Presentation is loading. Please wait.

Presentation is loading. Please wait.

Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.

Published byChristine Jordan Modified over 8 years ago

Similar presentations

Presentation on theme: "Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester."— Presentation transcript:

1 Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester

2 Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 2 Overview Security in EDG/GridPP-1 Currently deployed (EDG 2.0) Being integrated (EDG 2.1) GridPP-2 requirements GridPP-2 proposal GGF Involvement Research Areas

3 Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 3 Security in EDG / GridPP-1 When proposals were written, Security mostly just seen as Authentication (CAs etc) –From Globus, we inherited the static, manually edited /etc/grid-security/grid-mapfile Better Authorization mechanisms were needed to make the Testbed actually work. In EDG, security effort split between WP7 (networking) and WP6 (“getting things to work”), but also components inside WP1-5. –In GridPP, security middleware effort from WP6.

4 Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 4 Currently deployed middleware Pool accounts (from GridPP) –an short term measure that’s become long term and ubiquitous. XML Grid Access Control Lists (from GridPP) –used by Storage Element, but grew out of GridPP GridSite work. Other components: –INFN’s VO-LDAP server (GridSite implementation of this used for GridPP+BaBar) –WP2 Java Security packages. –Specific security pieces inside each WP.

5 Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 5 Middleware being integrated INFN-WP6/WP2 Virtual Organisation Membership Service is major component –(GACL support for VOMS attribute certs already present in EDG 1.x/2.0) GACL support in WP4 LCAS/EDG Gatekeeper –so can write XML site access policies, rather than use grid-mapfile VOMS, and new GSI + X509v3 support added to GridSite and mod_ssl-gridsite –HTTPS servers controlled by VOMS+GACL WP1 Logging and Bookkeeping using GACL

6 Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 6 GridPP2 Security Middleware GridPP2 focuses on practical requirements of production systems (LCG + EGEE) Many gaps in functionality of security systems –eg accounting / usage control Based on WP6 + WP8 + LCG requirements documents, identified 8 tasks –extend GridPP 1 work to address urgent gaps Research rather than implementation areas left out of this –aim to get funding for these elsewhere

7 Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 7 GridPP2 Proposal GridPP2 Security Middleware Proposal –Java and C++ APIs for GACL library –Add Usage Control (quotas etc) handling –Improve/generalise GridSite user interface –VO access and usage management service(s) –Support for other systems: CAS, VOM etc –Grid level Auditing/Intrusion Detection –Porting to other Unix/Windows flavours This was estimated at 4 FTE, but with 2.5 FTE in GridPP2 proposal as submitted.

8 Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 8 GGF Involvement Participating / influencing / following GGF standards clearly helps our work: –less effort supporting multiple protocols –our implementation attractive to more projects I’m co-chair of Authz WG and now the OGSA-Authz WG –aim to standardise policy language (cf GACL) –assertion protocol (eg SAML, LCAS callout) –attribute formats (eg VOMS) Also contacts with Accounting GGF groups, via Manchester Computing / eSNW.

9 Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 9 Research areas PPARC-funded e-Science Studentship –Starting now, on Authorization/Accounting. –Aim to get involved in GGF WGs’ protocols and models work, and apply to HEP contexts. –This may feed into GridPP2 implementations. Other research proposals underway: –How to support ad-hoc, short term VOs –Using SlashGrid to create on-demand security contexts and sandboxes for native binaries –Medical Applications, including extensions of PPARC/MRC project at Manchester

10 Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 10 Summary GridPP has made significant security middleware contributions to EDG –More will be deployed when EDG 2.1 released For GridPP-2, we identified key practical requirements –wait to see how many can be addressed Direct involvement in GGF standards process Other funding obtained (studentship) or being sought (EU and MRC/DoH) for further research rather than implementation

Download ppt "Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester."

Similar presentations

24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK

24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
Security middleware Andrew McNab University of Manchester.

Security middleware Andrew McNab University of Manchester.
WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.

WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.
DataGrid is a project funded by the European Union CHEP 2003 – 24-28 March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,

DataGrid is a project funded by the European Union CHEP 2003 – March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 24 May 2001 WorkGroup H: Software Support Both middleware and application support Installation tools and expertise Communication.

Andrew McNab - Manchester HEP - 24 May 2001 WorkGroup H: Software Support Both middleware and application support Installation tools and expertise Communication.
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.

Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.

Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.
Plateforme de Calcul pour les Sciences du Vivant SRB & gLite V. Breton.

Plateforme de Calcul pour les Sciences du Vivant SRB & gLite V. Breton.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
20 March 2007 VOMS etc - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 6 November 2001 www.gridpp.ac.uk Old version of website was maintained from Unix command line => needed (gsi)ssh access.

Andrew McNab - Manchester HEP - 6 November Old version of website was maintained from Unix command line => needed (gsi)ssh access.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.

EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
Andrew McNab - GACL - 16 Dec 2003 Grid Access Control Language Andrew McNab, University of Manchester

Andrew McNab - GACL - 16 Dec 2003 Grid Access Control Language Andrew McNab, University of Manchester
3 May 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.

3 May 2006 GridSite Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.

Similar presentations

Ads by Google