EGEE is a project funded by the European Union under contract IST-2003-508833 EGEE Security Åke Edlund Security Head EU IST-FP6 Concertation, 17 th September.

Slides:



Advertisements
Similar presentations
Conference xxx - August 2003 Fabrizio Gagliardi EDG Project Leader and EGEE designated Project Director Position paper Delivery of industrial-strength.
Advertisements

INFSO-RI Enabling Grids for E-sciencE Security (JRA3) Åke Edlund, JRA3 Manager, KTH David Groep, EUGridPMA chair, NIKHEF EGEE 1.
Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE-III Program of Work Erwin Laure EGEE-II / EGEE-III Transition Meeting CERN,
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks JRA2: Quality Assurance & Security Coordination.
EGEE is a project funded by the European Union under contract IST JRA1 Testing Activity: Status and Plans Leanne Guy EGEE Middleware Testing.
Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
LCG/EGEE Security Update HEPiX, Fall 2004 BNL, 18 October 2004 David Kelsey CCLRC/RAL, UK
May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Steven Newhouse EGEE’s plans for transition.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
1 OSG Accounting Service Requirements Matteo Melani SLAC for the OSG Accounting Activity.
Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager
EGEE is a project funded by the European Union under contract INFSO-RI Summary M-E Bégin & B. Jones EGEE Technical Coordination All Activity Meeting,
EGEE is a project funded by the European Union under contract IST Common Security Components Olle Mulmo JRA3 JRA1 all-hands meeting, June 29.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE – paving the way for a sustainable infrastructure.
EGEE is a project funded by the European Union under contract IST JRA3 Security Åke Edlund Security Head PEB All-Activity Meeting, June 18,
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Ake Edlund EGEE Sec Head 9th MWSG meeting, SLAC,
INFSO-RI Enabling Grids for E-sciencE Plan until the end of the project and beyond, sustainability plans Dieter Kranzlmüller Deputy.
EGEE is a project funded by the European Union under contract IST Gap analysis draft v2 Olle Mulmo, David Groep, Joni Hahkala JRA3 Gap, 10.
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
SA1/SA2 meeting 28 November The status of EGEE project and next steps Bob Jones EGEE Technical Director EGEE is proposed as.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Multi-level monitoring - an overview James.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
JRA Execution Plan 13 January JRA1 Execution Plan Frédéric Hemmer EGEE Middleware Manager EGEE is proposed as a project funded by the European.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE-EGI Grid Operations Transition Maite.
White paper overview 2 nd eIRG meeting April, 16 th 2004 Fotis Karayannis, Editor GRNET - Greek Research & Technology Network
Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Linda Cornwall CCLRC (RAL) FP6 Security workshop.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
EGEE is a project funded by the European Union under contract IST Gap Analysis JRA3 12/7/2015
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
INFSO-RI Enabling Grids for E-sciencE EGEE SA1 in EGEE-II – Overview Ian Bird IT Department CERN, Switzerland EGEE.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Dr Linda Cornwall CCLRC (RAL) FP6 Security workshop.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
Open Science Grid & its Security Technical Group ESCC22 Jul 2004 Bob Cowles
JRA2: Quality Assurance Overview EGEE is proposed as a project funded by the European Union under contract IST JRA.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
INFSO-RI Enabling Grids for E-sciencE JRA3 Security Åke Edlund, JRA3 Manager, KTH On behalf of JRA3 EGEE 2 nd EU Review.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content:  Seek feedback on.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
EGEE is a project funded by the European Union under contract IST EGEE Summary NA2 Partners April
EGEE is a project funded by the European Union under contract IST Roles & Responsibilities Ian Bird SA1 Manager Cork Meeting, April 2004.
EGEE is a project funded by the European Union under contract IST EGEE Security Åke Edlund Security Head EU IST-FP6 Concertation, 17 th September.
EGEE Project Review Fabrizio Gagliardi EDG-7 30 September 2003 EGEE is proposed as a project funded by the European Union under contract IST
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
18-May-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) Barcelona 18 May 2004 David Kelsey CCLRC/RAL, UK
EGEE is a project funded by the European Union under contract INFSO-RI NA5 M. Heikkurinen NA5 Activity Manager All Activity Meeting, 13 th September.
INFSO-RI Enabling Grids for E-sciencE Security (JRA3) Åke Edlund, JRA3 Manager, KTH David Groep, Security Expert, NIKHEF EGEE 1.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Training in EGEE-II Mike Mineter (Some slides from Brendan Hamill)
Open Science Grid Security Activities D. Olson, LBNL OSG Deputy Security Officer For the OSG Security Team: M. Altunay, FNAL, OSG Security Officer, D.O.,
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Ake Edlund for JRA3 EGEE EU Review (CERN) May 23-24, 2006.
Javier Orellana EGEE-JRA4 Coordinator CERN March 2004 EGEE is proposed as a project funded by the European Union under contract IST Network.
EGEE is a project funded by the European Union under contract IST Global Security Architecture Olle Mulmo Chief Security Architect Cork, 6/26/2016.
INFSO-RI Enabling Grids for E-sciencE JRA3 Åke Edlund On behalf of JRA3 EGEE 8th All-activity meeting January 18-19,
EGEE is a project funded by the European Union under contract IST JRA3 Security Åke Edlund Security Head PEB All-Activity Meeting, September.
JRA1 Middleware re-engineering
Bob Jones EGEE Technical Director
JRA3 Introduction Åke Edlund EGEE Security Head
LCG Security Status and Issues
Ian Bird GDB Meeting CERN 9 September 2003
GGF OGSA-WG, Data Use Cases Peter Kunszt Middleware Activity, Data Management Cluster EGEE is a project funded by the European.
JRA1 (Middleware) Overview
David Kelsey CCLRC/RAL, UK
Presentation transcript:

