Security on Grid: User Interface, Internals and APIs Simone Campana LCG Experiment Integration and Support CERN IT.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Advertisements

Riccardo Bruno, INFN.CT Sevilla, 10-14/09/2007 GENIUS Exercises.

Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:

Grid Security. Typical Grid Scenario Users Resources.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Summer School Certificates Diego Romano & Gilda Team.

GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.

Security Mechanisms The European DataGrid Project Team

1c.1 Assignment 2 Preliminaries Review (Full details in assignment write-up.)‏ © 2011 B. Wilkinson/Clayton Ferner. Fall 2011 Grid computing course. Modification.

Session Management A290/A590, Fall /25/2014.

ORNL is managed by UT-Battelle for the US Department of Energy Globus: Proxy Lifetime Endpoint Lifetime Oak Ridge Leadership Computing Facility.

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Securing Your Condor Pool With SSL.

INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

Example Gridification via command-line Application Developer Training Day IV. Miklos Kozlovszky Ankara, 25. October, 2007.

INFSO-RI Enabling Grids for E-sciencE Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.

Security APIs in LCG-2 Andrea Sciabà LCG Experiment Integration and Support CERN IT.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

E-science grid facility for Europe and Latin America E2GRIS1 Raúl Priego Martínez – CETA-CIEMAT (Spain)‏ Itacuruça (Brazil), 2-15 November.

August 13, 2003Eric Hjort Getting Started with Grid Computing in STAR Eric Hjort, LBNL STAR Collaboration Meeting August 13, 2003.

EGEE is a project funded by the European Union under contract IST The GENIUS portal Roberto Barbera University of Catania and INFN First Latinamerican.

Exporting User Certificate from Internet Explorer.

INFSO-RI Enabling Grids for E-sciencE How to join GILDA Riccardo Bruno INFN gLite Tutorial at the First EGEE User Forum CERN,

E-infrastructure shared between Europe and Latin America Security Hands-on Christian Grunfeld, UNLP 8th EELA Tutorial, La Plata, 11/12-12/12,2006.

Association with the Gilda Virtual Organization Certificate,VO membership, and MyProxy Server usage.

INFSO-RI Enabling Grids for E-sciencE GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.

E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA Hands-on on security Pedro Rausch IF - UFRJ.

EGEE-III INFSO-RI Enabling Grids for E-sciencE Apr. 25, Grid Computing Hands On Training for Users Faculty of Sciences, University.

Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.

1 DIRAC Interfaces  APIs  Shells  Command lines  Web interfaces  Portals  DIRAC on a laptop  DIRAC on Windows.

The MyProxy Online Credential Repository Jim Basney NCSA

EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP.

Grid, Web services and Taverna Machiel Jansen Richard Holland.

Demo : OpenSign Server & Java Client Works with: OpenSign Sever Version 0.4 and OSSJClient Version 0.9.

Hands-on security Angelines Alberto Morillas Ciemat.

EGEE is a project funded by the European Union under contract IST Grid proxy and MyProxy Roberto Barbera Univ. of Catania and INFN SEE-GRID.

4th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America Security Hands-on Vanessa.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Practicals on Security Miguel Cárdenas Montes.

E-infrastructure shared between Europe and Latin America Security Hands-on Alexandre Duarte CERN Fifth EELA Tutorial Santiago, 06/09-07/09,2006.

Security Mechanisms The European DataGrid Project Team

Further aspects of EGEE middleware components INFN, Catania EGEE is funded by the European Union under contract IST

1 Egrid portal Stefano Cozzini and Angelo Leto. 2 Egrid portal Based on P-GRADE Portal 2.3 –LCG-2 middleware support: broker, CEs, SEs, BDII –MyProxy.

Enabling Grids for E-sciencE Sofia, 17 March 2009 INFSO-RI Introduction to Grid Computing, EGEE and Bulgarian Grid Initiatives –

Introduction to Portals.

