Presentation is loading. Please wait.

Presentation is loading. Please wait.

NAREGI-CA Development of NAREGI-CA NAREGI-CA Software CP/CPS Audit

Published byClement Wells Modified over 5 years ago

Similar presentations

Presentation on theme: "NAREGI-CA Development of NAREGI-CA NAREGI-CA Software CP/CPS Audit"— Presentation transcript:

1 EGEE/NAREGI Interoperability Meeting Security,Authenticaton,Authorization

2 NAREGI-CA Development of NAREGI-CA NAREGI-CA Software CP/CPS Audit
To experiment the operation of PKI authentication service (CA server software and CP/CPS) for grid environment freely, we developed our own CA software. Software is availabe for anyone. CP/CPS CA/RA policy and authentication service policy is developed to be satisfied with basic assurance level by GGF Audit Auditing of Grid CAs is proposed at GGF13.

3 NAREGI-CA NAREGI PMA is established and CA Operation started.
NAREGI PMA is Established. (June 17,2005) NAREGI CA joined the APGrid PMA. (July 26, 2005) NAREGI-CA Operation started. (Sep 1,2005) NAREGI CA has been approved as a production-level CA. (Nov. 7, 2005)

4 NAREGI-CA server components
LDAP Server Collaborate with Grid Service, S/MIME, Group ware and so on. LDAP RA Server CA Server certreq aienroll LCMP aicrlpub airad aicad enroll (apache CGI) HTTP WEB LCMP gridmapgen XKMS API LCMP User CA management tools aica PKI utilities certview certconv CA Administrator

5 NAREGI Registration Sequence
User site NAREGI site End user Host administrator CA Administrator Site Administrator (LRA) LicenseIDs Request Issue 1. Prepare LicenseIDs Telephone, Mail and so on. Certificate Request Issue a LicenseID 2. User registration Account Request Account Registration Might be face to face. Apply certificate operation 3. Submit a licenseID and request to issue a certificate 4. Request to revoke a certificate 5. Request to update a certificate Accept a user request (issue,revoke,update) RA Server Via command line or WEB (Online) Download a base grid-mapfile and generate mapfile for local site base grid-mapfile publish 6. grid-mapfile generation

6 NAREGI Middleware b components
VOMS MyProxy VOMS Proxy Certificate MyProxy+ VOMS Proxy Certificate voms-myproxy-init User Management Server(UMS) VOMS Proxy Certificate User Private Key Information Service Client Environment Portal WFT PSE GVS VOMS Proxy Certificate SS client GridVM Super Scheduler NAREGI CA GridVM VOMS Proxy Certificate GridVM

7 VO and User Certificate Treatment
gLite VOMS Server(Ver.1.3) is adopted for VO Management. (Is the upgrade needed to the latest version for the interoperation?) Some components call gLite Java API to obtain VO attribute from the certificate. “org.glite.security.utils” and “org.glite.security.voms” packages are used. User management server is used for the repository of the user certificates. Proxy certificates with VO attribute are issued through the NAREGI portal operations. This is experimantal and very simple implementation. It may be replaced to another implementation (e.g. PURSe)

8 VO and User Certificate Treatment
NAREGI Middleware b has some restrictions for VO and proxy certificate treatment. Only VO name is used for the authentication(group,role and capability are not referred as authentication attribute) A user can belong to more than one VO, but a job can use one VO at the same time. Credential renewal for the long running jobs is not supported. NREGI Middleware b has been still testing. It will be released at next GGF.

9 Exchange VO and User account information
Interoperation Scenario 1 VOb VO2 VOa VO1 Super Scheduler VO1,VO2,… VOa,VOb,… VOMS VOMS Exchange VO and User account information UMS, MyProxy Login-Machine Portal User User EGEE NAREGI

10 Interoperaton Scenario 1
Only the first step of interoperation Interoperation between different middlewares based on the same authentication information, which is the first fruit Discussion Common VO namespace Management and exchange of Information (VO、user account,…etc) How to generate and distribute grid-mapfile Beyond the Scenario1 Making a next model and scenario after realizing interoperations of Job Submission and Information Service

Download ppt "NAREGI-CA Development of NAREGI-CA NAREGI-CA Software CP/CPS Audit"

Similar presentations

GridWorld 2006 Use of MyProxy for the FusionGrid Mary Thompson Monte Goode GridWorld 2006.

GridWorld 2006 Use of MyProxy for the FusionGrid Mary Thompson Monte Goode GridWorld 2006.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
MyProxy Guy Warner NeSC Training.

MyProxy Guy Warner NeSC Training.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,

Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
08/11/908 WP2 e-NMR Grid deployment and operations Technical Review in Brussels, 8 th of December 2008 Marco Verlato.

08/11/908 WP2 e-NMR Grid deployment and operations Technical Review in Brussels, 8 th of December 2008 Marco Verlato.
Riccardo Bruno INFN.CT Sevilla, 10-14 Sep 2007 The GENIUS Grid portal.

Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.
Grid security in NAREGI project NAREGI the Japanese national science grid project is doing research and development of grid middleware to create e- Science.

Grid security in NAREGI project NAREGI the Japanese national science grid project is doing research and development of grid middleware to create e- Science.
Grid security in NAREGI project July 19, 2006 National Institute of Informatics, Japan Shinichi Mineo APAN Grid-Middleware Workshop 2006.

Grid security in NAREGI project July 19, 2006 National Institute of Informatics, Japan Shinichi Mineo APAN Grid-Middleware Workshop 2006.
GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.

GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
NAREGI CA Updates Kento Aida NAREGI CA/NII Kento Aida, National Institute of Informatics APGrid PMA meeting 04/20/2008.

NAREGI CA Updates Kento Aida NAREGI CA/NII Kento Aida, National Institute of Informatics APGrid PMA meeting 04/20/2008.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

Similar presentations

Ads by Google