EMI is partially funded by the European Commission under Grant Agreement RI-261611 caNl++ caNl++ team University Of Oslo 5th EMI AHM, Budapest.

Slides:



Advertisements
Similar presentations
Security Design and Solution in ARC1 Weizhong Qiang University of Oslo April 9, 2008.
Advertisements

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.
Assuring e-Trust always 1 Status of the Validation and Authentication service for TACAR and Grids.
EMI is partially funded by the European Commission under Grant Agreement RI Recent ARC developments in the EMI project Andrii Salnikov, Ievgen Sliusar.
EMI INFSO-RI EMI Quality Assurance Processes (PS ) Alberto Aimar (CERN) CERN IT-GT-SL Section Leader EMI SA2 QA Activity Leader.
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
EMI INFSO-RI SA2 - Quality Assurance Alberto Aimar (CERN) SA2 Leader EMI First EC Review 22 June 2011, Brussels.
EMI is partially funded by the European Commission under Grant Agreement RI Software stack consolidation Balázs Kónya, Lund University 3rd EMI all-hands,
EMI is partially funded by the European Commission under Grant Agreement RI MEDIA: motivation, mandate, scope and organization Balázs Kónya, Lund.
EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,
EMI INFSO-RI EMI Structure, Plans, Deliverables Alberto Di Meglio (CERN) Project Director ATLAS Software & Computing Week Geneva, 21 July 2011.
European Middleware Initiative (EMI) – Release Process Doina Cristina Aiftimiei (INFN) EGI Technical Forum, Amsterdam 17. Sept.2010.
Overview of user client usage: ARC Iván Márton Zsombor Nagy.
The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
EDG Security European DataGrid Project Security Coordination Group
OCSP
Jens G Jensen UK e-Science Alternative CA software Jens G Jensen UK e-Science CA Rutherford Appleton Laboratory.
Security Token Service (STS) Design & Development Plans Henri Mikkonen / HIP 3 rd EMI All-Hands Meeting , Padova, Italy.
INFSO-RI Enabling Grids for E-sciencE EGEE Security Joni Hahkala, UH-HIP On behalf of JRA3 JRA1 AH March 22-24, 2006.
EMI INFSO-RI Guidelines and SQA Process Maria Alandes Pradillo (CERN) SA2.2 Task Leader.
EMI is partially funded by the European Commission under Grant Agreement RI SA2 – Development Tools Andres Abad Rodriguez SA2.4 Tools Activity Leader.
Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks PASSTORE: safe certs & password management.
EMI INFSO-RI SA2: Quality Assurance Platforms for EMI 2 Andres Abad Rodriguez SA2.4 EMI All Hands Meeting May 30 th -June 1 ST, Lund (Sweden) Platforms.
EMI INFSO-RI Accounting John Gordon (STFC) APEL PT Leader.
EMI INFSO-RI EMI Roadmap to Standardization and DCI Collaborations Alberto Di Meglio (CERN) Project Director.
Installation and Configuration of A-REX Iván Márton (NIIFI) Zsombor Nagy (NIIFI)
Database authentication in CORAL and COOL Database authentication in CORAL and COOL Giacomo Govi Giacomo Govi CERN IT/PSS CERN IT/PSS On behalf of the.
EMI INFSO-RI EMIR integration in BDII Maria Alandes Pradillo (CERN) Information System Product Team.
EMI INFSO-RI ARC tools for revision and nightly functional tests Jozef Cernak, Marek Kocan, Eva Cernakova (P. J. Safarik University in Kosice, Kosice,
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
EMI INFSO-RI Software Quality Assurance in EMI Maria Alandes Pradillo (CERN) SA2.2 Task Leader.
EMI INFSO-RI EMI Quality Assurance Tools Lorenzo Dini (CERN) SA2.4 Task Leader.
EMI INFSO-RI Technical Overview Balázs Kónya (Lund University) Technical Director 1 st EMI Periodic Review Brussels, 22 June 2011.
EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.
DGC Paris Spitfire A Relational DB Service for the Grid Leanne Guy Peter Z. Kunszt Gavin McCance William Bell European DataGrid Data Management.
EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI TF.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Transforming the Existing User Credentials.
European Middleware Initiative (EMI) – Training Kathryn Cassidy, TCD EMI NA2.
Shibboleth 1.2 Technical Overview “So you thought 1.1 was complicated…” Scott Cantor The Ohio State University and Internet2 Scott Cantor.
Revocation in WebPKI Phill Hallam-Baker Comodo. Standards intersection PKIX OTHER.
Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH.
EMI is partially funded by the European Commission under Grant Agreement RI Development Roadmap of the EMI middleware Balázs Kónya, Lund University,
EMI is partially funded by the European Commission under Grant Agreement RI EMI SA2 Report Andres ABAD RODRIGUEZ, CERN SA2.4, Task Leader EMI AHM,
EMI is partially funded by the European Commission under Grant Agreement RI EMI Registry (EMIR) Shiraz Memon, Ivan Marton, Gabor Szigeti, Laurence.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Improved X.509 Management Using PKCS11 Daniel Kouřil, Michal Procházka CESNET.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.
EMI INFSO-RI SA2: Quality Assurance Status Report Alberto Aimar(SA2) SA2 Leader EMI First EC Review 22 June 2011, Brussels.
EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.
EMI INFSO-RI Testbed for project continuous Integration Danilo Dongiovanni (INFN-CNAF) -SA2.6 Task Leader Jozef Cernak(UPJŠ, Kosice, Slovakia)
EMI is partially funded by the European Commission under Grant Agreement RI Common Framework for Extracting Information and Metrics from Multiple.
PKI for improved cybersecurity in NATO Partner countries Software Arsen Hayrapetyan, ArmeSFo CA.
Core and Framework DIRAC Workshop October Marseille.
GRID-FR French CA Alice de Bignicourt.
Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.
EMI is partially funded by the European Commission under Grant Agreement RI EMI Outlook and Open Source Activities Alberto DI MEGLIO, CERN Project.
Security Area Christoph Witzig (SWITCH) on behalf of John White (HIP)
Design of AMGA Web Application Based on Belle II User Requirements Taesang Huh, Geunchul Park, Jae-Hyuck Kwak, Seungwoo Rho, Soonwook Hwang, JungHyun Kim,
EMI and GISELA Collaboration
EMI Interoperability Activities
EMI 1 (Kebnekaise) release preparation status
John Gordon (STFC) APEL PT Leader
Update on EDG Security (VOMS)
Overview of the VI-SEEM services
Public Key Infrastructure from the Most Trusted Name in e-Security
Presentation transcript:

