG PKI Transition Lead Indiana University Center for Applied Cybersecurity Research.
Bringing Federated Identity to Grid Computing Dave Dykstra CISRC16 April 6, 2016.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.
Presentation transcript:

Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay, James Basney, Von Welch

February, 2012 ISGC 2012 Current Status of Identity Management in OSG OSG trusts IGTF accredited CAs + 2 TeraGrid CAs DOEGrids CA for issuing personal and service certificates OSG does not run its own CA.  Runs a Registration Authority for handling requests.  Certificates are issued by DOEGrids CA

February, 2012 ISGC 2012 OSG Trust Model: Current Identity Vetting Workflow 3

February, 2012 ISGC 2012 Challenges, Needs DOEGrids CA ramping down its services  Announced that it will transitioning services to the OSG OSG created a Roadmap[1] on how to implement and provide these services We will focus on the “Roadmap”  Requirements  Evaluated Options  Decision  Current Status 4 [1]

February, 2012 ISGC 2012 OSG ID Roadmap Requirements 1.Certificates must work with VDT 2.LHC interoperability/IGTF Accreditation 3.Ability to provide certificates to OSG users distributed across the USA, vetted by 36 registration authorities agents 4.Ability to provide host certificates for 300+ gatekeepers plus worker nodes to 40 grid administrators at roughly 80 OSG sites 5.Ability to sustain operation into the foreseeable future 5

February, 2012 ISGC 2012 Evaluated Options CILogon CA Basic  issues user certificates based on authentication of users via the InCommon identity federation  No IGTF accreditation  No host certificates CILogon Silver  issues user certificates based on authentication of users via the InCommon identity federation  IGTF accreditation  Not operational yet 6

February, 2012 ISGC 2012 Evaluated Options InCommon CA  Provides user and host certificates to InCommon subscribers  No IGTF accreditation  Only 52 out of 92 OSG institutions are members of InCommon NCSA CA, Planned XSEDE CA, Globus Online CA  Too many unknowns about the future plans 7

February, 2012 ISGC 2012 Evaluated Options CERN CA  Provides user certificates to LHC members  IGTF accredited.  No host certs  Works for US-LHC user certificates Fermi KCA  Serves only Fermilab users  IGTF Accredited  No host certificates 8

February, 2012 ISGC 2012 Evaluated Options OSG CA– From Scratch  A new CA deployed at an appropriate OSG site funded and staffed by OSG and under OSG control.  Viable, but costly. Specialized hardware and skills to operate (HSM), no economy of scale Migrating DOEGrids CA to OSG  Transfer control and operations of the doegrids.org domain to OSG  DOEgrids CA software is EOL. Upgrading to new CA software has more unknowns. More risky than building from scratch. 9

February, 2012 ISGC 2012 Evaluated Options DigiCert CA  IGTF accredited  Meets user and host requirements 10

February, 2012 ISGC 2012 The Decision Found DigiCert CA to be the viable option, decided to continue with a pilot study OSG/DigiCert partnership is trail-blazing commercial/research collaboration Pilot Study  3 months pilot study  Tested against VDT; Tested UI and API against OSG workflows  Risk assessment and contingency planning started  No major problems identified  Decided to move onto the next phase with DigiCert 11

February, 2012 ISGC 2012 Next Steps Planning and Transitioning  Develop a plan and timeline for the development, deployment and transition of services  Deployment and transition will continue until the end of 2012 Planned services  OSG provided front end services  Digicert provided back end CA services  Integration between OSG front end and Digicert APIs 12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.