TNC 2016, Prague Alice Through the Looking Glass Science DMZ goes above the network 13 June


Presentation transcript:

Networks ∙ Services ∙ People TNC 2016, Prague Alice Through the Looking Glass Science DMZ goes above the network 13 June Ann Harding Activity Leader Trust & Identity Development SWITCH

Networks ∙ Services ∙ People Ann Harding TNC, Prague Alice Ann Through the Looking Glass Metadata Science DMZ goes above the network 13 June 2016 Activity Leader Trust & Identity Development

Networks ∙ Services ∙ People 3 Science requirements – The Network View Adapted from The Rationale of Optical Networking, Cees de Laat, Erik Radius, Steven Wallace (c2002) Class A) are the typical home users Class B) consists of the corporations, enterprises, Universities, virtual organisations and laboratories. Class C) are the really high end applications Science means big data

Networks ∙ Services ∙ People 4 Through the metadata vg69m+9RK0Cxnh4Knpz5ZU3UL4eON2eaRyN/KxyXw0=t03Jdm5COGvHynCneFxibsejTI5enpdj Y3eero0rTGz4Fu4gtQPY0FnA3joVwebQAxk6OX3H/DfY 1DogUyg69mOXD9SWarPvdfE9lAZa1BJJ+fcuzy2wfCmO3HXDI7du73673GNfkJl4OC1lZMd1Z/4N nfcx7a6p1F5Lb4N9xbl5TZwsBnK5TUdbU4B+jSfoGcl2IBp7K98UWXqoN90nd5UOxiQ7aTJaYZIT z4FCvf1UBFP0Pyv/p/u1iWArzhjF+55syOMfU6B906JMMutFiUW8VxSE0IzA9hydnioxN9ZoPm82 a3lkzrlMXH2RqDknDsfH84jp/bifXGFaPHIyhg== zyfj/lVsMVoGYj/FleUxJWWaxAD/EH1yDOG6cjz8h+MKOLynfDBvncGu+iygFldIoCytAHvfrC4P dYprml3jNNuxXwC8CgvRLLHpZzetbF5mOsCdR94T3JKLjSSDqIJkBxrB3NlGbUWgQcE3nT8KF+Nl EK6xzhrWqW96sadTjCjNAwUKUmbtR/YlDhfz+57GkXxoPLTB9E6GUJAU+j58kD6AOMKfdrFlFYDC jO8ToD3VqGBm1DkyrlPj223yiBkwOaBrfYw9tyrFQkjGBdB2UqJeoJLHiq2nLC+Ol6AUta035pjm ogt9M8+effuf6XWIFaJe2aiq3qDm3OglV591mw== AQAB MIIEJjCCAw6gAwIBAgISSWITCHaaiMetadataSig2015MA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNV BAYTAkNIMQ8wDQYDVQQKEwZTV0lUQ0gxJjAkBgNVBAMTHVNXSVRDSGFhaSBNZXRhZGF0YSBTaWdu aW5nIENBMB4XDTE1MDcxNTA3MDAwMFoXDTE4MDcxNTA2NTk1OVowQjELMAkGA1UEBhMCQ0gxDzAN BgNVBAoTBlNXSVRDSDEiMCAGA1UEAxMZU1dJVENIYWFpIE1ldGFkYXRhIFNpZ25lcjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM8n4/5VbDFaBmI/xZXlMSVlmsQA/xB9cgzhunI8/Ifj Cji8p3wwb53BrvosoBZXSKAsrQB736wuD3WKa5pd4zTbsV8AvAoL0Syx6Wc3rWxeZjrAnUfeE9yS i40kg6iCZAcawdzZRm1FoEHBN50/ChfjZRCusc4a1qlverGnU4wozQMFClJm7Uf2JQ4X8/uexpF8 aDy0wfROhlCQFPo+fJA+gDjCn3axZRWAwozvE6A91ahgZtQ5Mq5T49tt8ogZMDmga32MPbcqxUJI xgXQdlKiXqCSx4qtpywvjpegFLWtN+aY5qILfTPPnn37n+l1iBWiXtmoqt6g5tzoJVefdZsCAwEA AaOCARAwggEMMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUNPJ4wplyT4usqy5df/

Networks ∙ Services ∙ People Class A) are the simple library/journal/learnin g applications Class B) consists of the campus ‘corporate’ infrastructure Class C) are the really complex trust applications for collaboration and e- Research Science means big collaboration 5 Science Requirements - the Trust and Identity View Complexity

Networks ∙ Services ∙ People Network Design Pattern Design pattern 1: Protect your elephant flows Design pattern 2: Unclog your data taps Design pattern 3: Build a well tuned end to end infrastructure Trust and Identity Design Pattern Design pattern 1: Enable your collaboration flows Design pattern 2: Unclog your policy taps Design pattern 3: Build a well trusted end to end infrastructure 6 Science DMZ – Design patterns (Network Design Pattern -

Networks ∙ Services ∙ People Design pattern 1: Enable your collaboration flows Export IdPs to eduGAIN Export eResearch SPs to eduGAIN Design pattern 2: Unclog your policy taps For hub and spoke – do you need the same policies for your C users as for your a and B? Can you be more flexible? For full mesh – do you need to leave everything to the edges? Can you use your resource registry/central tools to apply policy for e- Research more scalably? Pragmatic assurance Design pattern 3: Build a well trusted end to end infrastructure Use Research and Scholarship and GÉANT Code of Conduct Entity Categories to make trust scale beyond your federation Adopt SIRTFI incident response framework to build trust Adopt group and attribute management services e.g. VO Platform 7 Science DMZ, the Trust and Identity View

Networks ∙ Services ∙ People Thank you Networks ∙ Services ∙ People This work is part of a project that has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No (GN4-1).