Security Area Christoph Witzig (SWITCH) on behalf of John White (HIP)

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

EMI Development Plans for Identity Management Henri Mikkonen / HIP Moonshot, Grid and HPC Workshop London, UK.
2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI The EGI Software Vulnerability Group and EMI Dr Linda Cornwall, STFC, Rutherford.
EMI INFSO-RI European Middleware Initiative (EMI) Alberto Di Meglio (CERN) Project Director.
EMI INFSO-RI EMI roadmap (development plan) Balázs Kónya (Lund University, Sweden) EMI Technical Director 25 th October 2010, Brussels, EGI-TCB.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
EMI is partially funded by the European Commission under Grant Agreement RI Software stack consolidation Balázs Kónya, Lund University 3rd EMI all-hands,
Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,
EMI INFSO-RI ARC on the European Distributed Computing Infrastructure (DCI) landscape Balázs Kónya (Lund University) NorduGrid Technical Workshop.
SAML support in VOMS Valerio Venturi EGEE JRA1 AH Meeting, Amsterdam 20/23 February 2008.
EMI INFSO-RI AAI in EEF Projects John White (Helsinki University) EMI Security Area Leader.
EMI INFSO-RI EMI Structure, Plans, Deliverables Alberto Di Meglio (CERN) Project Director ATLAS Software & Computing Week Geneva, 21 July 2011.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security and Job Management.
European Middleware Initiative (EMI) – Release Process Doina Cristina Aiftimiei (INFN) EGI Technical Forum, Amsterdam 17. Sept.2010.
Overview of user client usage: ARC Iván Márton Zsombor Nagy.
EMI 1 Release The EMI 1 (Kebnekaise) release features for the first time a complete and consolidated set of middleware components from ARC, dCache, gLite.
Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks JRA1 summary Claudio Grandi EGEE-II JRA1.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
EMI is partially funded by the European Commission under Grant Agreement RI Argus Policies Tutorial Valery Tschopp - SWITCH EGI TF Prague.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
30-Sep-03D.P.Kelsey, SCG Summary1 Security Co-ordination Group (WP7 SCG) EDG Heidelberg 30 September 2003 David Kelsey CCLRC/RAL, UK
Security Token Service (STS) Design & Development Plans Henri Mikkonen / HIP 3 rd EMI All-Hands Meeting , Padova, Italy.
INFSO-RI Enabling Grids for E-sciencE EGEE Security Joni Hahkala, UH-HIP On behalf of JRA3 JRA1 AH March 22-24, 2006.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
EMI INFSO-RI Overview of the EMI development objectives Balázs Kónya (Lund University) EMI Technical Director EMI All Hands Prague, 23rd November.
EMI INFSO-RI Argus Policies in Action Valery Tschopp (SWITCH) on behalf of the Argus PT.
EMI INFSO-RI European Middleware Initiative (EMI) Alberto Di Meglio (CERN)
SA2.6 Task: EMI Testbeds Danilo Dongiovanni INFN-CNAF.
Compute Area Status and Plans Marco Cecchi – INFN CNAF Massimo Sgaravatto – INFN Padova.
EMI INFSO-RI Argus The EMI Authorization Service Valery Tschopp (SWITCH) Argus Product Team.
1 Update on the Vulnerability Assessment Effort Elisa Heymann Computer Architecture and Operating Systems Department Universitat Autònoma de Barcelona.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Update Authorization Service Christoph Witzig,
EMI INFSO-RI Technical Overview Balázs Kónya (Lund University) Technical Director 1 st EMI Periodic Review Brussels, 22 June 2011.
EMI INFSO-RI EMI 2 Matterhorn roadmap Balázs Kónya (Lund University) EMI Technical Director EGI Technical Forum, Lyon, 20 September 2011.
EMI INFSO-RI European Middleware Initiative (EMI) Alberto Di Meglio (CERN) Project Director.
EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.
EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI TF.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Transforming the Existing User Credentials.
European Middleware Initiative (EMI) – Training Kathryn Cassidy, TCD EMI NA2.
EMI INFSO-RI SA1 – Maintenance and Support Francesco Giacomini (INFN) EMI First EC Review Brussels, 22 June 2011.
EMI INFSO-RI EMI Documentation Emidio Giorgio (INFN Catania) NA2 Leader 2 nd All Hands Meeting May 31th, Lünd.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Steven Newhouse Technical Director Moving.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks OpenSAML extension library and API to support.
EMI is partially funded by the European Commission under Grant Agreement RI Development Roadmap of the EMI middleware Balázs Kónya, Lund University,
Collaboration ed. 11/11/2009gLite Open Collaboration1 The gLite Open Collaboration “WLCG Overview Board” M. Mazzucato gLite Collaboration Board Chair.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.
EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.
EMI is partially funded by the European Commission under Grant Agreement RI caNl++ caNl++ team University Of Oslo 5th EMI AHM, Budapest.
EMI is partially funded by the European Commission under Grant Agreement RI Argus Policies Tutorial Valery Tschopp (SWITCH) – Argus Product Team.
EMI INFSO-RI EMI 1, open source middleware and the road to sustainability Alberto Di Meglio (CERN) Project Director EGI User Forum EMI Technical.
EMI is partially funded by the European Commission under Grant Agreement RI Future Proof Storage with DPM Oliver Keeble (on behalf of the CERN IT-GT-DMS.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Argus gLite Authorization Service Workplan.
Implementation of GLUE 2.0 support in the EMI Data Area Elisabetta Ronchieri on behalf of JRA1’s GLUE 2.0 Working Group INFN-CNAF 13 April 2011, EGI User.
EMI INFSO-RI EMI 1 (Kebnekaise) Updates C. Aiftimiei (INFN) EMI Release Manager.
Lund All Hands meeting Compute Area Section Massimo Sgaravatto INFN Padova.
UNICORE and Argus integration Krzysztof Benedyczak ICM / UNICORE Security PT.
Argus EMI Authorization Integration
Delegation methods in EMI
EMI 1 (Kebnekaise) Updates
HMA Identity Management Status
EMI Interoperability Activities
EMI: dal Produttore al Consumatore
Presentation transcript:

