EMI is partially funded by the European Commission under Grant Agreement RI-261611 EMI Registry (EMIR) Shiraz Memon, Ivan Marton, Gabor Szigeti, Laurence.

Slides:



Advertisements
Similar presentations
Introduction to Active Directory
Advertisements

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
CS603 Active Directory February 1, 2001.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Introduction to Dfs. Limits of Dfs 260 characters per file path 32 alternatives per volume 1 Dfs root per server Unlimited Dfs roots per domain Volumes.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Understanding Active Directory
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Distributed Computing COEN 317 DC2: Naming, part 1.
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Survey of Identity Repository Security Models JSR 351, Sep 2012.
Module 2: Implementing DNS to Support Active Directory
Distributed Computing COEN 317 DC2: Naming, part 1.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Module 7 Active Directory and Account Management.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Information System on gLite middleware Vincent.
EMI INFSO-RI AAI in EEF Projects John White (Helsinki University) EMI Security Area Leader.
What’s new in Kentico CMS 5.0 Michal Neuwirth Product Manager Kentico Software.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
EMI is partially funded by the European Commission under Grant Agreement RI Argus Policies Tutorial Valery Tschopp - SWITCH EGI TF Prague.
Using the EMI testbed ARC middleware Marek Kočan University of P. J. Šafárik, Košice.
EMI is partially funded by the European Commission under Grant Agreement RI Using GLUE 2.0 in Practice with EMI Registry (EMIR) Shiraz Memon, Jülich.
Page 1 Active Directory and DNS Lecture 2 Hassan Shuja 09/14/2004.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
EMI is partially funded by the European Commission under Grant Agreement RI Discovering Infrastructures with EMI Registry (EMIR) Emidio Giorgio.
Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.
30 April 1998IBM1 Directory Services Best Practices Ellen Stokes, Directory Architect IBM Austin
EMI INFSO-RI Argus Policies in Action Valery Tschopp (SWITCH) on behalf of the Argus PT.
EMI INFSO-RI EMIR integration in BDII Maria Alandes Pradillo (CERN) Information System Product Team.
GRID Centralized Management of the Globus grid-mapfile Carlo Rocca, INFN Catania.
Introduction to Active Directory
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
EMI INFSO-RI Argus The EMI Authorization Service Valery Tschopp (SWITCH) Argus Product Team.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.
EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI TF.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Transforming the Existing User Credentials.
SESEC Storage Element (In)Security hepsysman, RAL 0-1 July 2009 Jens Jensen.
Windows 2003 Architecture, Active Directory & DNS Lecture # 3 Hassan Shuja 02/14/2006.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.
EMI is partially funded by the European Commission under Grant Agreement RI caNl++ caNl++ team University Of Oslo 5th EMI AHM, Budapest.
EMI is partially funded by the European Commission under Grant Agreement RI Argus Policies Tutorial Valery Tschopp (SWITCH) – Argus Product Team.
Security Area Christoph Witzig (SWITCH) on behalf of John White (HIP)
UNICORE and Argus integration Krzysztof Benedyczak ICM / UNICORE Security PT.
EMI is partially funded by the European Commission under Grant Agreement RI EMI Status And Plans Laurence Field, CERN Towards an Integrated Information.
Argus EMI Authorization Integration
Latency of EMIR in Multi-Tier Deployment
Gridpp37 – 31/08/2016 George Ryall David Meredith
CollegeSource Security Application &
OGF PGI – EDGI Security Use Case and Requirements
Module Overview Installing and Configuring a Network Policy Server
EMI Interoperability Activities
EMI Service Registry (EMIR) JRA1, Infrastructure
(ITI310) SESSIONS 6-7-8: Active Directory.
gLite Information System
gLite Information System
John Gordon (STFC) APEL PT Leader
Distributed P2P File System
Implement Web Application Proxy (WAP)
Argus The EMI Authorization Service
Presentation transcript:

EMI is partially funded by the European Commission under Grant Agreement RI EMI Registry (EMIR) Shiraz Memon, Ivan Marton, Gabor Szigeti, Laurence Field EGI Community Forum Manchester,

EMI INFSO-RI Introduction Architecture Security Information Model Demonstration Outline 11/04/2013EMI CF 2013, Manchester2

EMI INFSO-RI Aims to unify all the EMI services’ endpoints Designed from scratch to support federations Self contained/decentralized registry REST-ful API (for the management of endpoint information) Hierarchical Network – Organize EMIR nodes in a rooted tree Domain Service Registry (DSR): the nodes in the hierarchical network Global Service Registry (GSR): the root of the hierarchy Consistency – Event based synchronization: propagating (asynchronous) events from leaf to the root node (GSR) – Handles failures occurred within the hierarchy P2P Network – Variation of a Pastry Distributed Hash Table – Always form at the root (GSR) level – Bootstraps from a globally published List containing addresses of all the root (GSR) nodes – Eventual consistent replication of GSRs Introduction 11/04/2013EMI CF 2013, Manchester3

