Presentation is loading. Please wait.

Presentation is loading. Please wait.

More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago.

Published byEthelbert Lambert Modified over 8 years ago

Similar presentations

Presentation on theme: "More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago."— Presentation transcript:

1 More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago

2 VO CAMP 2 1. Authority Management aka Distributed Attribute Administration All of a VO’s authoritative persons and participants are not collocated within a single administrative domain –What attribute, group, & authority management systems and process will SoAs use to make their authority manifest in run-time infrastructure? –PERMIS, CAS, VOMS, … –Signet, Grouper, possibly in conjunction with above Further work needed to determine reasonable ways of deploying the above –Maybe a cookbook

3 VO CAMP 3 2. Name Mapping aka Account Linking Bridge between deployed grid PKI and campus identity namespaces Similar need seen in several architectural contexts (gridshib, myproxy, condor-shib) –Anywhere campus IdM and external IdM come into contact Can we solve this just once?

4 VO CAMP 4 3. Easing Design & Deployment Reliance on formalized statements of practice that may refer to established standards of trustworthiness, and assurances that trusted IT operations actually do as they say –Examples: euGPMA, NIST, Federation attribute usage and operational practice profiles, CAF

5 VO CAMP 5 Easing Design & Deployment Need more community standards –Providers & consumers of identity, authentication, & attribute tokens can be more easily implemented, across VOs supporting the community –Reduce, or at least bound, the potential set of “security profiles” (trust anchors & attribute profiles) our designs must support Where can such discussions take place? –Egg, NISO in Library space

6 VO CAMP 6 Easing Design & Deployment Technical architectures require sufficient campus identity & access management practices to actually support real activities –Better organization is needed to foster campus IAM deployment/upgrade

7 VO CAMP 7 4. Low-Bar vs. High-Bar Most(?) actual academic, multi-org spanning collaborations are informal, <10 participants, narrow scope (e.g., write a book). –Provide faculty with what they need to be at their best, but make it easy – Jeff Huberman –Is Jill’s MyVOCS exploring a sweetspot? And is it in fact that easy, yet? If not, what’s needed? What about participants whose home org lacks sufficient IdM (or who lack a home org)?

8 VO CAMP 8 5. The IdM Bump in the Rug How to provide all participants with access when many are not already present in “blessed” authentication services? –K-12, unaffiliated persons, patients, affiliated persons whose orgs lack sufficient IAM practice –Preferred solution: someone else’s problem Leif: analyze the cost of user support Organizational solutions might help –Service centers Develop or leverage a friendster.com like reputation system approach??

Download ppt "More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago."

Similar presentations

Introduction of Grid Security

Introduction of Grid Security
GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.
Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.

NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.

Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.
Cotswolds International Middleware Meeting Upper Slaughter, UK, 14-15 October 2004 Slides partially by John Martin, JISC; pictures by Ken Kingenstein.

Cotswolds International Middleware Meeting Upper Slaughter, UK, October 2004 Slides partially by John Martin, JISC; pictures by Ken Kingenstein.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.
A Modest Proposal for an Assertion Validation Service Bob Cowles (SLAC/OSG) 28-Mar-2007 thanks to discussions with Frank Siebenlist, Rachana Ananthakrishnan.

A Modest Proposal for an Assertion Validation Service Bob Cowles (SLAC/OSG) 28-Mar-2007 thanks to discussions with Frank Siebenlist, Rachana Ananthakrishnan.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.

Similar presentations

Ads by Google