University of Virginia, USA GGF9, Chicago, Illinois, US

Slides:



Advertisements
Similar presentations
PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept
Advertisements

© 2006 Open Grid Forum Security Area OGF19 Standard All Hands.
OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.
GT 4 Security Goals & Plans Sam Meder
cetis Really Complex Web Service Specifications Scott Wilson.
A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.
Security Standards (…and Competing Standards … and Implementations … and Interoperability) Marty Humphrey Assistant Professor Computer Science Department.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
WS-Security TC Christopher Kaler Kelvin Lawrence.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.
Web Service Standards, Security & Management Chris Peiris
OGSA SEC WG [OGSA= Open Grid Services Architecture] Co-chairs: Nataraj Nagaratnam, IBM, USA Marty Humphrey University of Virginia, USA GGF9.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”
SAML support in VOMS Valerio Venturi EGEE JRA1 AH Meeting, Amsterdam 20/23 February 2008.
© 2006 Open Grid Forum Security Activities at OGF24 Security Area Meeting.
17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.
Introduction to Implementing XML web services authentication John Messing Law-on-Line, Inc. Prepared for Maricopa County ICJIS May 17, 2006.
Andrew McNab - GGF Authz - 16 Dec 2003 GGF Authorization work Andrew McNab, University of Manchester
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Navigating the Standards Landscape Andrew Owen SEARCH.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.
W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.
OGSA Security Roadmap Discussion GGF5 – 7/24/02. Outline l Introduction l Architecture Goal l Roadmap Goal l Proposed Specs l Challenges l Next Steps.
Supporting education and research Security and Authentication for the Grid Alan Robiette, JISC Development Group.
Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.
CaGrid 2.0 Security Prototype 1. Goals Prototype some proposed security solutions – Ensure interoperability across programming models – Ensure interoperability.
Prabath Siriwardena – Software Architect, WSO2. Patterns Standards Implementations Plan for the session.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
Grid Authorization Landscape and Futures Von Welch NCSA
Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.
Andrew McNabGESA/Authz, GGF9, 7 Oct 2003Slide 1 Authorization status Andrew McNab High Energy Physics University of Manchester
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
AuthZ WG Conceptual Grid Authorization Framework document Presentation of Chapter 2 GGF8 Seattle June 25th 2003 Document AID 222 draft-ggf-authz-framework pdf.
The Roadmap of NAREGI Security Services Masataka Kanamori NAREGI WP
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Eclipse Foundation, Inc. Eclipse Open Healthcare Framework v1.0 Interoperability Terminology HL7 v2 / v3 DICOM Archetypes Health Records Capture Storage.
Access Policy - Federation March 23, 2016
IT Infrastructure Plans
Obligations in the OGSA SAML Authorization Service Interface
OGSA-WG Basic Profile Session #1 Security
Shibboleth Roadmap
GGF8 Authorization Frameworks and Mechanisms Working Group
Sessions 1 & 3: Published Document Session Summary
Hiro Kishimoto, OGSA-WG co-chair GGF16 in Athens February 13, 2006
Usecases and Requirements for OGSA-Security
OGSA Status and Future GGF13 March 14, 2005 in Seoul
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Web Services UNIT 5.
OGF 21 Seattle Washington
Andrew Nash Chief Technology Officer, Reactivity
AARC Blueprint Architecture and Pilots
Liang Fang, Dennis Gannon Indiana University Frank Siebenlist
Grid Security: What is it? Where is it going? Why?
A Grid Authorization Model for Science Gateways
Web Services Distributed Management
The JISC Core Middleware Call
Presentation transcript:

University of Virginia, USA GGF9, Chicago, Illinois, US OGSA SEC WG co-chairs Nataraj Nagaratnam IBM, USA Marty Humphrey University of Virginia, USA GGF9, Chicago, Illinois, US

