Presentation is loading. Please wait.

Presentation is loading. Please wait.

PerfSONAR developer workshop - Zagreb, 7 th -9 th April 08 1.14 AuthN and AuthR Where we have come from… Where we are going to… Cándido Rodríguez

Published byBrendan Fisher Modified over 8 years ago

Similar presentations

Presentation on theme: "PerfSONAR developer workshop - Zagreb, 7 th -9 th April 08 1.14 AuthN and AuthR Where we have come from… Where we are going to… Cándido Rodríguez"— Presentation transcript:

1 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 1.14 AuthN and AuthR Where we have come from… Where we are going to… Cándido Rodríguez candido.rodriguez@rediris.es

2 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 2.14 Agenda 1.Status of the authN 2.A brief overview of the authR 3.Impact analysis

3 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 3.14 AuthN is available in MDM perfSONAR 3.0 Status of the AuthN

4 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 4.14 Client from USA Services in USA don’t need authn information -> OK Services in Europe require authn -> NO Status of the AuthN

5 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 5.14 Client from Europe Services in USA don’t need authn information -> OK Services in Europe require authn -> OK Status of the AuthN

6 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 6.14 Summarizing USA teams cannot send messages to European perfSONAR services Workaround: accounts in the GIdP When Internet2 and ESnet in eduGAIN? RNP has started to join to eduGAIN Adding its own CA EU teams can send messages to any perfSONAR service The authN doesn’t affect the NMWG message! Status of the AuthN

7 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 7.14 Agenda 1.Status of the authN 2.A brief overview of the authR 3.Impact analysis

8 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 8.14 pSRs want to check if a user/client is allowed to do the requested action The AuthR process implies the AuthN process An AuthR request contains Subject: specifies which user is doing an action Action: specifies which action the user is trying to do Resource: specifies in which place the user is trying to do the action An AuthR response contains Status code [Optionally] User’s attributes in a SAML assertion A brief overview of the AuthR

9 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 9.14 Authorization scenario Subject: who has sent the message to the pSR. It’s an URN urn:geant:edugain:component:be:%fed%:user:%username% Resource: which pSR has received the message. It’s an URN …:component:perfsonarresource:%fed%:%id_resource%:%uri_service% Action: who has sent the message to the pSR. It’s an URI http://schemas.perfsonar.net/tools/admin/echo/2.0 A brief overview of the AuthR

10 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 10.14 Delegated-based authorization scenario Subjects: who has sent the message to the pSR and using which client. They are URNs urn:geant:edugain:component:be:%fed%:user:%username% …:component:perfsonarclient:%fed%:%id_client% Resource: which pSR has received the message. It’s an URN Action: who has sent the message to the pSR. It’s an URI A brief overview of the AuthR

11 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 11.14 Agenda 1.Status of the authN 2.A brief overview of the authR 3.Impact analysis

12 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 12.14 AS with authR support Available by the end of June Need a powerful policy editor in the webadmin After finishing all authR developments perfSONAR service’s perspective AuthR component and the authR library by summer From authN component to authR component Minimal impact: only new line in service.properties Using the authR library As complicated as the authN one Impact analysis

13 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 13.14 Client’s perspective If the client doesn’t need attributes No change If the client need attributes A authR library will be released by fall Impact analysis

14 perfSONAR developer workshop - Zagreb, 7 th -9 th April 08 14.14 Edificio CICA, Campus Universitario Avenida Reina Mercedes s/n 41012 Sevilla. España Tel.: 95 505 66 00 Fax: 95 505 66 51 www.red.es www.rediris.es

Download ppt "PerfSONAR developer workshop - Zagreb, 7 th -9 th April 08 1.14 AuthN and AuthR Where we have come from… Where we are going to… Cándido Rodríguez"

Similar presentations

MFA for Business Banking – Security Questions with 2nd Request Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.

MFA for Business Banking – Security Questions with 2nd Request Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.
XCAP Tutorial Jonathan Rosenberg.

XCAP Tutorial Jonathan Rosenberg.
Vs. Differences in operation and school application.

Vs. Differences in operation and school application.
Authz work in GGF David Chadwick

Authz work in GGF David Chadwick
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,

Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Instructor: Shayna Keces 236-0302, ext. 441 Computer Basics for Seniors. Part 2 Creating an email account April 2004.

Instructor: Shayna Keces , ext. 441 Computer Basics for Seniors. Part 2 Creating an account April 2004.
IESE4 _academic - Release 3: New Student Financials Training- Barcelona & Madrid, April 2015.

IESE4 _academic - Release 3: New Student Financials Training- Barcelona & Madrid, April 2015.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.

Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
EduGAIN Code of Conduct Workshop, 2012-02-09, Brussels GEANT eduGAIN Data Protection Code of Conduct Workshop Dieter Van Uytvanck

EduGAIN Code of Conduct Workshop, , Brussels GEANT eduGAIN Data Protection "Code of Conduct" Workshop Dieter Van Uytvanck
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Module 5: Managing Public Folders. Overview Managing Public Folder Data Managing Network Access to Public Folders Publishing an Outlook 2003 Form Discussion:

Module 5: Managing Public Folders. Overview Managing Public Folder Data Managing Network Access to Public Folders Publishing an Outlook 2003 Form Discussion:
Direct Delivery Lending Library to Borrowing Library User The Double Delivery Dilemma… by Cyril Oberlander Borrowing Library Lending Library 1. Request.

Direct Delivery Lending Library to Borrowing Library User The Double Delivery Dilemma… by Cyril Oberlander Borrowing Library Lending Library 1. Request.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Job Request System v3.0.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Job Request System v3.0.

Similar presentations

Ads by Google