UCTrust Integration for UC Grid David Walker University of California, Davis ucdavis.edu Kejian Jin University of California, Los Angeles kjin.

Slides:

Advertisements

Similar presentations

Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.

Advertisements

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Implementing Federated Identity Management across a Multi-campus Statewide System: The Texas Experience William A. Weems Assistant Vice President Academic.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Staff. is a portal. Our portal. Fully customized for Mohawk College… and for you. is a portal. Our portal. Fully customized for Mohawk College… and for.

- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.

Lecture 23 Internet Authentication Applications

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Information Resources and Communications University of California, Office of the President Information Technology Services The California State University.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.

Guest Portal for Researchers UMDNJ Ed Castagna University of Medicine and Dentistry of New Jersey.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney

Meeting InCommon Silver Profile Standards at UCD and UCB Bob Ono, UC Davis, Dedra Chamberlin, UC Berkeley, David Walker, UC Davis, Doreen Meyer, UC Davis.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March

The InCommon Federation The U.S. Access and Identity Management Federation

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Connect.usatlas.org ci.uchicago.edu ATLAS Connect Technicals & Usability David Champion Computation Institute & Enrico Fermi Institute University of Chicago.

KX509: Leveraging Kerberos to Obtain Digital Certificates for Web Client Authentication University of Michigan Kevin Coffman Bill Doster.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

UC Middleware Needs David Walker Information & Educational Technology University of California, Davis

1.The portal sends, under the user approval, user’s attribute retrieved from IDP to CA bridge 2.CA bridge module requests to a CA-online a certificate.

Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

COMPDIRS NATHAN DORS APRIL 16, AGENDA  IAM – who we are, what we do  HRP Modernization & Workday  What’s new in IAM?  Identity.UW soft.

Grid Security 1. Grid security is a crucial component Need for secure communication between grid elements  Authenticated ( verify entities are who they.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

Information Resources and Communications University of California, Office of the President UC-Wide Activities in Support of Research and Scholarship David.

User Provisioning Project Presented to ITLC September 28, 2010 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary Doyle,

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

Building Security into Your System Bill Major Gregory Ponto.

Identity Management Practical Issues Associated with Sharing Federated Services William A. Weems The University of Texas Health Science Center at Houston.

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

11 ITLC – Middleware Report May 27, 2010 The work of a subgroup of ITAG.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Overview of “Attribute Aggregation In Federated Identity Management”[1] Presented by Daniel Waymel November 2013 at UT Dallas.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

Security Issues and Challenges in High Performance Grid Computing SASA SUBOTIC SASA SUBOTIC University of Pretoria.

IAM VISION OUR CREATIVE INSPIRATION IAM STRATEGY & ROADMAP TEAM JUNE 3, 2015.

1 SURAGrid User/Host Certificate Authority SURAgrid Meeting MARCH 26, 2010 Jim Jokl University of Virginia.

CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,

Trusted Organizations In the grid world one single CA usually covers a predefined geographic region or administrative domain: – Organization – Country.

Overview of “Attribute Aggregation In Federated Identity Management”[1] Presented by Daniel Waymel June 2013 at UT Dallas.

The LGI Pilot job portal EGI Technical Forum 20 September 2011 Jan Just Keijser Willem van Engen Mark Somers.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.

Grid accounting system

A Business Case for Identity Management in Higher Education

Building Security into Your System

Authorization in UCTrust

User Provisioning Project

Presentation transcript:

UCTrust Integration for UC Grid David Walker University of California, Davis ucdavis.edu Kejian Jin University of California, Los Angeles ats.ucla.edu

Overview Vision Background on UCTrust Existing Registration Process New Registration Process Technology Integration Demonstration

Vision UC Grid will become the infrastructure linking high-performance computing resources within UC. These resources will be used by all members of the community. –100,000s of users! Very few (1,000s? 100s?) of these people will be programming. Nearly all will be using canned applications. That is, we need an extremely efficient user registration process for pool users.

UCTrust Federation of “all” UC community members (faculty, staff, student, affiliates) Fully integrated into InCommon, the national federation of university community members Relies on trust that each campus can properly identify its own community members and provide information about them. Protocol is encrypted and enables mutual authentication of both service and identity providers http: //

Existing Registration Process 1.An end-user requests a UC Grid login via the UC Grid portal. 2.If this is a request for a Cluster User login, the cluster administrator is asked to approve the request. 3.The campus grid portal administrator is asked to approve the request. 4.The UC Grid portal finalizes the registration and creates the user's certificate.

New Registration Process 1.An end-user logins into the UC Grid portal via UCTrust to register and create a certificate. The user is given access to the UC Grid default pool. Afterwards... If the user needs access to a specific cluster, the cluster administrator authorizes access. If the user needs access to a campus default pool, the campus grid administrator authorizes access.

Technical Integration UC Grid is a Service Provider within UCTrust (InCommon). It obtains eduPersonPrincipleName (ePPN) from the campus Identity Providers. –The ePPN replaces the function of the old UC Grid login and password. On the first login, ePPN is used to create the user's long-term digital certificate. On subsequent logins, ePPN is used to create the short-term certificate for the session.

Demonstration