Mehran Ahsant, PDC, Joni Hahkala, HIP on behalf of JRA3

Slides:

Advertisements

Similar presentations

MyProxy Jim Basney Senior Research Scientist NCSA

Advertisements

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

Workshop on Cyber Infrastructure in Combustion Science April 19-20, 2006 Subrata Bhattacharjee and Christopher Paolini Mechanical.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.

3 May 2006 GridSite Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.

Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.

Andrew McNab - GridSite/G-HTTPS - 17 Feb 2003 GridSite and G-HTTPS update Andrew McNab, University of Manchester

The GridSite Security System Andrew McNab and Shiv Kaushal University of Manchester.

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

EGEE is a project funded by the European Union under contract IST Gap analysis draft v2 Olle Mulmo, David Groep, Joni Hahkala JRA3 Gap, 10.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Grid Services I - Concepts

EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP.

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Grid, Web services and Taverna Machiel Jansen Richard Holland.

INFSO-RI Enabling Grids for E-sciencE EGEE Security Joni Hahkala, UH-HIP On behalf of JRA3 JRA1 AH March 22-24, 2006.

Semantic Phyloinformatic Web Services Using the EvoInfo Stack Speaker: John Harney LSDIS Lab, Dept. of Computer Science, University of Georgia Mentor(s):

Grid Security work in 2004 Andrew McNab Grid Security Research Fellow University of Manchester.

Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services.

Security Middleware Andrew McNab University of Manchester.

Andrew McNab - HTTP/HTTPS extensions HTTP/HTTPS as Grid data transport 6 March 2003 Andrew McNab, University of Manchester

Ákos FROHNER – DataGrid Security n° 1 Security Group TODO

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

Discovery of Manageability Clarification

INFSO-RI Enabling Grids for E-sciencE NPM Security Alistair K Phipps (NeSC) JRA4 Face To Face, CERN, Geneva.

EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.

GridSite status Andrew McNab University of Manchester.

INFSO-RI Enabling Grids for E-sciencE JRA3 Åke Edlund On behalf of JRA3 EGEE 8th All-activity meeting January 18-19,

EGEE is a project funded by the European Union under contract IST Datamat Status Report F. Pacini Datamat S.p.a. Milan, IT-CZ JRA1 meeting,

Security Area Christoph Witzig (SWITCH) on behalf of John White (HIP)

INFSO-RI Enabling Grids for E-sciencE Ákos Frohner, Ricardo Brito Da Rocha (CERN) EGEE Delegation 1.1.

Grid Data Access: Proxy Caches and User Views EGI Technical Forum 19 September 2011 Jan Just Keijser Cristian Cirstea Jeff Templon.

Principles Architecture Functionality Configuration Future plans

Report from the PTF Fabrizio Pacini Datamat S.p.a.

Third Party Transfers & Attribute URI ideas

Sabri Kızanlık Ural Emekçi

A Web Services Journey on the .NET Bus

T Network Application Frameworks and XML Web Services and WSDL Sasu Tarkoma Based on slides by Pekka Nikander.

Open Source distributed document DB for an enterprise

NAREGI-CA Development of NAREGI-CA NAREGI-CA Software CP/CPS Audit

EMI Interoperability Activities

R-GMA Security Stephen Hicks UK Cluster Security

Consistent URIs For Compliance Checking (1)

Some Basics of Globus Web Services

SP Roadmap Identifies “current”, “next”, and possibly “future” releases along with links.

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Sébastien BAHLOUL LINAGORA 5 April 2006 – ObjectWeb Meeting - Grenoble

Encrypted Data Store, Hydra & Delegation Interface

The New Virtual Organization Membership Service (VOMS)

Serpil TOK, Zeki BAYRAM. Eastern MediterraneanUniversity Famagusta

Introduction to Web Services

Device Registration and Multi-Factor Authentication

Encrypted Database Final Presentation

敦群數位科技有限公司(vanGene Digital Inc.) 游家德(Jade Yu.)

a middleware implementation

Building Security into Your System

Distributed System using Web Services

Grid Computing Software Interface

Condor-G: An Update.

Presentation transcript:

Mehran Ahsant, PDC, Joni Hahkala, HIP on behalf of JRA3 gLite Delegation Mehran Ahsant, PDC, Joni Hahkala, HIP on behalf of JRA3

Why Delegation? The Grid is becoming more complex, delegation becomes vital Delegation provides Single-Sign-On (SSO) Delegation by means of Proxy certificates allows users to authenticate themselves just once. No need for mutual authentication between remote sides and end-users. Data Key Management, Athens April 21st, 2005

Basic Principle 2. Generate Pub & priv keys 1. Initiate delegation 3. Return public key 4. Sign public key 5. Return signed certificate 6. Use delegated credentials Data Key Management, Athens April 21st, 2005

Delegation Background (EDG) G-HTTP(S) delegation Performs delegation by means of X509 Proxy certificates G-HTTP(S) proposal extends HTTP by adding methods/headers to HTTP to allow delegation GridSite (grst-proxy.cgi) has a G-HTTP(S) implementation GET-PROXY-REQ PUT-PROXY Real work for the above done by the functions in libgridsite. Data Key Management, Athens April 21st, 2005

Web Service portType v.1 First try Straight transformation of G-HTTPS into a WS WSDL defined GridSite and Java libraries for implementing a standalone service or for integrating into a service Data Key Management, Athens April 21st, 2005

Interoperability Considerations Client and server sides of both GridSite and Java delegation, need interoperability for a full mesh interaction. Interoperability between gridSite and Java delegation Common naming schema. HashOf(DER encoded DN) | ’-’ | HashOf(DelegationID) Common storing mechanism Configurable location of proxy cache Set of utility functions to locate proxies in cache Data Key Management, Athens April 21st, 2005

Harmonizing Delegation Other projects are experimenting delegation Globus Alliance, EGEE, GridSite, OSG, … Creating a common WSDL definition for Delegation in order to obtain a single set of syntax and semantics of delegation Data Key Management, Athens April 21st, 2005

New Approach for Delegation Describing delegation as a standalone Web Service portType WS-Trust specification defines a mechanism for credential issuance and Delegation. We are trying to make use of WS-Trust as much as possible. Providing Ready-to-use library implementations of this portType which can be integrated to other services A standalone delegation service Data Key Management, Athens April 21st, 2005

Current Situation of Delegation A “task force” group was established. A Strawman document produced in order to obtain a consensus on a common delegation interface. The idea presented at GGF13 to solicit comments from Grid community. General interest Data Key Management, Athens April 21st, 2005

What is next for Delegation? Modeling this new approach based on WS-Trust specification for X.509 proxy certificate delegation. (is still ongoing) Implementing both standalone (C++/Java) libraries and delegation service of this portType. Data Key Management, Athens April 21st, 2005

Questions Thanks Questions ? Data Key Management, Athens April 21st, 2005