Presentation is loading. Please wait.

Presentation is loading. Please wait.

WP6: Authorization Service Workshop in Eger Marcin Adamski, Michał Chmielewski, Sergiusz Fonrobert, Jarek Nabrzyski and Tomasz Ostwald Poznań Supercomputing.

Published byBriana Booth Modified over 8 years ago

Similar presentations

Presentation on theme: "WP6: Authorization Service Workshop in Eger Marcin Adamski, Michał Chmielewski, Sergiusz Fonrobert, Jarek Nabrzyski and Tomasz Ostwald Poznań Supercomputing."— Presentation transcript:

1 WP6: Authorization Service Workshop in Eger Marcin Adamski, Michał Chmielewski, Sergiusz Fonrobert, Jarek Nabrzyski and Tomasz Ostwald Poznań Supercomputing and Networking Center

2 March 31st, 2003 Presentation Overview About security in the GridLab Project General Design of Authorization Service Current implementation status Plans for the Eger meeting

3 March 31st, 2003 Security in GridLAB Security in Grid environments is a significant and still open problem The primary goal of Security Workpackage in the GridLab project is to create flexible and universal Authorization Service The secondary goal is to provide general support to other workpackages in solving detailed technical problems related to security issues

4 March 31st, 2003 The Authorization Service The main requirement is flexibility of Authorization Service The AS is about to provide universal way of defining security policy for the whole Grid, independent of technologies used at lower levels It should be able to implement most security models for Grids and use many different scenarios at the same time It should support many different security technologies (ex. GSI and Microsoft authentication) It has to be secure and stable implementation (AS is considered as a trusted component of security model)

5 March 31st, 2003 2nd phase The General Design 1st phase 3rd phase

6 March 31st, 2003 1st phase Current State Core Core AS Component Scenarios Engine Authorization Scenarios Security Policy Database Communication Component Authorization and Security Policy Engine

7 March 31st, 2003 Current State Security Policy Engine Security Policy Database Authorization Module Security Policy Manager ASP Engine Interface Authorization and Security Policy Engine Security Policy Database Component

8 March 31st, 2003 AS implementation Implementation in C Compatibility with Globus Toolkit 2.0 Globus Toolkit 2.2 CAS version of GT Service interface using WSDL Source codes will be available in CVS after the Eger Meeting

9 March 31st, 2003 AS communication Communication: based on GSI protocol, GSI plugin for gSOAP Interface (GSI based protocol) for internal use between AS components, in future may be used to fulfill specific needs of GridLab services Interface functions (WSDL): getServiceDescription getResourcesList getAuthorizationDecision sendCommandLine

10 March 31st, 2003 AS components as_server storing security policy get authorization decision, generate policy other security info as_client_admin and as_client_admin_soap add security policy items to as_server database as_client and as_client_soap get full policy from sever and generate proxy with this policy as_enabled_tcp_server and client, test_soap_client components for as_server policy tests cas_policy_viewer print policy included into proxy

11 March 31st, 2003 AS data structure (current)

12 March 31st, 2003 AS data structure (CAS) Object "cas_object" Subject "User" Object Attribute OBJECT_NAME_TYPE Relation Object Attributes array Subject Attributes array Subject Attributes Id_string Object array "Objects" Subject array "Users" Object Attribute OBJECT_NAME Object Attribute SERVICE_TYPE Object Attribute SERVICE_ACTION Relation array

13 March 31st, 2003 AS data structure (GRMS) Object "grms_object" Subject "User" Relation Object Attributes array Subject Attributes array Subject Attributes Id_string Object array "Objects" Subject array "Users" Object Attribute OBJECT_NAME Object Attribute OBJECT_URL Relation array

14 March 31st, 2003 AS data structure Current state (previous slides) arrays of objects, subjects, relations Future tree structure (hierarchical structure) Grid at the top level Services Servers Files Others objects (based upon specific requirements) Currently most of our work is focused on appropriate internal design (gathering requirements is the main goal of Eger meeting)

15 March 31st, 2003 AS experiment (CAS mode)

16 March 31st, 2003 Scenario 1 (similar to CAS)

17 March 31st, 2003 Scenario 2 (Eger) (GRMS only authorization decision) GRID SERVICES as enabled module GRMS grid-mapfile PORTAL AS 2. 1. 3. 4. 5. as decision 6. USER

18 March 31st, 2003 Scenario 3 (GRMS proxy file) GRID SERVICES as enabled module USER GRMS grid-mapfile PORTAL AS 2. 1. 3. 4. 5. as decision 7. 6. as proxy GRMS proxy certificate (logical part of policy included) user proxy certificate user certificate CA certificate

19 March 31st, 2003 The Nearest Future Experiment aimed at integration of portal with resource manager Complete design and implementation of AS internals (fulfilling most of possible grid specific requirements) Designing and implementing the initial set of scenarios to be used in the GridLab project Introduce database support for storing security policy Verify security level and quality of implementation

20 March 31st, 2003 Plans for Eger Meeting Gather information about detailed authorization requirements of various services Prepare for experiment aimed at integration of portal with resource manager Planned meetings: Portals (WP4) Monitoring (WP11) Testbed (WP5) Resource Management (WP9+WP4+WP6) Mobile (WP4+WP12+WP6) Others

Download ppt "WP6: Authorization Service Workshop in Eger Marcin Adamski, Michał Chmielewski, Sergiusz Fonrobert, Jarek Nabrzyski and Tomasz Ostwald Poznań Supercomputing."

Similar presentations

W w w. h p c - e u r o p a. o r g HPC-Europa Portal: Uniform Access to European HPC Infrastructure Ariel Oleksiak Poznan Supercomputing.

W w w. h p c - e u r o p a. o r g HPC-Europa Portal: Uniform Access to European HPC Infrastructure Ariel Oleksiak Poznan Supercomputing.
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
Mobile Application Architecture Initiative Steve Wheat Chief IT Architect.

Mobile Application Architecture Initiative Steve Wheat Chief IT Architect.
Data Management Expert Panel - WP2. WP2 Overview.

Data Management Expert Panel - WP2. WP2 Overview.
CSF4, SGE and Gfarm Integration Zhaohui Ding Jilin University.

CSF4, SGE and Gfarm Integration Zhaohui Ding Jilin University.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,

Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,
WP 1 Grid Workload Management Massimo Sgaravatto INFN Padova.

WP 1 Grid Workload Management Massimo Sgaravatto INFN Padova.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © 2009. Chapter 1, pp 19-28. For educational use only.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
Massimo Cafaro GridLab Review GridLab WP10 Information Services Massimo Cafaro CACT/ISUFI University of Lecce, Italy.

Massimo Cafaro GridLab Review GridLab WP10 Information Services Massimo Cafaro CACT/ISUFI University of Lecce, Italy.
A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.

A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
Status of Globus activities within INFN (update) Massimo Sgaravatto INFN Padova for the INFN Globus group

Status of Globus activities within INFN (update) Massimo Sgaravatto INFN Padova for the INFN Globus group
Globus Computing Infrustructure Software Globus Toolkit 11-2.

Globus Computing Infrustructure Software Globus Toolkit 11-2.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
(ITI310) SESSIONS 9-10-11-12: Active Directory By Eng. BASSEM ALSAID.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.

11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.

Similar presentations

Ads by Google