EMI is partially funded by the European Commission under Grant Agreement RI caNl++ caNl++ team University Of Oslo 5th EMI AHM, Budapest

EMI INFSO-RI Credential handling: – File-based credential handling based on OpenSSL – DB-based credential handling based on NSS Secure communication Features of caNl++

EMI INFSO-RI CSR generation Extension (voms AC) inserting Proxy/EEC signing File-based (cert/key, CA certs, CRL are based on files) Implemented with OpenSSL lib Yes Yes/Yes DB-based (cert/key, CA certs, CRL are based on nss db) Implemented with NSS lib Yes Yes/No Features of caNl++ Yes No Has supportedCan support, not yes supported Cannot support

EMI INFSO-RI Certificate verification (CRL) Certificate verification (OCSP) Certificate verification (OCSP stapling) Secure communica tion File-basedYes DB-basedYes No (not supported by nss lib) Yes Features of caNl++ Yes No Has supportedCan support, not yet supported Cannot support

EMI INFSO-RI OCSP stapling and OCSP – Easier the load of OCSP server – Alleviate the privacy concern for users – OCSP stapling is implemented in canl++ together with secure communication Features of caNl++

EMI INFSO-RI owser/caNl%2B%2B/trunk Code repository and examples

EMI INFSO-RI Example std::string repo_cert = cadir + "/certs" + "/cert.pem”; std::string repo_key = cadir + "/certs" + "/key.pem”; std::ofstream repo_cert_stream(repo_cert.c_str(), std::ifstream::trunc); AuthN::Context ctx(AuthN::Context::EmptyContext); AuthN::Credentials eec(ctx); eec.GetCertificate(repo_cert_stream); repo_cert_stream.close(); AuthN::Context ocsp_ctx(AuthN::Context::EmptyContext); ocsp_ctx.SetCAPath(trusted_cadir); //Set the credential for validator, which will be //used to sign the OCSP request ocsp_ctx.SetCredentials(repo_cert, repo_key); AuthN::Validator ocsp_validator(ocsp_ctx); //Set the validation mode ocsp_validator.SetMode(AuthN::Validator::ValidationOCSPIfPresent); //eec OCSP validation eec.SetValidator(ocsp_validator); stat = eec.Validate(); CPPUNIT_ASSERT_EQUAL(stat, AuthN::Status(0));

EMI INFSO-RI Original Plan: – arcproxy (credential handling) – ARC delegation interface (credential handling) – ARC MCC TLS (secure communication), critical module of ARC – some other components that use credential handling of ARC (credential handling) The adoption of caNl++ in ARC

EMI INFSO-RI Current Status: – caNl++ is only integrated with test release arcproxy – Other parts of integration will be postponed after EMI3 (Oct.31) The adoption of caNl++ in ARC

EMI INFSO-RI Support credential source from Firefox’s NSS internal PKCS#11 module – arcproxy –nssdb (-F) – By default, the location of nss db is parsed from “ ~/.mozilla/firefox/profiles.ini” “~/.mozilla/seamonkey/profile.ini” “~/.thunderbird/profile.ini” arcproxy

EMI INFSO-RI arcproxy (with nssdb)

EMI INFSO-RI arcproxy (with nssdb and voms)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.