Presentation is loading. Please wait.

Presentation is loading. Please wait.

Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.

Published byMartha Tate Modified over 8 years ago

Similar presentations

Presentation on theme: "Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004."— Presentation transcript:

1 Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004

2 Manish Mehta, CS 590L Overview Grid applications are  Distributed  Heterogeneous environments  Within dynamic “virtual organizations”

3 Manish Mehta, CS 590L OGSA aims at.. Interoperable and Usable Grids for industry, e-science, and e-business. This demands …  Trust Relationship  Secure Communication

4 Manish Mehta, CS 590L What Security Services are required? Authentication Authorization Confidentiality Integrity Non-repudiation Secure Delegation

5 Manish Mehta, CS 590L What is current status? OGSA-Sec-WG has a draft out (June 2003) Web Services (WS) Architecture has gained more attention The Grid security is going to be based on WS security Architecture. GGF has not yet accepted the WS architecture fully. But seems that they don’t have choice.

6 Manish Mehta, CS 590L OGSA Security Architecture

7 Manish Mehta, CS 590L OGSA Security Architecture (contd.)

8 Manish Mehta, CS 590L Basic requirements for authentication Credential processing  Validate authentication tokens Authorization  Evaluate the request against policy Credential Conversion  Bridging different Trust Domains Identity Mapping  Map identities in different domains

9 Manish Mehta, CS 590L GT2 model Uses PKI  Kerberos, SSH, CRISIS were also reviewed. Claims to introduce “proxy certificates” Single entity decides its own Trust Domain (consequence of PKI) Uses SSL

10 Manish Mehta, CS 590L GT3 Model 2 main advantages over GT2  Use of WS security protocol  Tight least-privilege model Main Difference  Uses SOAP as opposed to TCP

11 Manish Mehta, CS 590L What are the problems? (Mainly due to WS security architecture) Extension of the existing SSL infrastructure and use of authentication tokens at service level. Need for authentication and authorization demands more than SSL. (Two-way) Due to dynamic creation of services, key management becomes an issue.

12 Manish Mehta, CS 590L What is needed in future? The WS security architecture is also immature and ill defined. Concrete specification needed. OGSA does not fully adopt the WS security. GGF has to patch the holes in Architecture.

Download ppt "Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Introduction of Grid Security

Introduction of Grid Security
Security Design and Solution in ARC1 Weizhong Qiang University of Oslo April 9, 2008.

Security Design and Solution in ARC1 Weizhong Qiang University of Oslo April 9, 2008.
OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Supporting further and higher education Grid Security: Present and Future Alan Robiette, JISC Development Group.

Supporting further and higher education Grid Security: Present and Future Alan Robiette, JISC Development Group.
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Service Bus Service Bus Access Control.

Service Bus Service Bus Access Control.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
A Unified Approach to Trust, Delegation, and Authorization Blair Dillaway, Greg Fee Microsoft Corporation Presented at GGF18 Copyright © 2006, Microsoft.

A Unified Approach to Trust, Delegation, and Authorization Blair Dillaway, Greg Fee Microsoft Corporation Presented at GGF18 Copyright © 2006, Microsoft.
GRID Security Infrastructure: Overview and problems PKI-COORD Meeting, Amsterdam November 26, 2001 Yuri Demchenko.

GRID Security Infrastructure: Overview and problems PKI-COORD Meeting, Amsterdam November 26, 2001 Yuri Demchenko.
CS 603 CORBA Security April 3, 2002. Security Service: Overview Goals –Confidentiality –Integrity –Accountability –Availability Where –IDL for security.

CS 603 CORBA Security April 3, Security Service: Overview Goals –Confidentiality –Integrity –Accountability –Availability Where –IDL for security.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.

Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.
Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.

Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.

Similar presentations

Ads by Google