EGEE is a project funded by the European Union under contract IST EGEE Security Åke Edlund Security Head EU IST-FP6 Concertation, 17 th September

EU IST-FP6 Concertation, 17 th September Contents EGEE security plans Identified problems/challenges

EU IST-FP6 Concertation, 17 th September EGEE security plans (1/2) Security Requirements - Horizontal activity, managed through central groups  Lesson learned: reused and updated requirements from earlier projects  Collecting (continuous process) the requirements from the activities - Middleware, Sites, Applications.  Share the requirements with other grid activities and get feedback, e.g. in the US  Prioritization set in the security groups, with representatives from all involved activities.  Defining what security modules to deliver when. Product - leverage on the biomed requirements  To keep the industry focus we put extra effort, from day one, in supporting biomed applications, being a security demanding application. Middleware - Security is not an add-on, has to be there from start  From start, and ‘all over the place’: All JRA3 members are also part of the Middleware development.  Active in the architecture and design of the middleware Middleware, JRA1 Security, JRA3

EU IST-FP6 Concertation, 17 th September EGEE security plans (2/2) Security Architecture - Modular, Agnostic, Standard, Interoperable  Modular – add new modules later  Agnostic – modules will evolve  Standard – start with transport-level security but intend to move to WS-Security when it matures  Interoperable - at least for AuthN & AuthZ  Applied to Web-services hosted in containers and applications (Apache Axis & Tomcat) as additional modules Worldwide solution - Involve non-European partners at an early stage  Bob Cowles (SLAC, OSG) and Dane Skow (Fermilab, OSG) members of the MWSG  Establish contact through hands-on activities. Example: EGEE and OSG to define common operational security procedures, by contributing to/working out common documents, mostly by reusing OSG work already in place.

