Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services.

Published byMeryl Marcia Lester Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services."— Presentation transcript:

1 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services hosting – Delegation – XACML – libgridsite toolkit

2 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 Current Status GridSite 1.0.0 is current production release – In production on www.gridpp.ac.uk since December – Plus various other sites (see next slide) Includes – libgridsite: Grid ACL access control + HTTP / X.509 / GSI / VOMS utilities – gridsite-admin.cgi: user editing of pages, groups etc – mod_gridsite: support for GACL / GSI / VOMS in Apache 2.0 – htcp command line tools (like scp but with GSI/https)

3 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 GridPP ourselves

4 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 LCG Grid Operations Centre

5 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 Manchester (which runs on an AFS filesystem)

6 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 National Grid Service

7 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 Grid Ireland

8 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 And Mike Jones' triumph of middleware portability, frik...

9 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 GridSite/Apache Architecture mod_ssl: plain HTTPS > env vars mod_gridsite: GACL access control + GACL > env vars mod_gridsite:.html headers and footers.shtml, mod_perl CGI, PHP mod_jk: JSP with Tomcat HTTP Grst-admin.cgi: page editing, file upload, ACL editing etc. mod_gridsite: file PUT and DELETE GridSite 1.0.x mod_gridsite: GSI / VOMS OpenSSL callback wrappers

10 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 C/C++/Scripting Web Services Most Web Services attention goes on Java – However, in HEP we have a continued (and growing!) investment in C++ code, applications in the form of native binaries and scripting languages as glue. Most of the web is based on the same Apache httpd tradition GridSite builds on – For CGI binaries, Perl Scripts, PHP pages etc, Apache is the equivalent of a Java servlet container like Tomcat. GridSite adds the “missing” Grid Security to Apache – develop it as a Grid Service hosting environment?

11 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 Web Services on Apache Various systems already exist for hosting non-Java SOAP and Web Services on standard Apache – eg SOAP::Lite for Perl and gSOAP for C/C++ Apache gives us industrial strength quality, high efficiency, huge developer base, rapid attention to security vulnerabilities Also, can run multiple small services on same host, even if implemented in different technologies So GridSite needs to make security information available to these environments in a natural way

12 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 Delegation It was relatively straightforward to add GSI proxy support to HTTPS servers – but delegation is still missing During EDG we produced a delegation-over-HTTPS extension to GridSite – (protocol implemented for Java Security by WP2) However, EGEE JRA3 has agreed to support delegation via a web services Delegation PortType – We've undertaken to provide “C World” support for this via GridSite

13 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 XACML Currently we support our of access policy language, GACL Via the library, this is in use by various pieces of ex- EDG middleware – WP1 L&B and WP4 LCAS plugin – Also added to GridFTP by NorduGrid However, XACML has emerged as Web Services policy language that “everyone” is moving to – Shiv Kaushal is now working on adding XACML support to GridSite, while retaining existing API

14 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 libgridsite toolkit Core functions of GridSite pulled out into a library Currently only C and C-to-C++ API – Intend to provide scripting language APIs (eg Perl modules) and probably OO C++ API. More functionality to be added – eg library version of parallel HTTP etc from htcp command line tool Aim to provide a general C/C++ Grid Security toolkit, for both client and server side implementations

15 Andrew.McNab@man.ac.uk Security Middleware 3 June 2004 Summary GridPP1 security middleware in (increasing) use Multiple external sites are now using GridSite for website management Architecture gives Grid Security to the many different technologies hosted by Apache We want to extend this with further support for Apache as a Web/Grid Services hosting environment Adding support for XACML standard Implementing Delegation PortType Aim to provide reusable components via libgridsite

Download ppt "Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services."

Similar presentations

30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.

30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.
Security middleware Andrew McNab University of Manchester.

Security middleware Andrew McNab University of Manchester.
DataGrid is a project funded by the European Union CHEP 2003 – 24-28 March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,

DataGrid is a project funded by the European Union CHEP 2003 – March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,
Metadata Progress GridPP18 20 March 2007 Mike Kenyon.

Metadata Progress GridPP18 20 March 2007 Mike Kenyon.
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org GridSite Storage Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org GridSite Storage Andrew McNab University of Manchester.
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.

The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.
Data Management Expert Panel. RLS Globus-EDG Replica Location Service u Joint Design in the form of the Giggle architecture u Reference Implementation.

Data Management Expert Panel. RLS Globus-EDG Replica Location Service u Joint Design in the form of the Giggle architecture u Reference Implementation.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.

Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.
Jianlin Zhu Huazhong Normal University Running AliEn Secure Services.

Jianlin Zhu Huazhong Normal University Running AliEn Secure Services.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The GridSite Security Framework Andrew McNab University of Manchester.

The GridSite Security Framework Andrew McNab University of Manchester.
20 March 2007 VOMS etc - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 6 November 2001 www.gridpp.ac.uk Old version of website was maintained from Unix command line => needed (gsi)ssh access.

Andrew McNab - Manchester HEP - 6 November Old version of website was maintained from Unix command line => needed (gsi)ssh access.
Java Server Team 8. Overview What is a Java Server? History Architecture Advantages Disadvantages Current Technologies Conclusion.

Java Server Team 8. Overview What is a Java Server? History Architecture Advantages Disadvantages Current Technologies Conclusion.
Apache Jakarta Tomcat 20041058 Suh, Junho. Road Map Tomcat Overview Tomcat Overview History History What is Tomcat? What is Tomcat? Servlet Container.

Apache Jakarta Tomcat Suh, Junho. Road Map Tomcat Overview Tomcat Overview History History What is Tomcat? What is Tomcat? Servlet Container.
Server-side Technologies

Server-side Technologies
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.

EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
10 May 2007 HTTP - - User data via HTTP(S) Andrew McNab University of Manchester.

10 May 2007 HTTP - - User data via HTTP(S) Andrew McNab University of Manchester.

Similar presentations

Ads by Google