Presentation is loading. Please wait.

Presentation is loading. Please wait.

Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.

Published byVictor Dominick Sullivan Modified over 9 years ago

Similar presentations

Presentation on theme: "Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall."— Presentation transcript:

1 Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall Meeting, 2004

2 Internet2 Fall Meeting Context Developing and supporting collaboration tools for use by distributed science teams Concentrating on supporting the day- to-day work environment Started with traditional kerberos-based and X.509-based solutions for securing collaborative environments

3 Internet2 Fall Meeting Security Development Environments Shared experiment control Instant messaging –IRC –Jabber Peer-to-peer file sharing –SciShare

4 Internet2 Fall Meeting Requirements Ability to participate from anywhere Low threshold for entry into the system –Incorporate new users easily –No waiting for authorization to enter the system Support for identifying trusted users Ability to specify the type of authentication and authorization needed Servers are not required

5 Internet2 Fall Meeting Approach - Architecture Peer-to-peer system Each site can act as both server and client or either Specialized servers provide added value –Archiving –Certificate authority –User registry –Rendezvous point

6 Internet2 Fall Meeting Registration Model Registration methods –Self –Trusted user –Administrator Issues –Where are users registered –Who controls/administers the registry –Who decides the list of trusted users –How can identities be verified

7 Internet2 Fall Meeting SciShare – File-sharing Using X.509 authentication –Pseudo certificates – accept any valid chain for these certificates –Trusted users – use trusted CA signed certificates Users can authorize both types of certificates for access to resources Build trust and eventually allow sharing of trust groups among users Communication is encrypted

8 Internet2 Fall Meeting Jabber – Instant Messaging Current –Designed as a client/server architecture –Users self-register for a username and password Future –Run servers everywhere they are needed –Add support for X.509 –Augment to allow vetting of registrations –Allow specification of authentication level for entry to a room –Augment to allow definition of trust groups for particular levels of access

9 Internet2 Fall Meeting Crossing the borders Escort –Accompany a user in an area they are not normally authorized to access –Host able to control the guest’s access Vouching –A user vouches for a less privileged user –Temporarily elevates privileges of the vouchee –Vouchee able to act without escort

10 Internet2 Fall Meeting Some Issues for the Future Making this intuitive for the user Allowing elevation of credentials without compromising the security of the elevated levels Finding communication protocols that can operate in a heterogeneous security environment Designing the callouts and interface for adding escort and vouching to the applications Standardization so these features are available pervasively

Download ppt "Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall."

Similar presentations

EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
User Registration. Click on ‘Sign Up’ button. Enter Registration details and click on submit button.

User Registration. Click on ‘Sign Up’ button. Enter Registration details and click on submit button.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Inter-Institutional Registration UNC Cause December 4, 2007.

Inter-Institutional Registration UNC Cause December 4, 2007.
PEER-TO-PEER Is a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures,

PEER-TO-PEER Is a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures,
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
ESnet Workshop October 2004 1 Current Research Directions in Collaboration Tools Deb Agarwal Lawrence Berkeley National Laboratory.

ESnet Workshop October Current Research Directions in Collaboration Tools Deb Agarwal Lawrence Berkeley National Laboratory.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
 Introduction Originally developed by Open Software Foundation (OSF), which is now called The Open Group (www.opengroup.org) Provides a set of tools and.

 Introduction Originally developed by Open Software Foundation (OSF), which is now called The Open Group ( Provides a set of tools and.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
X.509 support in WCF Exploring support for X.509 Certificates in Microsoft’s Windows Communication Foundation Paul Cormier UCCS CS591 Fall 2009.

X.509 support in WCF Exploring support for X.509 Certificates in Microsoft’s Windows Communication Foundation Paul Cormier UCCS CS591 Fall 2009.

Similar presentations

Ads by Google