Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.

Published byBrianna Fowler Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester."— Presentation transcript:

1 Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester

2 11 January 2006A.McNab – Grid Security Outline ● GridSiteWiki ● Shibboleth ● Delegation ● GridHTTP ● SiteCast ● VOMS middleware ● VOMS service

3 11 January 2006A.McNab – Grid Security GridSiteWiki Uses software developed for the collaborative “Wikipedia” encyclopedia – Added support for certificates that grid users have for authentication – So no need to remember passwords Raises the question of what other “legacy” web systems can be gridified But there's Shibboleth going live soon too...

4 11 January 2006A.McNab – Grid Security Shibboleth Shibboleth is being adopted by JISC to replace ATHENS for library / database services – For all UK University / NHS staff & students As part of FAME-PERMIS, we've implemented a stopgap Shibboleth Identity Provider – Leverages X.509 Certs/DNs by allowing user to choose a username / password to use. Adding support to GridSite for Shibboleth attributes, to turn GridSites into Service Providers

5 11 January 2006A.McNab – Grid Security Delegation ● GSI proxy delegation was part of Globus 2 binary protocols ● For Web Service / SOAP grids, need a new way to do this ● We proposed a set of HTTP delegation methods during EDG ● For EGEE, we wrote the WSDL / SOAP delegation portType now used by EGEE (Manchester-UK & KTH-SE) implementations, and by WLMS and Data Management ● There are ongoing discussions with OSG and Globus about merging the EGEE portType with Globus's new delegation service. – During January, we (Manchester-UK & KTH-SE) are producing C and Java for revised EGEE portType

6 11 January 2006A.McNab – Grid Security GridHTTP ● htcp and GridSite make it easy to use HTTP(S) for reading and writing files on remote servers ● One advantage of GridFTP was support for 3 rd party transfers between remote sites ● GridSite now supports this using WebDAV COPY method and onetime passcodes – Authentication / authorization / obtain passcode via HTTPS – File transfer via HTTP using onetime passcode ● Currently adding multistream remote transfers – managing remotely passcodes is the issue...

7 11 January 2006A.McNab – Grid Security SiteCast ● Using HTTP(S) for file transfers has also been taken up by EGEE WLMS ● We're now looking at how to locate local replicas of files on GridSite HTTP(S) servers ● Have designed a simple replica location system for farms with many disks/hosts – Now implemented in server-side and htcp – Uses UDP multicast to find lists of replicas of a given file: looks at filesystem rather than database ● Intend to do test deployments on some of the Tier-2 equipment (pre-production farm first)

8 11 January 2006A.McNab – Grid Security VOMS middleware ● GridSite parses VOMS attribute certificates from LCG / EGEE VOMS servers ● As VOMS is deployed, scaling problems are emerging – Need to distribute certificate of each VOMS to each host (WN?) which will check them – N(hosts) x N(VOs) ?!?!? ● One solution is to include VOMS cert along with attribute certificate – Being implemented by INFN-IT (server), Manchester-UK (client C) and KTH-SE (client Java) this month

9 GridPP VOMS (slides from Alessandra Forti) GridPP national VOMS to support: – Smaller VOs as phenogrid, t2k – Local VOs Agreement with NGS for mutual support – Common infrastructure to maintain the VOMS servers – Common VOs support – Common distribution of information – Enable each other VOs on each other systems

10 What is happening ½ FTE for VO management support: – Sergey Dolgodobrov Support part of the Tier2 infrastructure – 3 servers for GridPP: 1 Test, 1 production, 1 backup – 2 servers for NGS: 1 production, 1 backup Sergey will be the VOMS administrator and will do VOs support Production VOMS servers (voms.gridpp.ac.uk) has been installed and is ready to be used 2 VOs have been already enabled – Gridpp for testing – T2k

11 How to enable a VO A formal request has to be made to the ROC – ask Jeremy Coles Information about the VO has to be supplied in the request – Name, description, Vo manager, VO security contact The request has to be approved by the PMB – PMB meets every week so it won’t take long After approval the VO gets created on the VOMS – VO manager will be than able to add users The information to enable the VO at sites will be then downloadable from the gridpp WEB site. – This might change in the future if CIC portal will be used instead. – VOs will be responsible to maintain the information up-to-date More details on the procedure can be found at http://www.gridpp.ac.uk/deployment/users/newvo.html http://www.gridpp.ac.uk/deployment/users/newvo.html

12 11 January 2006A.McNab – Grid Security Summary ● Through JISC funding, we're doing some work on Shibboleth support ● We continue to work with EGEE JRA3 to provide tools for other parts of EGEE / LCG. ● Delegation and VOMS support are being reworked currently. ● “GridHTTP” extended to support 3 rd party transfers ● SiteCast offers lightweight replica location. ● Joseph, Yibiao and Sergey are making a big contribution to all these ongoing subprojects

Download ppt "Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester."

Similar presentations

EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Security middleware Andrew McNab University of Manchester.

Security middleware Andrew McNab University of Manchester.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester.

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester.
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.

The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.
The National Grid Service and OGSA-DAI Mike Mineter

The National Grid Service and OGSA-DAI Mike Mineter
Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.

Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - Manchester HEP - 31 January 2002 Testbed Release in the UK Integration Team UK deployment TB1 Job Lifecycle VO: Authorisation VO: GIIS and.

Andrew McNab - Manchester HEP - 31 January 2002 Testbed Release in the UK Integration Team UK deployment TB1 Job Lifecycle VO: Authorisation VO: GIIS and.
Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.

Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The GridSite Security Framework Andrew McNab University of Manchester.

The GridSite Security Framework Andrew McNab University of Manchester.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
20 March 2007 VOMS etc - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 6 November 2001 www.gridpp.ac.uk Old version of website was maintained from Unix command line => needed (gsi)ssh access.

Andrew McNab - Manchester HEP - 6 November Old version of website was maintained from Unix command line => needed (gsi)ssh access.
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.

EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.

Similar presentations

Ads by Google