David Kelsey CLRC/RAL, UK

Slides:



Advertisements
Similar presentations
24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
Advertisements

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK
GSI – Grid Security Infrastructure and the EU DataGrid Authentication Infrastructure For the EDG CACG: David Groep.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin
DataGrid WP6/CA CA Acceptance/Feature Matrices Trinity College Dublin (TCD) Brian Coghlan Paris MAR-2002.
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
9-May-02D.P.Kelsey, Security Plans, GridPP41 Security: Plans 9 May 2002 GridPP4 meeting, Manchester David Kelsey CLRC/RAL, UK
DOE Grids New subordinate CP/CPS v2.3 New subordinate CP/CPS v2.3 New name DOEGrids.org New name DOEGrids.org Old name DOESciencegrid.org Old name DOESciencegrid.org.
10-Jun-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 10 June 2003 David Kelsey CCLRC/RAL, UK
ESnet PKI Developed for the DOE Science Grid and SciDAC.
DataGrid WP6/CA CA Trust Matrices Trinity College Dublin (TCD) Brian Coghlan CERN DEC-2002.
23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX1 LCG Security Update HEPiX-HEPNT, TRIUMF, 23 October 2003 David Kelsey CCLRC/RAL, UK
3-Nov-00D.P.Kelsey, HEPiX, JLAB1 Certificates for DataGRID David Kelsey CLRC/RAL, UK
10-May-01D.P.Kelsey, Security Workshop Summary1 DataGrid Security Workshop 29/30 March 2001 SUMMARY David Kelsey CLRC/RAL, UK
Security in DataGrid1 Security in DataGrid 12 Mar 2002 TERENA GRID-AN BoF David Groep NIKHEF, Amsterdam based on a presentation by David Kelsey.
BNL VO Management and Grid Mapfile Generation Brookhaven National Lab.
HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.
3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK
Security Mechanisms The European DataGrid Project Team
Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
23-Oct-02D.P.Kelsey, Grid Security, HEPiX, FNAL1 LCG/EDG Security - update and plans HEPiX/HEPNT - FNAL 23 Oct 2002 David Kelsey CLRC/RAL, UK
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
2-Sep-02D.P.Kelsey, WP6 CA, Budapest1 WP6 CA report Budapest 2 Sep 2002 David Kelsey CLRC/RAL, UK
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
11-Dec-00D.P.Kelsey, Certificates, WP6 meeting, Milan1 Certificates for DataGrid Testbed0 David Kelsey CLRC/RAL, UK
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
WP7 Security Coordination 23/24 Jan 2002 David Kelsey CLRC/RAL, UK
15-May-03D.P.Kelsey, SCG Summary1 Security Coord Group (SCG) EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
10-May-01D.P.Kelsey, WP6 Security1 Certificates/Authorisation for DataGrid Testbeds David Kelsey CLRC/RAL, UK
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK
9-Jul-02D.P.Kelsey, DataGrid Security1 EU DataGrid Security 9 July 2002 UK Security Task Force Meeting #2 David Kelsey CLRC/RAL, UK
OSG Security: Updates on OSG CA & Federated Identities Mine Altunay, PhD OSG Security Team OSG AHM March 24, 2015.
HKU Computer Centre Grid Certificate Authority Status Update Lilian Chan IT Services, The University of Hong Kong APGrid.
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
Security Mechanisms The European DataGrid Project Team
WP3 Security and R-GMA Linda Cornwall, RAL. WP3 Linda Cornwall, RAL - 02/09/2002Security and R-GMA,DataGrid Workshop, Budapest 2 Current Status Currently,
Alternative Governance Models for PKI
Testbed: Status & Plans
Jens Jensen EU Grid PMA, Berlin Jan 2015
David Kelsey CCLRC/RAL, UK
DataGrid WP6/CA CA Trust Matrices
WP7: Security Coordination Group (SCG)
AEGIS Certification Authority
HellasGrid CA & euGridPMA
Organized by governmental sector (National Institute of information )
Update on EDG Security (VOMS)
Grid Security M. Jouvin / C. Loomis (LAL-Orsay)
جايگاه گواهی ديجيتالی در ايران
The EU DataGrid Security Services
The EU DataGrid Security Services
MaGrid CA Self audit and update
The JISC Core Middleware Call
Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau
LHC Computing, RRB; H F Hoffmann
Presentation transcript:

David Kelsey CLRC/RAL, UK d.p.kelsey@rl.ac.uk WP6 CA Mgrs meeting 5 Mar 2002 David Kelsey CLRC/RAL, UK d.p.kelsey@rl.ac.uk 5-Mar-02 D.P.Kelsey, WP6 CA Mgrs

Meetings WP6 Certificate Authorities Group Defining procedures for Authentication/Trust Dec 2000, March, June, August, Dec 2001 and 5 March 2002 Agenda 5 Mar 02 Roundtable update Features/Acceptance Matrix GGF CP/CPS Authentication with other Grid projects (USA, CrossGrid) WP6 procedures Next meeting – June 2002 5-Mar-02 D.P.Kelsey, WP6 CA Mgrs

EDG CA’s roundtable Already in TB1 CERN, Czech Rep, France, Ireland, Italy, Netherlands, Nordic, Portugal, Russia, Spain, UK Several working on OpenCA as the implementation Should/will share expertise here Discussion about re-issue of expired certs (users and CA) Long jobs which live beyond life of cert? CA publishing issued certs in LDAP (For VO Authorisation) Some do, some don’t, some don’t want to Other Grid projects USA (LBL/ESnet DOE Science Grid) Karlsruhe (Germany, CrossGrid) 5-Mar-02 D.P.Kelsey, WP6 CA Mgrs

Features/Acceptance Matrix Defined Minimum requirements for EDG CA (Jun01) N * N matrix to show status of “acceptance” Matrix still rather sparse right now! But Features matrix is in better shape Every CA checks that it “trusts” all others Brian Coghlan working on developing and automating the process Investigate using Grid info services Once we have N*N matrix may collapse to single row Using a modified set of min requirements “CA Managers” measure of “trust” 5-Mar-02 D.P.Kelsey, WP6 CA Mgrs

Inter-Grid authentication USA DOE CA now in operation We reviewed their procedures in Dec 2000 Passed EDG criteria Add to Acceptance matrix Approved as a “trusted” CA First test USA – UK reported recently Karlsruhe (CrossGrid and Germany) CA in early operation with draft CP/CPS WP6 CA group will check this soon 5-Mar-02 D.P.Kelsey, WP6 CA Mgrs

Scaling Issues Now: 11 CA’s + 2 new Potentially 7 more CrossGrid countries to come! But no overlap – one per country Can a semi-automated Acceptance matrix cope? OK for now so we should continue this way In the longer term, this will become more difficult! Must remember that authorisation should check user identity carefully we don’t want 2 heavy weight systems Investigate requirements for future Authentication Re-look at Root or Bridge CA Or GGF will solve the problem? 5-Mar-02 D.P.Kelsey, WP6 CA Mgrs

GGF CP/CPS Security Area GridCP working group Discussed in GGF4 Toronto Aiming to help solve “Trust” problem Discussing CP/CPS, Audit, PMA, … Aim to finalise the CP models in GGF5 Edinburgh Our acceptance matrix methods may be useful 5-Mar-02 D.P.Kelsey, WP6 CA Mgrs

WP6 CA procedures “Catch all” CA for DataGrid -> CNRS (agreed) For those without a CA (CEA, ESA, CSSI etc) But requested revised CP to state how RA works User training/documentation (many repeated cert requests!) Cal Loomis requests/suggestions Stability Subscription service for CRL’s Notification of updates Registry of trusted CA’s (GRID service) Subscription service for CA info We will investigate OCSP, OGSA – notification 5-Mar-02 D.P.Kelsey, WP6 CA Mgrs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.