11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK

Slides:



Advertisements
Similar presentations
Proxy Certificate Profile Douglas E. Engert Argonne National Laboratory 12/14/2001 COPYRIGHT STATUS: Documents authored by Argonne National.
Advertisements

Israel, 10th and 11th of December 2003 Italy Israel Bi-national Seminar on Digital Access to Scientific and Cultural Heritage Antonella Fresa MINERVA Technical.
Robots Jens Jensen, STFC RAL GridNet2/ UK e-Science CA /NGS/GridPP/
© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.
Andrew McNab - Manchester HEP - 15 February 2002 Testbed Release in the UK EDG Testbed 1 GridPP sources of information GridPP VO GIIS and Resource Broker.
Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.
24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
Partner Logo UK GridPP Testbed Rollout John Gordon GridPP 3rd Collaboration Meeting Cambridge 15th February 2002.
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
Author - Title- Date - n° 1 Partner Logo Authentication John Gordon GridPP 2 nd May 2002.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
A responsibility based model EDG CA Managers Meeting June 13, 2003.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
GSI – Grid Security Infrastructure and the EU DataGrid Authentication Infrastructure For the EDG CACG: David Groep.
Cotswolds International Middleware Meeting Upper Slaughter, UK, October 2004 Slides partially by John Martin, JISC; pictures by Ken Kingenstein.
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK
EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
On Robots J Jensen STFC Rutherford Appleton Lab OGF 20, Manchester, May 2007.
Andrew McNab - Manchester HEP - 5 July 2001 WP6/Testbed Status Status by partner –CNRS, Czech R., INFN, NIKHEF, NorduGrid, LIP, Russia, UK Security Integration.
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
9-May-02D.P.Kelsey, Security Plans, GridPP41 Security: Plans 9 May 2002 GridPP4 meeting, Manchester David Kelsey CLRC/RAL, UK
JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.
DOE Grids New subordinate CP/CPS v2.3 New subordinate CP/CPS v2.3 New name DOEGrids.org New name DOEGrids.org Old name DOESciencegrid.org Old name DOESciencegrid.org.
Andrew McNab - GGF Authz - 16 Dec 2003 GGF Authorization work Andrew McNab, University of Manchester
10-Jun-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 10 June 2003 David Kelsey CCLRC/RAL, UK
ESnet PKI Developed for the DOE Science Grid and SciDAC.
DataGrid WP6/CA CA Trust Matrices Trinity College Dublin (TCD) Brian Coghlan CERN DEC-2002.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK
3-Nov-00D.P.Kelsey, HEPiX, JLAB1 Certificates for DataGRID David Kelsey CLRC/RAL, UK
HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.
3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK
Security Mechanisms The European DataGrid Project Team
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Linda Cornwall CCLRC (RAL) FP6 Security workshop.
23-Oct-02D.P.Kelsey, Grid Security, HEPiX, FNAL1 LCG/EDG Security - update and plans HEPiX/HEPNT - FNAL 23 Oct 2002 David Kelsey CLRC/RAL, UK
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
Federated Identity Management for HEP David Kelsey STFC – RAL Nijmegen workshop 22 June 2012.
2-Sep-02D.P.Kelsey, WP6 CA, Budapest1 WP6 CA report Budapest 2 Sep 2002 David Kelsey CLRC/RAL, UK
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
11-Dec-00D.P.Kelsey, Certificates, WP6 meeting, Milan1 Certificates for DataGrid Testbed0 David Kelsey CLRC/RAL, UK
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
WP7 Security Coordination 23/24 Jan 2002 David Kelsey CLRC/RAL, UK
15-May-03D.P.Kelsey, SCG Summary1 Security Coord Group (SCG) EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
10-May-01D.P.Kelsey, WP6 Security1 Certificates/Authorisation for DataGrid Testbeds David Kelsey CLRC/RAL, UK
TACAR Updates version David Groep, NIKHEF. 9 th EUGridPMA ‘RAL’ meeting – Jan David Groep – TACAR Aims  Trusted and.
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK
Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )
Education & Training Platform for Laboratory Animal Science (ETPLAS) FELASA BoM Update Brussels, 12 June 2016 David Smith, Chair Steering Committee.
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
David Kelsey CLRC/RAL, UK
Presentation transcript:

11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK

11-Dec-01D.P.Kelsey, Authentication2 Meetings WP6 Certificate Authorities Group –Defining procedures for Authentication/Trust Dec 2000, March, June, August and Dec 2001 Agenda 6/7 Dec 2001 – CERN –New CA’s (USA and Germany) –Acceptance Matrix –GGF CP/CPS –Naming issues –Scaling problems Next meeting Paris EDG Conference – March 2002

11-Dec-01D.P.Kelsey, Authentication3 EDG CA’s Already in TB1 –CERN, Czech Rep, France, Ireland, Italy, Netherlands, Nordic, Portugal, Russia, Spain, UK In process of joining –USA (LBL/ESnet DOE Science Grid) –Karlsruhe (Germany, CrossGrid)

11-Dec-01D.P.Kelsey, Authentication4 Acceptance Matrix Defined Minimum requirements for EDG CA Don’t accept Globus certs N * N matrix to show status of “acceptance” –Matrix rather sparse right now! Every CA checks that it is “happy” with all others Aim to complete this by 15 Feb 2002

11-Dec-01D.P.Kelsey, Authentication5 Some issues Host certificates –Need to find a CA prepared to issue them Privacy of Private key Scaling –Resources Global trust –GGF CP Authorisation vs Authentication Naming

11-Dec-01D.P.Kelsey, Authentication6 Privacy of private key Private key must be secret or else … –CP violation –Violation of Use Guidelines Compromised keys should be revoked by CA Service/Host certificates must relate to a single network entity This will be enforced

11-Dec-01D.P.Kelsey, Authentication7 Scaling issues Number of CA’s growing quickly Number of certs per CA growing too fast –CERN users should apply to their national CA Didn’t discuss the problem much Resources required are large –To run a CA –To check trust with all others Possible solutions –GGF CP work –Make Authentication lightweight Bind name string to public key, but no meaning of name

11-Dec-01D.P.Kelsey, Authentication8 GGF CP/CPS Discussed draft CP document GGF hopes to agree this in Toronto (Feb 02) 4 levels of assurance or just 2 levels? Do we need proof of possession of private key? Need to remove references to US Federal agencies Central GGF repository –Plus audit More scaling problems!

11-Dec-01D.P.Kelsey, Authentication9 Authentication vs Authorisation Where do we put most effort checking identity? Answer –As close to the resources as possible Authorisation scheme will need to do most checking Don’t duplicate the effort! Authentication cert could bind random string to public key

11-Dec-01D.P.Kelsey, Authentication10 Naming Flat namespace vs hierarchy? What does the name mean anyway? examples –/dc=doesciencegrid /dc=org /cn=John Smith 2654 –/c=uk /o=ESgrid /ou= GridPP/L=Manchester/ cn= John Smith Main reason to keep flat –Remove all Authorisation information Decided not to standardise –CA can do what they like

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.