Security Area Christoph Witzig (SWITCH) on behalf of John White (HIP)

EMI INFSO-RI Maintenance – of existing security components Harmonization – Common authN library – Common profiles (SAML, XACML) – Common authorization service New Stuff: – Easier credential management Overview of Work 1/6/2011 EMI All Hands Meeting 2011, Lund 2

EMI INFSO-RI Java Delegation service: – coordination with EMI-ES MyProxy, Proxy Renewal, GridSite, gSoap,... – By CESNET Site access control: – gLExec  add support for PAM module (e.g. Argus) – LCAS/LCMAPS/EES: convergence of code Reduction of components: – Generally hard to drop entire components Code reduction often more feasible – Trustmanager, java-util  common authN library Maintenance – gLite (1) 1/6/2011 EMI All Hands Meeting 2011, Lund 3

EMI INFSO-RI Confidentiality Services: – Hydra: will be released in an EMI-1 update cycle New tests, documentation, vulnerability assessment – Pseudonymity service: Refactoring, certification, release Q VOMS: – VOM(R)S convergence – Third-party attribute queries Maintenance – gLite (2) 1/6/2011 EMI All Hands Meeting 2011, Lund 4

EMI INFSO-RI ARC: – Support according to user requests – Nordugridmap, arcproxy: adapt to possible changes in VOMS – Recover LCAS/LCMAPS support Unicore – Refactoring of security PT (done) – Optimization of security stack – Support for resource sharing Maintenance – ARC and Unicore 1/6/2011 EMI All Hands Meeting 2011, Lund 5

EMI INFSO-RI Common authentication library – APIs for C, C++, Java done (almost) all internally reviewed – PT must be formed (TBC) 1st release Feb 2012 Java: UNICORE security PT C: NIKHEF, additional manpower needed C++: ARC – Note: Assumption: Most code taken from existing libraries Reach-out to other PT needs to be done Harmonization (1) 1/6/2011 EMI All Hands Meeting 2011, Lund 6

EMI INFSO-RI Common SAML profile: – Defined – Implementation in VOMS, 1st use by UNICORE Common XACML profile: – Defined – Support by Argus – Use by CREAM, UNICORE, ARC Harmonization (2) 1/6/2011 EMI All Hands Meeting 2011, Lund 7

EMI INFSO-RI Common authorization service – Use of Argus – Today: gLExec, global banning – Support in CREAM and data management (DPM, LFC) added – Coming: Support in ARC and UNICORE (  common XACML profile) – New feature: Argus EES Harmonization (3) 1/6/2011 EMI All Hands Meeting 2011, Lund 8

EMI INFSO-RI EMI AAI WG: – Easier credential management for non X.509 users – Support for AAIs and Kerberos – Late start of activity due to other priorities Security Token Service (STS) – To translate tokens into another format SAML / Kerberos  X.509 – Brokers trust between different security domains – Generic for all kinds of tokens, standards-based interface (WS- Trust) – Current plan to base on Shibboleth IdP v3 – Reach-out to other related efforts Support for AAIs 1/6/2011 EMI All Hands Meeting 2011, Lund 9

EMI INFSO-RI Work done by E.Heymann, UAB, w/collab. UWM Components assessed: VOMS Admin  vulnerabilities fixed gLExec 0.8  vulnerabilities fixed in EMI-1 Argus 1.2  no vulnerabilities found Components to be assessed: VOMS core (2.0.2) started To do: CREAM, WMS, Target System Interface, Gateway UAB cannot assess every component  security training for SW developers 1/6/2011 EMI All Hands Meeting 2011, Lund 10 Vulnerability Assessment

EMI INFSO-RI EMI JRA1 security Wiki: /EmiJra1T4Security /EmiJra1T4Security DJRA1.3.2: Security Work Plan Further Information 1/6/2011 EMI All Hands Meeting 2011, Lund 11

EMI is partially funded by the European Commission under Grant Agreement RI Thank you! 1/6/ EMI All Hands Meeting 2011, Lund

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.