LCG2 Tutorial Viet Tran Institute of Informatics Slovakia.

Hands-on security Carlos Fuentes RedIRIS Madrid,26 – 30 de Octubre de 2008.

Hands on Security, Authentication and Authorization Virginia Martín-Rubio Pascual RedIRIS/Red.es Curso Grid y e-Ciencia.

EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) 马兰馨 IHEP, CAS Hands on gLite Security.

1 Grid Security Jinny Chien Academia Sinica Computing Centre Deployment team.

LAB#8 PKI & DIGITAL CERTIFICATE CPIT 425. Public Key Infrastructure PKI 2  Public key infrastructure is the term used to describe the laws, policies,

Enabling Grids for E-sciencE gLite security pratical tutorial Dario Russo INFN Catania Catania,

RI EGI-TF 2010, Tutorial Managing an EGEE/EGI Virtual Organisation (VO) with EDGES bridged Desktop Resources Tutorial Robert Lovas, MTA SZTAKI.

The NGS Portal Guy Warner NeSC Training.

Scuola Grid INFN, Trieste, 1-12 Dic Managing Confidential Data in the gLite Middleware – The Secure Storage.

EGEE is a project funded by the European Union under contract IST Job Submission Giuseppe La Rocca EGEE NA4 Generic Applications INFN Catania.

EGEE is a project funded by the European Union under contract IST Grid proxy and MyProxy Giuseppe La Rocca EGEE NA4 Generic Applications GENIUS/GILDA.

AAVS Middleware Security Group Bob Cowles CERN – September 14, 2005.

Security Mechanisms The European DataGrid Project Team

(Exchange Programme to advance e-Infrastructure Know-How) The EPIKH Project Hailong Yang

Authentication, Authorisation and Security

How to connect your DG to EDGeS? Zoltán Farkas, MTA SZTAKI

Practicals on VOMS and MyProxy

Grid Security Jinny Chien Academia Sinica Grid Computing.

The EU DataGrid Security Services

The EU DataGrid Security Services

The GENIUS Security Services

Presentation transcript:

Security on Grid: User Interface, Internals and APIs Simone Campana LCG Experiment Integration and Support CERN IT

First Latinamerican Grid Workshop, Merida (VE) – November Certificates Do you have a valid certificate? Where is your certificate? Which format is it? At the end of this section you must have a valid pair “certificate-key” in PEM format. What does this PEM means by the way? Is your private key safe enough? Where did you store it? Which permission did you give to the file? Verify your certificate and, in particular, gather the following info: Which is the subject string of your certificate? Who issued your certificate? Since which day your certificate is/will be valid? VERY IMPORTANT: when is your certificate going to expire

First Latinamerican Grid Workshop, Merida (VE) – November Still on Certificates Check the openssl command (man page on the UI) Openssl is a library used to handle certificates What is a private key? Check: openssl rsa -in ~/.globus/userkey.pem –text What is X509 ? - Check: openssl x509 –in ~/.globus/usercert.pem –text What is in: /etc/grid-security/certificates ?

First Latinamerican Grid Workshop, Merida (VE) – November Proxies Create a proxy starting using your certificate and your private key. Where is your proxy stored? Which is the permission on the file? Create another proxy in a non standard location Do you still have the old one after that Set your environment in order to be able to use this proxy Verify your proxy Which is the lifetime of the proxy How do you generate a shorter proxy? Destroy your proxy Verfy you have no proxy anymore

First Latinamerican Grid Workshop, Merida (VE) – November Using the myproxy server Get a proxy with grid-proxy-init Register a long living proxy with the MyProxy server grid001.ct.infn.it How many passwords you need to supply? What are they needed for? Display information about the two proxies The one stored on the MyProxy server The one stored locally on the machine Destroys the local proxy and verify it does not exist anymore Get a new proxy from the MyProxy server. It is this step that GENIUS will perform when a user requests a Grid service. Shows the proxy retrieved from the MyProxy server.