Presentation is loading. Please wait.

Presentation is loading. Please wait.

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

Published byErnest Hubbard Modified over 8 years ago

Similar presentations

Presentation on theme: "Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010."— Presentation transcript:

1 Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010

2 Neil Witheridge APAN29 Sydney February 2010 Overview ARCS & Platforms for Collaboration ARCS Mission & Structure Research Group Needs ARCS Services and Tools Authorisation Services’ Role ARCS Authorisation Infrastructure Strategy, Challenges & Future direction

3 Neil Witheridge APAN29 Sydney February 2010 Australian Government eResearch Investment National Collaborative Research Infrastructure Strategy - Platforms for Collaboration (PfC) investment (2007-11) Super Science Initiative eResearch Components (2009-13) … critical importance of eResearch Infrastructure to future research competitiveness … intended to enhance research collaborations, assist researchers to manage massive data sets, and provide super- computing and analysis tools that enable Australian researchers to tackle the complex, national and global issues needed to secure Australia's future. Source: https://www.pfc.org.au/bin/view/Mainhttps://www.pfc.org.au/bin/view/Main

4 Neil Witheridge APAN29 Sydney February 2010 Platforms for Collaboration PfC component investments: Australian Research Collaboration Service (ARCS) – Develop and operate services linking systems and resources nationwide – Develop and operate collaboration and workflow tools for researchers – Includes “Authorisation Services” Australian National Data Service (ANDS) National Computational Infrastructure (NCI) Australian Access Federation (AAF) and Research Networks (AARNET) Source: http://www.ivec.org/ForumAug09/02_Francis.ppthttp://www.ivec.org/ForumAug09/02_Francis.ppt

5 Neil Witheridge APAN29 Sydney February 2010 ARCS Mission To provide long-term eResearch support services including, but not limited to, interoperability and collaboration infrastructure and services through a continuous and open process of consultation and engagement with the Australian research community. ARCS is an unincorporated collaborative venture of the Members of ARCS: ANU, CSIRO, eRSA, Intersect, QCIF, iVEC, TPAC, VPAC … serves as the vehicle for the coordinated delivery of national eResearch support, services and tools. Source: http://www.arcs.org.au/abouthttp://www.arcs.org.au/about

6 Neil Witheridge APAN29 Sydney February 2010 Research Group Needs CMS / Wiki Instrument Data Storage HPC Grid Services Repository Analyse Data Write & Publish Report Store Data Run Experiment Generate Data Collaboratively Create web content VO configured for accessing Grid resources Collaborate Communicate Meet Authentication and authorisation for protection of valuable resources Researcher Principal Investigator Researchers Research Group IdP Identity Mgnt in AAF IdP(s) IdP AAF

7 Neil Witheridge APAN29 Sydney February 2010 ARCS’ Current Tools and Services Compute Cloud* Grid Services Infrastructure* Virtual Machine Hosting Data Fabric* Database Service Data Transfer Service * Immediately accessible, others require request and coordinated provision to research group. Web-based Collaboration – Sakai – Plone – Jabber – Joomla – Twiki Video Collaboration – Desktop solution: EVO* – Room solution: Access Grid Security Services – Grid Certificates* – Access Service

8 Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Role Support Research Groups and Service Providers in delivering services requiring authentication and authorisation (authNZ) Analyse requirements, and provide expertise, advice, exemplars Exemplars (demonstrate what can be done to protect resources) Implement (procure/develop) and deploy authNZ solutions satisfying research groups’ and service provider’s security requirements Provide customer support for ARCS Authorisation Services ARCS CA’s, ARCS IdP, ARCS SLCS Server & Clients, ARCS Access Service Develop and pursue a ‘unified strategy’ for authNZ Apply security technologies and protocols & track international trends Rely on the AAF for Federated Access (i.e. use Shibboleth) Integrate with Grid Security Infrastructure Analyse access scenarios and identify patterns & solutions

9 Neil Witheridge APAN29 Sydney February 2010 ARCS Access Service Provides a Gateway to ARCS Services Registration (assignment of Default Authorisation Rights) Tracking user communities (auEduPersonSharedToken) Allocate ARCS Username (ARCS Services unique identifier) consistent user naming across ARCS Services Caching attributes at time of registration Allow detection of attribute change (e.g. IdP, affiliation) Authorisation Rights Management Register Authorisation Rights tokens urn: :

10 Neil Witheridge APAN29 Sydney February 2010 Current focus on Authentication IdP ARCS CMS / Wiki Instrument ARCS Data Fabric HPC (Grid) ARCS Repository researcher Belongs to Federation IdP Analyse Data Research Group Member of Research Group Write & Publish Report Store Data Run Experiment Generate Data Collaboratively Create web content VO configured for accessing Grid resources SP ARCS SLCS Service SP ARCS IdP Check SP ARCS Access Service Register via Access Service for SLCS, Data Fabric, Wiki, Repository Generate Grid (SLCS) Credential Confirm Attributes Released by IdP SP GSI SP GSI SP LDAP webDAV

11 AAF Identity Provider Authenticate ARCS SLCS CA SP ARCS SLCS Service Grid Cert enabled Service ARCS internal/ backend processing Get SLCS Certificate Access using IdP username and password via AAF Login Access using ARCS SLCS cert or proxy (e.g. Grid Services, iRODS via iCommands) ARCS MyProxy Get Proxy Certificate Arbitrary username & password ARCS LDAP Access using ARCS username and password ARCS username & password Register ARCS internal/ backend processing SP (12 wks timeout) ARCS Access Service ARCS Cred’s enabled Service Access using IdP username and password via AAF Login (e.g. Data Fabric via webDAV) SP AAF- enabled Service ARCS internal/ backend processing Access using IdP username and password via AAF Login (e.g. Data Fabric, Plone, TWiki)

12 Neil Witheridge APAN29 Sydney February 2010 ARCS Auth Svcs Future Directions Authentication IGTF Accreditation for SLCS (Level-2) CA Explore MICS (Long-lived Grid credentials from IdPs) Understand AAF & Shibboleth Roadmap implications New Shibboleth profiles (ECP, Key-holder) AusCERT PKI and implications Understand Grid Services trends and implications Authorisation Develop and utilise the ARCS Access Service Implement Authorisation Rights Management Develop authorisation exemplars (e.g. use of XACML)

13 Neil Witheridge APAN29 Sydney February 2010 Thankyou Questions ?

Download ppt "Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010."

Similar presentations

The Access Grid Ivan R. Judson 5/25/2004.

The Access Grid Ivan R. Judson 5/25/2004.
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
VO Support and directions in OMII-UK Steven Newhouse, Director.

VO Support and directions in OMII-UK Steven Newhouse, Director.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.

ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Grid Services at NERSC Shreyas Cholia Open Software and Programming Group, NERSC NERSC User Group Meeting September 17, 2007.

Grid Services at NERSC Shreyas Cholia Open Software and Programming Group, NERSC NERSC User Group Meeting September 17, 2007.
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo

Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)

FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)

Similar presentations

Ads by Google