Presentation is loading. Please wait.

Presentation is loading. Please wait.

EMI is partially funded by the European Commission under Grant Agreement RI-261611 caNl++ caNl++ team University Of Oslo 5th EMI AHM, Budapest.

Published byMaximilian Hall Modified over 8 years ago

Similar presentations

Presentation on theme: "EMI is partially funded by the European Commission under Grant Agreement RI-261611 caNl++ caNl++ team University Of Oslo 5th EMI AHM, Budapest."— Presentation transcript:

1 EMI is partially funded by the European Commission under Grant Agreement RI-261611 caNl++ caNl++ team University Of Oslo 5th EMI AHM, Budapest

2 EMI INFSO-RI-261611 Credential handling: – File-based credential handling based on OpenSSL – DB-based credential handling based on NSS Secure communication Features of caNl++

3 EMI INFSO-RI-261611 CSR generation Extension (voms AC) inserting Proxy/EEC signing File-based (cert/key, CA certs, CRL are based on files) Implemented with OpenSSL lib Yes Yes/Yes DB-based (cert/key, CA certs, CRL are based on nss db) Implemented with NSS lib Yes Yes/No Features of caNl++ Yes No Has supportedCan support, not yes supported Cannot support

4 EMI INFSO-RI-261611 Certificate verification (CRL) Certificate verification (OCSP) Certificate verification (OCSP stapling) Secure communica tion File-basedYes DB-basedYes No (not supported by nss lib) Yes Features of caNl++ Yes No Has supportedCan support, not yet supported Cannot support

5 EMI INFSO-RI-261611 OCSP stapling and OCSP – Easier the load of OCSP server – Alleviate the privacy concern for users – OCSP stapling is implemented in canl++ together with secure communication Features of caNl++

6 EMI INFSO-RI-261611 http://svn.nordugrid.org/trac/workarea/br owser/caNl%2B%2B/trunk Code repository and examples

7 EMI INFSO-RI-261611 Example std::string repo_cert = cadir + "/certs" + "/cert.pem”; std::string repo_key = cadir + "/certs" + "/key.pem”; std::ofstream repo_cert_stream(repo_cert.c_str(), std::ifstream::trunc); AuthN::Context ctx(AuthN::Context::EmptyContext); AuthN::Credentials eec(ctx); eec.GetCertificate(repo_cert_stream); repo_cert_stream.close(); AuthN::Context ocsp_ctx(AuthN::Context::EmptyContext); ocsp_ctx.SetCAPath(trusted_cadir); //Set the credential for validator, which will be //used to sign the OCSP request ocsp_ctx.SetCredentials(repo_cert, repo_key); AuthN::Validator ocsp_validator(ocsp_ctx); //Set the validation mode ocsp_validator.SetMode(AuthN::Validator::ValidationOCSPIfPresent); //eec OCSP validation eec.SetValidator(ocsp_validator); stat = eec.Validate(); CPPUNIT_ASSERT_EQUAL(stat, AuthN::Status(0));

8 EMI INFSO-RI-261611 Original Plan: – arcproxy (credential handling) – ARC delegation interface (credential handling) – ARC MCC TLS (secure communication), critical module of ARC – some other components that use credential handling of ARC (credential handling) The adoption of caNl++ in ARC

9 EMI INFSO-RI-261611 Current Status: – caNl++ is only integrated with test release arcproxy – Other parts of integration will be postponed after EMI3 (Oct.31) The adoption of caNl++ in ARC

10 EMI INFSO-RI-261611 Support credential source from Firefox’s NSS internal PKCS#11 module – arcproxy –nssdb (-F) – By default, the location of nss db is parsed from “ ~/.mozilla/firefox/profiles.ini” “~/.mozilla/seamonkey/profile.ini” “~/.thunderbird/profile.ini” arcproxy

11 EMI INFSO-RI-261611 arcproxy (with nssdb)

12 EMI INFSO-RI-261611 arcproxy (with nssdb and voms)

Download ppt "EMI is partially funded by the European Commission under Grant Agreement RI-261611 caNl++ caNl++ team University Of Oslo 5th EMI AHM, Budapest."

Similar presentations

Security Design and Solution in ARC1 Weizhong Qiang University of Oslo April 9, 2008.

Security Design and Solution in ARC1 Weizhong Qiang University of Oslo April 9, 2008.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.

Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
魂▪創▪通魂▪創▪通 2013. 11. 15. Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.

魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.
Assuring e-Trust always www.certiver.com 1 Status of the Validation and Authentication service for TACAR and Grids.

Assuring e-Trust always 1 Status of the Validation and Authentication service for TACAR and Grids.
EMI is partially funded by the European Commission under Grant Agreement RI-261611 Recent ARC developments in the EMI project Andrii Salnikov, Ievgen Sliusar.

EMI is partially funded by the European Commission under Grant Agreement RI Recent ARC developments in the EMI project Andrii Salnikov, Ievgen Sliusar.
EMI INFSO-RI-261611 EMI Quality Assurance Processes (PS06-4-499) Alberto Aimar (CERN) CERN IT-GT-SL Section Leader EMI SA2 QA Activity Leader.

EMI INFSO-RI EMI Quality Assurance Processes (PS ) Alberto Aimar (CERN) CERN IT-GT-SL Section Leader EMI SA2 QA Activity Leader.
Java Security Pingping Ma Nov 2 nd, 2006. Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
EMI INFSO-RI-261611 SA2 - Quality Assurance Alberto Aimar (CERN) SA2 Leader EMI First EC Review 22 June 2011, Brussels.

EMI INFSO-RI SA2 - Quality Assurance Alberto Aimar (CERN) SA2 Leader EMI First EC Review 22 June 2011, Brussels.
EMI is partially funded by the European Commission under Grant Agreement RI-261611 Software stack consolidation Balázs Kónya, Lund University 3rd EMI all-hands,

EMI is partially funded by the European Commission under Grant Agreement RI Software stack consolidation Balázs Kónya, Lund University 3rd EMI all-hands,
EMI is partially funded by the European Commission under Grant Agreement RI-261611 MEDIA: motivation, mandate, scope and organization Balázs Kónya, Lund.

EMI is partially funded by the European Commission under Grant Agreement RI MEDIA: motivation, mandate, scope and organization Balázs Kónya, Lund.
EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop 09.06.2011, CERN,

EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,
EMI INFSO-RI-261611 EMI Structure, Plans, Deliverables Alberto Di Meglio (CERN) Project Director ATLAS Software & Computing Week Geneva, 21 July 2011.

EMI INFSO-RI EMI Structure, Plans, Deliverables Alberto Di Meglio (CERN) Project Director ATLAS Software & Computing Week Geneva, 21 July 2011.
European Middleware Initiative (EMI) – Release Process Doina Cristina Aiftimiei (INFN) EGI Technical Forum, Amsterdam 17. Sept.2010.

European Middleware Initiative (EMI) – Release Process Doina Cristina Aiftimiei (INFN) EGI Technical Forum, Amsterdam 17. Sept.2010.
Overview of user client usage: ARC Iván Márton Zsombor Nagy.

Overview of user client usage: ARC Iván Márton Zsombor Nagy.
The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.

The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
EDG Security European DataGrid Project Security Coordination Group

EDG Security European DataGrid Project Security Coordination Group

Similar presentations

Ads by Google