OGSA SEC WG History Pre-GGF5 (~ June 2002) GGF5: Mini-BOF (July 2002) “Security Architecture for Open Grid Services” “OGSA Security Roadmap” GGF5: Mini-BOF (July 2002) Raj and Frank gave presentations, led discussions Consensus was to go-ahead Pre-GGF6: Formation of WG (~ Sept 2002) Some slides from GGF6 (Oct 2002)…

WS Security Roadmap exists, so why do we? What if boxes never materialize? What if boxes appear too late? What if there are licensing issues with box(es)? What if “their roadmap” is missing pieces? What if Grid Computing != Web Services? MS-IBM Roadmap is wire-oriented; we need to be wire-oriented AND service-oriented (i.e., portTypes) How do we make our existing security services “fit” with OGSA Architecture?

OGSA SEC WG Charter “enumerate and address the Grid Security requirements in the context of the OGSA” “leverage… WS-Security… and… WS Security Roadmap” Primary outcome: doc #1: The Security Architecture for Open Grid Services doc #2: OGSA Security Roadmap Secondary outcome: Creation of new GGF WGs to address “gaps” identified by #2 Synergistic with other efforts (e.g., OASIS, W3C)

[GGF6] WG Methodology What requirements are unique/necessary in Grids? Do the Architecture/Roadmap cover these? If not, how to extend documents? What components need to be built based on these requirements? Are any specifications not listed? Are any of these boxes actively being constructed outside of the GGF? What are these? Where are these? Who are building them? Which of the (inactive/pending) boxes are urgent? Based on the identified set of specifications that we need to work on, try to prioritize the list and come up with a dependency/deliverable graph Suggest spinning off workgroups based on specs identified to be started under GGF

Current/proposed specs Building on the SOAP Foundation WS-Secure Conversation WS-Federation WS-Authorization This is a composable Architecture “only use what you need” WS-Policy WS-Trust WS-Privacy today WS-Security time SOAP Foundation

OGSA Security Components

Building Blocks

Roadmap: Proposed Specs. (1) Category Specifications Naming OGSA Identity OGSA Target/Action Naming OGSA Attribute and Group Naming Transient Service Identity Acquisition Translation between Security Realms Identity Mapping Service Generic Name Mapping Policy Mapping Service Credential Mapping Service Authentication Mechanism Agnostic OGSA Certificate Validation Service OGSA-Kerberos Services Pluggable Session Security GSSAPI-SecureConversation Pluggable Authorization Service OGSA-Authorization Service

Roadmap: Proposed Specs. (2) Category Specifications Authorization Policy Management Coarse-grained Authorization Policy Management Fine-grained Authorization Policy Management Trust Policy Management OGSA Trust Service Privacy Policy Management Privacy Policy Framework VO Policy Management VO Policy Service Delegation Identity Assertion Profile Capability Assertion Profile

Roadmap: Proposed Specs. (3) Category Specifications Firewall Friendly OGSA Firewall Interoperability Security Policy Expression and Exchange Grid Service Reference and Service Data Security Policy Decoration Secure Service Operation Secure Service’s Policy and Processing Service Data Access Control Audit and Secure Logging OGSA Audit Service OGSA Audit Policy Management

Non-GGF Progress Since GGF6 (Oct 2002) Dec 18: WS-Policy, WS-PolicyAttachment, WS-PolicyAssertions, WS-SecurityPolicy, WS-Trust, WS-SecureConversation WS-Policy 1.1 et. al. May 28 July 2003: WS-Federation OASIS WSS TC docs for public review (Sept 9) SOAP Message Security, Username Token Profile, X.509 Cert Token Profile XACML ratified as OASIS Open Standard SAML v1.1 (Sept, 2003) WS-I moves forward

GGF progress since Oct 2002 We need to let non-GGF activities progress…. … but we need to make progress where we can: Use of WS-* et. al. specs and SDKs (e.g., WSE) Focus on an Authorization Service (OGSA AuthZ WG) OGSA SEC WG is “idle” at the moment

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.