EMI INFSO-RI Organised in a Hierarchy (A Rooted Tree) Three Main Components: – Global Service Registry (GSR) – EMIR Service Endpoint Registration Publisher (SERP) – Domain Service Registry (DSR) Several Hierarchies for different federations Architecture 11/04/2013EMI CF 2013, Manchester4 SERP

EMI INFSO-RI Decentralised Security at every EMIR node Authentication – Leverages from the EMI’s (Common Authentication) CaNL Library – SSL/TLS – Credential types: EEC, Proxy and several credential formats formats: DER, PEM, P12, JKS – Types of Trust Anchors: OpenSSL, CA directories (IGTF), JKS Access Control – Coarse Grained Single Access Control List (ACL) file containing subject’s DN and associated pre- defined roles (very similar to GridMap file) Highly Simplified with restrictions – Fine Grained (Expert level) User attributes file: Mapping of User DN’s with multi-valued attributes A directory of XACML policies Customisable but complex EMIR: Security 11/04/2013EMI CF 2013, Manchester5

EMI INFSO-RI EMIR Service Endpoint Publisher (EMIR- SERP) – Implemented as a OS’s background process – Registers with an EMIR Server – Updates Periodically – Supports X.509 certificates – Fetch and Translates endpoint information from BDII into EMIR data format (JSON) Client: EMIR SERP 11/04/2013EMI CF 2013, Manchester6

EMI INFSO-RI Information Model 11/04/2013EMI CF 2013, Manchester7

EMI INFSO-RI OGF’s GLUE 2.0 Vocabulary to represent Services and Service Endpoints JSON and XML for registrations Schema-less: support for any number of custom attributes Information Model 11/04/2013EMI CF 2013, Manchester8

EMI INFSO-RI Demonstration 11/04/2013EMI CF 2013, Manchester9

EMI INFSO-RI Configuring a DSR 11/04/2013EMI CF 2013, Manchester10

EMI INFSO-RI url, anonymousPort and security attributes emir.security.truststore.type=directory emir.security.truststore.directoryLocations.1=/etc/grid- security/certificates/*.pem emir.security.truststore.directoryEncoding=PEM emir.security.truststore.directoryConnectionTimeout=100 emir.security.truststore.directoryDiskCachePath=/tmp Credentials emir.security.credential.format=pem emir.security.credential.path=/etc/grid-security/hostcert.pem emir.security.credential.keyPath=/etc/grid-security/hostkey.pem Configuring a DSR 11/04/2013EMI CF 2013, Manchester11

EMI INFSO-RI serviceowner banned Customize policies 11/04/2013EMI CF 2013, Manchester12

EMI INFSO-RI Configuring an EMIR-SERP 11/04/2013EMI CF 2013, Manchester13

EMI INFSO-RI url, credentials (default) and one or more (from any type) information source – json_file_location: single JSON file to be published – json_dir_location: set of JSON files that can be extended during the operation lifetime – resource_bdii_url (new!): service endpoint information source Resource BDII Configuring an EMIR-SERP 11/04/2013EMI CF 2013, Manchester14

EMI INFSO-RI List of GLUE 2.0 Attributes 11/04/2013EMI CF 2013, Manchester15 Mandatory Service_ID Service_Name Service_Type Service_Endpoint_ID Service_Endpoint_URL Service_Endpoint_Capability Service_Endpoint_Technology Service_Endpoint_InterfaceName Service_Endpoint_InterfaceVersion Service_ExpireOn Optional EMI_VersionService_Location_Longitude Service_QualityLevelService_Endpoint_HealthState Service_ComplexityService_Endpoint_ServingState Service_CreationTimeService_Endpoint_DowntimeStart Service_Location_AddressService_Endpoint_DowntimeEnd Service_Location_PlaceService_Endpoint_WSDL Service_Location_CountryService_Endpoint_AccessPolicyRule Service_Location_PostCodeService_Endpoint_Semantics Service_Location_LatitudeService_Endpoint_SupportedProfile

EMI INFSO-RI Query the EMIR Service Index 11/04/2013EMI CF 2013, Manchester16

EMI INFSO-RI First page of results (limit is 100 by default): First 10 results: Next 10 results using reference: 0&ref=###### or kip=10 0&ref=###### kip=10 Query the EMIR Service Index 11/04/2013EMI CF 2013, Manchester17

EMI INFSO-RI Configuring a GSR 11/04/2013EMI CF 2013, Manchester18

EMI INFSO-RI Enable GSR functions – emir.global.enable=true Define a well-known global list of entry GSRs – emir.global.providerList= R_EGI_CF.list Configuring a GSR 11/04/2013EMI CF 2013, Manchester19

EMI INFSO-RI MIRegistry MIRegistry Links 11/04/2013EMI CF 2013, Manchester20

EMI INFSO-RI Questions or problems? 11/04/2013EMI CF 2013, Manchester21 Contact us!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.