Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth for Non-Web-Based Applications: GridShib

Published byRandolf Stephens Modified over 5 years ago

Similar presentations

Presentation on theme: "Shibboleth for Non-Web-Based Applications: GridShib"— Presentation transcript:

1 Shibboleth for Non-Web-Based Applications: GridShib
Tom Barton University of Chicago

2 NSF Middleware Initiative (NMI) Grant: Policy Controlled Attribute Framework
What: shibbolize NMI Grids Participants Von Welch, UIUC/NCSA (PI) Kate Keahey, UChicago/Argonne (PI) Frank Siebenlist, Argonne Tom Barton, UChicago 2 years starting December 1, 2004 We call it “GridShib” I2MM Fall 2004

3 Why? Critical mass of grid deployments could use it
Large grid, far-flung participants, several types of roles among them Examples: NEESgrid, Earth System Grid, TeraGrid, Grid3 (GriPhyN, iVDGL, and PPDG) Centralized access to campus grid resources for research computing Examples: UChicago, USC, UAB I2MM Fall 2004

4 Why? Values of integrating common infrastructure with Virtual Organizations are similar to Enterprise case I2MM Fall 2004

5 Time is finally right Shibboleth & SAML have shown how to
Authorize the anonymous user Extend integration of common infrastructure across administrative and operational domains Sufficiently abstracted security related interfaces provided by NMI Grid componentry Others are trying non-web-based shibbolization approaches roughly analogous to what we envision Plug: all code elements above are NMI components. We’re building on work of many people over 3+ years. I2MM Fall 2004

6 Grid-Shib integration essentials
Design principles No modification to typical grid client applications No change to shibboleth’s model of administrative and end-user maintenance of attribute release policies Leverage high-quality campus Identity Provider operations Accommodations for Grid shibbolization Identity Provider Discovery (pull models) Basic sequence of events (push models) Use of an identifer in X.509 cert as a subject handle for use by the Attribute Authority I2MM Fall 2004

7 Basic integration: user identified, attributes pulled
I2MM Fall 2004

8 Advanced integration example: pseudonymous push
I2MM Fall 2004

9 Project activities Gather use cases and requirements
Extend and test Globus Toolkit, GridLogon, and Shibboleth Attribute Authority to enable 4 modes of operation User identified, attributes pulled User identified, attributes pushed User pseudonymous, attributes pulled User pseudonymous, attributes pushed I2MM Fall 2004

10 Timeline December 1, 2004: formal start Year 1 Year 2
Basic integration: code supporting pull model with user identified Year 2 Advanced integration: code supporting push and user pseudonymity I2MM Fall 2004

11 Loose ends Use of VO-operated AA vs. one embedded within an Enterprise’s Identity Provider operation May be some use cases in which this is sufficient or desirable We don’t address the problem of how to manage the attributes needed by grid resources, just how to transport them I2MM Fall 2004

Download ppt "Shibboleth for Non-Web-Based Applications: GridShib"

Similar presentations

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.
Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.

© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Experiences in Middleware Deployment: Teach a man to fish… Mary Fran Yafchak NMI Integration Testbed Manager SURA IT Program Coordinator.

Experiences in Middleware Deployment: Teach a man to fish… Mary Fran Yafchak NMI Integration Testbed Manager SURA IT Program Coordinator.
GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch

GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Identity Management, PKI and Grids Jill Gemmill, PhD University of Alabama at Birmingham.

Identity Management, PKI and Grids Jill Gemmill, PhD University of Alabama at Birmingham.
EInfrastructures (Internet and Grids) - 15 April 2004 Sharing ICT Resources – Discussion of Best Practices in the U.S. Mary E. Spada Program Manager, Strategic.

EInfrastructures (Internet and Grids) - 15 April 2004 Sharing ICT Resources – Discussion of Best Practices in the U.S. Mary E. Spada Program Manager, Strategic.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.

TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.
Knowledge Environments for Science: Representative Projects Ian Foster Argonne National Laboratory University of Chicago

Knowledge Environments for Science: Representative Projects Ian Foster Argonne National Laboratory University of Chicago
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch

GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch
GridShib Project Update Tom Barton 1, Tim Freeman 1, Kate Keahey 1, Raj Kettimuthu 1, Tom Scavo 2, Frank Siebenlist 1, Von Welch 2 1 University of Chicago.

GridShib Project Update Tom Barton 1, Tim Freeman 1, Kate Keahey 1, Raj Kettimuthu 1, Tom Scavo 2, Frank Siebenlist 1, Von Welch 2 1 University of Chicago.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.

I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
GridShib Grid-Shibboleth Integration Von Welch, Tom Barton, Kate Keahey, Frank Siebenlist GlobusWORLD 2005.

GridShib Grid-Shibboleth Integration Von Welch, Tom Barton, Kate Keahey, Frank Siebenlist GlobusWORLD 2005.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Similar presentations

Ads by Google