EU IST-FP6 Concertation, 17 th September Identified problems/challenges IssueCurrent solution Get focus on SecurityActive security work from start, security groups, driving/guiding documents Get involvement from GGF, OSG,..Middleware Security Group (MWSG) Avoid gaps in the security work Security Architect for the MW, Security Head overall responsible Lagging standardization work, e.g. Writing initial recommendations OGSA (Open Grid Services Architecture)for reengineering focusing on ordinary WS now, OGSA later Coordinating operational sec workJoint Security Group (JSG, SA1), guided by JRA3 documents (created together with SA1, OSG)

EU IST-FP6 Concertation, 17 th September Scope, objectives and status of M5/M6 deliverables: DJRA3.1 - Global security architecture (2/5) ServiceDescriptionTime frame Logging and AuditingEnsures monitoring of system activities, and accountability in case of a security event Now AuthenticationCredential storage ensures proper security of (user-held) credentials Now Proxy certificates enable single sign-on TLS, GSI, WS-Security and possibly other X.509 based transport or message-level security protocols ensure integrity, authenticity and (optionally) confidentiality Now EU GridPMA establishes a common set of trust anchor for the authentication infrastructure Now Pseudonymity services addresses anonymity and privacy concerns Mid-term Overview of the security architecture services.

EU IST-FP6 Concertation, 17 th September Scope, objectives and status of M5/M6 deliverables: DJRA3.1 - Global security architecture (3/5) ServiceDescriptionTime frame AuthorizationAttribute authorities enable VO managed access control Policy assertion services enable the consolidation and central administration of common policy Authorization framework enables for local collection, arbitration, customisation and reasoning of policies from different administrative domains, as well as integration with service containers and legacy services Now Future Now DelegationAllows for an entity (user or resource) to empower another entity (local or remote) with the necessary permissions to act on its behalf Now Overview of the security architecture services.

EU IST-FP6 Concertation, 17 th September Scope, objectives and status of M5/M6 deliverables: DJRA3.1 - Global security architecture (4/5) Overview of the security architecture services. ServiceDescriptionTime frame Data key managementEnables long-term distributed storage of data for applications with privacy or confidentiality concerns Mid-term SandboxingIsolates a resource from the local site infrastructure hosting the resource, mitigating attacks and malicious/wrongful use Mid-term Site proxyEnables applications to communicate despite heterogenous and non-transparent network access Mid-term

EU IST-FP6 Concertation, 17 th September Scope, objectives and status of M5/M6 deliverables: DJRA3.1 - Global security architecture (5/5) RequirementFulfilledSolution/Technology/ServiceTime frame Single sign-onYesProxy certificates and a global authentication infrastructure Now User PrivacyPartiallyPseudonymity servicesMid-term Data PrivacyPartiallyEncrypted data storageMid-term Audit abilityPartiallyMeaningful log informationNow AccountabilityYesAll system interactions can be traced back to a user Now VO managed access controlYesVOMSNow Support for legacy and non- WS based software components YesModular authentication and authorization software suitable for integration Now Timely revocation delaysYesGradual transition from CRL based revocation to OCSP based revocation Mid-term Non-homogenous network accessYesSite ProxyFuture High-level requirements and how the architecture address them

EU IST-FP6 Concertation, 17 th September Summary of work accomplished since last AA meeting -Productive meeting, kick-off for the s/w maintenance/development at JRA3. - Global Security Architecture - Security requirements - Incident response capability PM4PM5PM6 MWSG3 August 25 JRA1 All-hands meeting June Task 1: Security requirement doc MJRA3.1 (PM3) completed Recurrent tasks: - JRA1 design team, integration, testing - EUGridPMA, QAG - Software maintenance and development Task 5: Taxonomy document on Incident handling and Security operational procedures; definition of a common Grid incident format. (PM6+) In cooperation with JSG and OSG Task 3: Phase1 OGSA doc MJRA3.3 (PM4) completed Task 4: DJRA3.1 Security Architecture doc (PM5) delivery date: Sept. 17 TR7: Software maintenance and development PM5: SOAP over HTTPS 80% PM6: Delegation 45%, AuthZ framework 70%, Mutual AuthZ 10%, VOMS admin & parser (ongoing) PM7: Message level security 70% PM9: Resource access control 10%, Grid enhancements for OpenSSL Started PM11: Site Proxy for GRID cluster Started September 13

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.