Presentation is loading. Please wait.

Presentation is loading. Please wait.

22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.

Published byDevin Snyder Modified over 10 years ago

Similar presentations

Presentation on theme: "22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY."— Presentation transcript:

1 22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY

2 Security review Users dont care about protocols and standards – they care about better experience with enhanced privacy and security User experience: –why is security necessary? –Certificates?.globus directories? WTF? Developer experience: –Buzkashi Community interests: –Decentralization 22 May 2008IVOA Trieste: Grid & Web Services2

3 OpenID Single digital identity for use with any web site or service requiring authentication Open, free and decentralized standard Well supported 120 million OpenIDs (July 2007) Microsoft, Google, Yahoo (Jan 2008) 22 May 2008IVOA Trieste: Grid & Web Services3

4 OpenID: how it works User registers an OpenID identity (URI or XRI) with an OpenID identity provider Relying party (service provider) displays single input box for OpenID identifier Relying party converts OpenID identifier to a canonical URL form and obtains identity service provider URL from there Relying party and identity provider establish shared secret and then user is redirected to identity provider for authentication User is redirected back to relying party along with credentials. Relying party validates that credentials originated from relying party using shared secret. 22 May 2008IVOA Trieste: Grid & Web Services4

5 OpenID: issues NVO setting up prototype OpenID identity provider service alongside current SSO setup: –use attribute to strengthen OpenID has little provision for web services (SOAP or RESTful): –requires communication between user and relying party and user and identity provider –checkid_immediate? –check_authentication? 22 May 2008IVOA Trieste: Grid & Web Services5

6 OAuth An API access delegation protocol Well supported User grants access to their protected resources to a consumer using tokens generated by a service provider instead of their credentials Defines three endpoints: –Request token –User authentication - Access token 22 May 2008IVOA Trieste: Grid & Web Services6

7 Oauth: how it works 22 May 2008IVOA Trieste: Grid & Web Services7

8 OAuth All done with HTTP GET/POST and headers As with OpenID, requires some level of user interaction: capture credentials or request approval 22 May 2008IVOA Trieste: Grid & Web Services8

9 Summary Industry embracing decentralised security mechanisms: –web of trust vs hierarchical model Currently well-suited to web apps involving a browser but not to web services (no user) What is the Grid community doing? –Shibboleth/GridShib? 22 May 2008IVOA Trieste: Grid & Web Services9

Download ppt "22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY."

Similar presentations

The How of OAuth OAuth Hackathon – Six Apart

The How of OAuth OAuth Hackathon – Six Apart
Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
15 May 2007 IVOA Beijing: Grid & Web Services 21 Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY vs.

15 May 2007 IVOA Beijing: Grid & Web Services 21 Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY vs.
20 May 2008IVOA Trieste: Grid & Web Services/AstroRG1 Do we have our heads in the cloud? Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O.

20 May 2008IVOA Trieste: Grid & Web Services/AstroRG1 Do we have our heads in the cloud? Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O.
22 May 2008IVOA Trieste: Grid & Web Services1 VOSpace 1.1 Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.

22 May 2008IVOA Trieste: Grid & Web Services1 VOSpace 1.1 Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.
1 SensorWebs and Security Experiences Dan Mandl Presented at WGISS Meeting in Toulouse, France May 11, 2009.

1 SensorWebs and Security Experiences Dan Mandl Presented at WGISS Meeting in Toulouse, France May 11, 2009.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
Contrail and Federated Identity Management

Contrail and Federated Identity Management
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
1 Authentication and Authorization in Web Systems Zhenhua Guo Jun-30-2009.

1 Authentication and Authorization in Web Systems Zhenhua Guo Jun
Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.

Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
By: Ansuya Chauhan.

By: Ansuya Chauhan.
Experimental OpenID Service for DOEGrids Summer Student Program 2008 Jan Durand ESnet 08/06/08.

Experimental OpenID Service for DOEGrids Summer Student Program 2008 Jan Durand ESnet 08/06/08.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.

The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

Similar presentations

Ads by Google