Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mehran Ahsant, PDC, Joni Hahkala, HIP on behalf of JRA3

Published byJoy Gibbs Modified over 6 years ago

Similar presentations

Presentation on theme: "Mehran Ahsant, PDC, Joni Hahkala, HIP on behalf of JRA3"— Presentation transcript:

1 Mehran Ahsant, PDC, Joni Hahkala, HIP on behalf of JRA3
gLite Delegation Mehran Ahsant, PDC, Joni Hahkala, HIP on behalf of JRA3

2 Why Delegation? The Grid is becoming more complex, delegation becomes vital Delegation provides Single-Sign-On (SSO) Delegation by means of Proxy certificates allows users to authenticate themselves just once. No need for mutual authentication between remote sides and end-users. Data Key Management, Athens April 21st, 2005

3 Basic Principle 2. Generate Pub & priv keys 1. Initiate delegation
3. Return public key 4. Sign public key 5. Return signed certificate 6. Use delegated credentials Data Key Management, Athens April 21st, 2005

4 Delegation Background (EDG)
G-HTTP(S) delegation Performs delegation by means of X509 Proxy certificates G-HTTP(S) proposal extends HTTP by adding methods/headers to HTTP to allow delegation GridSite (grst-proxy.cgi) has a G-HTTP(S) implementation GET-PROXY-REQ PUT-PROXY Real work for the above done by the functions in libgridsite. Data Key Management, Athens April 21st, 2005

5 Web Service portType v.1 First try
Straight transformation of G-HTTPS into a WS WSDL defined GridSite and Java libraries for implementing a standalone service or for integrating into a service Data Key Management, Athens April 21st, 2005

6 Interoperability Considerations
Client and server sides of both GridSite and Java delegation, need interoperability for a full mesh interaction. Interoperability between gridSite and Java delegation Common naming schema. HashOf(DER encoded DN) | ’-’ | HashOf(DelegationID) Common storing mechanism Configurable location of proxy cache Set of utility functions to locate proxies in cache Data Key Management, Athens April 21st, 2005

7 Harmonizing Delegation
Other projects are experimenting delegation Globus Alliance, EGEE, GridSite, OSG, … Creating a common WSDL definition for Delegation in order to obtain a single set of syntax and semantics of delegation Data Key Management, Athens April 21st, 2005

8 New Approach for Delegation
Describing delegation as a standalone Web Service portType WS-Trust specification defines a mechanism for credential issuance and Delegation. We are trying to make use of WS-Trust as much as possible. Providing Ready-to-use library implementations of this portType which can be integrated to other services A standalone delegation service Data Key Management, Athens April 21st, 2005

9 Current Situation of Delegation
A “task force” group was established. A Strawman document produced in order to obtain a consensus on a common delegation interface. The idea presented at GGF13 to solicit comments from Grid community. General interest Data Key Management, Athens April 21st, 2005

10 What is next for Delegation?
Modeling this new approach based on WS-Trust specification for X.509 proxy certificate delegation. (is still ongoing) Implementing both standalone (C++/Java) libraries and delegation service of this portType. Data Key Management, Athens April 21st, 2005

11 Questions Thanks Questions ?
Data Key Management, Athens April 21st, 2005

Download ppt "Mehran Ahsant, PDC, Joni Hahkala, HIP on behalf of JRA3"

Similar presentations

MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.

Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.
20 March 2007 VOMS etc - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Workshop on Cyber Infrastructure in Combustion Science April 19-20, 2006 Subrata Bhattacharjee and Christopher Paolini Mechanical.

Workshop on Cyber Infrastructure in Combustion Science April 19-20, 2006 Subrata Bhattacharjee and Christopher Paolini Mechanical.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.

EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
3 May 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.

3 May 2006 GridSite Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.
Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.

Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.
Andrew McNab - GridSite/G-HTTPS - 17 Feb 2003 GridSite and G-HTTPS update Andrew McNab, University of Manchester

Andrew McNab - GridSite/G-HTTPS - 17 Feb 2003 GridSite and G-HTTPS update Andrew McNab, University of Manchester
The GridSite Security System Andrew McNab and Shiv Kaushal University of Manchester.

The GridSite Security System Andrew McNab and Shiv Kaushal University of Manchester.
Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
EGEE is a project funded by the European Union under contract IST-2003-508833 Gap analysis draft v2 Olle Mulmo, David Groep, Joni Hahkala JRA3 Gap, 10.

EGEE is a project funded by the European Union under contract IST Gap analysis draft v2 Olle Mulmo, David Groep, Joni Hahkala JRA3 Gap, 10.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
Grid Security in a production environment: 4 years of running www.gridpp.ac.uk Andrew McNab University of Manchester.

Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Grid Services I - Concepts

Grid Services I - Concepts

Similar presentations

Ads by Google