Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Virginia, USA GGF9, Chicago, Illinois, US

Published byByron McGee Modified over 5 years ago

Similar presentations

Presentation on theme: "University of Virginia, USA GGF9, Chicago, Illinois, US"— Presentation transcript:

1 University of Virginia, USA GGF9, Chicago, Illinois, US
OGSA SEC WG co-chairs Nataraj Nagaratnam IBM, USA Marty Humphrey University of Virginia, USA GGF9, Chicago, Illinois, US

2 OGSA SEC WG History Pre-GGF5 (~ June 2002) GGF5: Mini-BOF (July 2002)
“Security Architecture for Open Grid Services” “OGSA Security Roadmap” GGF5: Mini-BOF (July 2002) Raj and Frank gave presentations, led discussions Consensus was to go-ahead Pre-GGF6: Formation of WG (~ Sept 2002) Some slides from GGF6 (Oct 2002)…

3 WS Security Roadmap exists, so why do we?
What if boxes never materialize? What if boxes appear too late? What if there are licensing issues with box(es)? What if “their roadmap” is missing pieces? What if Grid Computing != Web Services? MS-IBM Roadmap is wire-oriented; we need to be wire-oriented AND service-oriented (i.e., portTypes) How do we make our existing security services “fit” with OGSA Architecture?

4 OGSA SEC WG Charter “enumerate and address the Grid Security requirements in the context of the OGSA” “leverage… WS-Security… and… WS Security Roadmap” Primary outcome: doc #1: The Security Architecture for Open Grid Services doc #2: OGSA Security Roadmap Secondary outcome: Creation of new GGF WGs to address “gaps” identified by #2 Synergistic with other efforts (e.g., OASIS, W3C)

5 [GGF6] WG Methodology What requirements are unique/necessary in Grids?
Do the Architecture/Roadmap cover these? If not, how to extend documents? What components need to be built based on these requirements? Are any specifications not listed? Are any of these boxes actively being constructed outside of the GGF? What are these? Where are these? Who are building them? Which of the (inactive/pending) boxes are urgent? Based on the identified set of specifications that we need to work on, try to prioritize the list and come up with a dependency/deliverable graph Suggest spinning off workgroups based on specs identified to be started under GGF

6 Current/proposed specs Building on the SOAP Foundation
WS-Secure Conversation WS-Federation WS-Authorization This is a composable Architecture “only use what you need” WS-Policy WS-Trust WS-Privacy today WS-Security time SOAP Foundation

7 OGSA Security Components

8 Building Blocks

9 Roadmap: Proposed Specs. (1)
Category Specifications Naming OGSA Identity OGSA Target/Action Naming OGSA Attribute and Group Naming Transient Service Identity Acquisition Translation between Security Realms Identity Mapping Service Generic Name Mapping Policy Mapping Service Credential Mapping Service Authentication Mechanism Agnostic OGSA Certificate Validation Service OGSA-Kerberos Services Pluggable Session Security GSSAPI-SecureConversation Pluggable Authorization Service OGSA-Authorization Service

10 Roadmap: Proposed Specs. (2)
Category Specifications Authorization Policy Management Coarse-grained Authorization Policy Management Fine-grained Authorization Policy Management Trust Policy Management OGSA Trust Service Privacy Policy Management Privacy Policy Framework VO Policy Management VO Policy Service Delegation Identity Assertion Profile Capability Assertion Profile

11 Roadmap: Proposed Specs. (3)
Category Specifications Firewall Friendly OGSA Firewall Interoperability Security Policy Expression and Exchange Grid Service Reference and Service Data Security Policy Decoration Secure Service Operation Secure Service’s Policy and Processing Service Data Access Control Audit and Secure Logging OGSA Audit Service OGSA Audit Policy Management

12 Non-GGF Progress Since GGF6 (Oct 2002)
Dec 18: WS-Policy, WS-PolicyAttachment, WS-PolicyAssertions, WS-SecurityPolicy, WS-Trust, WS-SecureConversation WS-Policy 1.1 et. al. May 28 July 2003: WS-Federation OASIS WSS TC docs for public review (Sept 9) SOAP Message Security, Username Token Profile, X.509 Cert Token Profile XACML ratified as OASIS Open Standard SAML v1.1 (Sept, 2003) WS-I moves forward

13 GGF progress since Oct 2002 We need to let non-GGF activities progress…. … but we need to make progress where we can: Use of WS-* et. al. specs and SDKs (e.g., WSE) Focus on an Authorization Service (OGSA AuthZ WG) OGSA SEC WG is “idle” at the moment

Download ppt "University of Virginia, USA GGF9, Chicago, Illinois, US"

Similar presentations

PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept. 2012.

PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept
© 2006 Open Grid Forum Security Area OGF19 Standard All Hands.

© 2006 Open Grid Forum Security Area OGF19 Standard All Hands.
OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
cetis Really Complex Web Service Specifications Scott Wilson.

cetis Really Complex Web Service Specifications Scott Wilson.
A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.

A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.
Security Standards (…and Competing Standards … and Implementations … and Interoperability) Marty Humphrey Assistant Professor Computer Science Department.

Security Standards (…and Competing Standards … and Implementations … and Interoperability) Marty Humphrey Assistant Professor Computer Science Department.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
WS-Security TC Christopher Kaler Kelvin Lawrence.

WS-Security TC Christopher Kaler Kelvin Lawrence.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.

Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.
Web Service Standards, Security & Management Chris Peiris www.ChrisPeiris.com.

Web Service Standards, Security & Management Chris Peiris
Www.ggf.org OGSA SEC WG [OGSA= Open Grid Services Architecture] Co-chairs: Nataraj Nagaratnam, IBM, USA Marty Humphrey University of Virginia, USA GGF9.

OGSA SEC WG [OGSA= Open Grid Services Architecture] Co-chairs: Nataraj Nagaratnam, IBM, USA Marty Humphrey University of Virginia, USA GGF9.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”

OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”
SAML support in VOMS Valerio Venturi EGEE JRA1 AH Meeting, Amsterdam 20/23 February 2008.

SAML support in VOMS Valerio Venturi EGEE JRA1 AH Meeting, Amsterdam 20/23 February 2008.
© 2006 Open Grid Forum Security Activities at OGF24 Security Area Meeting.

© 2006 Open Grid Forum Security Activities at OGF24 Security Area Meeting.
17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.

17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.
Introduction to Implementing XML web services authentication John Messing Law-on-Line, Inc. Prepared for Maricopa County ICJIS May 17, 2006.

Introduction to Implementing XML web services authentication John Messing Law-on-Line, Inc. Prepared for Maricopa County ICJIS May 17, 2006.

Similar presentations

Ads by Google