Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 GGUS user authentication Tiziana Ferrari/EGI.eu Peter Solagna/EGI.eu 05-02-2013.

Slides:



Advertisements
Similar presentations
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Advertisements

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group Summary EGI TF David Kelsey 6/28/
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE EGI services for the long tail of science Peter Solagna Senior Operations.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Future support of EGI services Tiziana Ferrari/EGI.eu Future support of EGI.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EG recent developments T. Ferrari/EGI.eu ADC Weekly Meeting 15/05/
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
Identity on Force.com & Benefits of SSO Nick Simha.
GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,
Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.
Single Sign-On
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Towards H2020 Tiziana Ferrari/EGI.eu WLCG Collaboration Workshop.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
RI EGI-InSPIRE RI EGI Future activities Peter Solagna – EGI.eu.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enforcement of the personal data retention policy Peter Solagna, EGI.eu WLCG.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Next Steps.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI (Present and) Future of the EGI Services for WLCG Peter Solagna – EGI.eu.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGI Operations Tiziana Ferrari EGEE User.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
WLCG Laura Perini1 EGI Operation Scenarios Introduction to panel discussion.
2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.
EGI-InSPIRE RI EGI-InSPIRE RI User Support in IGI: Related Tools and Services in Italy EGI Technical Forum
EGI-InSPIRE RI EGI EGI-InSPIRE RI Service Operations Security Policy the new generalised site operations security policy.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Monitoring of the LHC Computing Activities Key Results from the Services.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Ops Portal New Requirements.
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI VM Management Chair: Alexander Papaspyrou 2/25/
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Supporting Distributed Computing Infrastructures Torsten Antoni, KIT
CaGrid 1.0 Security Infrastructure Stephen Langella, Scott Oster, Shannon Hastings, David Ervin, Joshua Phillips, Vinay Kumar, Tahsin Kurc, Joel Saltz.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI-InSPIRE APEL for Accounting John Gordon, Stuart Pullinger STFC.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Accounting Requirements Stuart Pullinger STFC 09/04/2013 EGI CF – Accounting.
Placeholder ES 1 CERN IT EGI Technical Forum, Experiment Support group AAI usage, issues and wishes for WLCG Maarten Litmaath CERN.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI CSIRT Procedure for Compromised Certificates and Central Security Emergency.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI VOMS Proxy Lifetime UCB 21 Aug 2012 David Kelsey STFC.
European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI UMD Roadmap Steven Newhouse 14/09/2010.
EGI-InSPIRE RI SPG Tasks for Year 2011 Jan 2011 Kelsey/Security Policy Group1.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI-InSPIRE PY5 new activities Peter Solagna – EGI.eu.
EGI Process Assessment and Improvement Plan – EGI core services – Tiziana Ferrari FedSM project 1EGI Process Assessment and Improvement Plan (Core Services)
Security Bob Cowles
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Questionnaires to Cloud technology providers and sites Linda Cornwall, STFC,
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Services for Distributed e-Infrastructure Access Tiziana Ferrari on behalf.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Regional tools use cases overview Peter Solagna – EGI.eu On behalf of the.
The Mapper project receives funding from the EC's Seventh Framework Programme (FP7/ ) under grant agreement n° RI EGI and PRACE ecosystem.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI A pan-European Research Infrastructure supporting the digital European Research.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE Software provisioning and HTC Solution Peter Solagna Senior Operations Manager.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI solution for high throughput data analysis Peter Solagna EGI.eu Operations.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Applications Database Software Releases Alexander Nakos, et al.
Using Your Own Authentication System with ArcGIS Online
WLCG Update Hannah Short, CERN Computer Security.
EGI Updates Check-in Matthew Viljoen – EGI Foundation
Incident Response for Federated Identities
Solutions for federated services management EGI
Windows Active Directory Environment
AAI in EGI Status and Evolution
Grid Computing Software Interface
Presentation transcript:

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI GGUS user authentication Tiziana Ferrari/EGI.eu Peter Solagna/EGI.eu GGUS user authentication

EGI-InSPIRE RI Requirements (1/2) (1) Information from GGUS tickets must be accessible to all users for traceability of issues and sharing of information across one or multiple Vos (WLCG) –GGUS tickets must not include confidential information whatever user authentication mechanism is adopted (see following slide) (2) Allow all users (including those not holding a X.509 certificate) to submit tickets –Usage of robot certificates and EuduGAIN credentials gaining popularity GGUS user authentication2

EGI-InSPIRE RI Requirements (2/2) (3) Users must be authenticated –GGUS must be protected from spam  user verification needed –No identity vetting and verification when registering a new SSO account, membership of inspire-members SSO group does not satisfy (2) (4) X.509 authentication must coexist with other user authentication mechanisms (WLCG) GGUS user authentication3

EGI-InSPIRE RI Confidentiality Information available from GGUS must not be confidential –Service operations security policy “You shall use logged information, including information provided to you by Users, other Resource Centres, Service operations or by the Infrastructure Organization, only for administrative, operational, accounting, monitoring and security purposes. You shall apply due diligence in maintaining the confidentiality of logged information” –IP addresses, middleware packages, log extracts must not include confidential information  the submitter must apply due diligence in this –Users holding a valid X.509 certificate are not necessarily more trustworthy GGUS user authentication4

EGI-InSPIRE RI For discussion EGI SSO  no guarantee of user validity –Various implementation scenarios –Possible short term solution Usage of an established IdP federation like REFED preferable –GGUS must become a Service Provider –GGUS service metadata to be distributed to IDPs of the federation and IDP metadata to be imported by GGUS –REFED can coexist with authentication of users with X.509 certificate who are not members of a federated IDP –E.g. of implementation: Portal of NGI_IT GGUS user authentication5

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.