A Grid certificate in 5 minutes large scale federated automated issuing of grid certificates Jan MeijerEGEE’09 21-25 Sept 2009 Barcelona.

Slides:

Advertisements

Similar presentations

Joining eduroam Wireless Roaming for Education and Research.

Advertisements

Introduction of Grid Security

Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TERENA: European Collaboration in Research and Education Networking Belarus-Poland NREN Cross Border Link Inauguration Event Minsk, Belarus,

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.

National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.

EU NREN PKI Jan MeijerAARnet PKI / Access Federations Strategy Workshop 10 February 2010 Sydney.

Webinar “Operating the TCS shared portals” for NREN admins TCS shared portal project a/TCS_Portal_project Jan Meijer.

Connect communicate collaborate Campus Best Practices Gunnar Bøe, Section Manager, Campus Networks and Systems, UNINETT Skopje, 15 Sept

Middleware challenges to service providers, the Nordic view TERENA, Ingrid Melve, UNINETT.

European Life Sciences Infrastructure for Biological Information ELIXIR

EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE EGI services for the long tail of science Peter Solagna Senior Operations.

TERENA Certificate Service (TCS) 9 June Slide 2 › Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘ pop-up.

Community Services WI TF-EMC2 VC Meeting 29 June, 2011 Licia Florio

John Dyer Business & Technology Strategist TERENA 10 February 2014 TF-MSP Meeting ACOnet, Vienna Aggregation of Demand Collaborative.

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

Networks ∙ Services ∙ People David Groep TCS TNC2015 Workshop TCS SAML demo background June 16, 2015 TCS PMA.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005

EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,

TERENA TF-EMC2 Workshop David Groep,

Updates from the EUGridPMA David Groep, July 16 st, 2007.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

09/02 ID099-1 September 9, 2002Grid Technology Panel Patrick Dreher Technical Panel Discussion: Progress in Developing a Web Services Data Analysis Grid.

KFKI RMKI CA Review EUGridPMA May 26-28, Copenhagen Szabolcs Hernáth MTA KFKI RMKI pki.kfki.hu.

Claudio Allocchio TERENA Technical Programme - Update General Assembly, 21 October 2005, Budapest 1 TERENA Technical Programme Update Claudio Allocchio.

David Groep Nikhef Amsterdam PDP & Grid TERENA Certificate Service Certificates4All! David Groep standing in for Licia Florio, TERENA, using material from.

Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

SSL Certificates for Secure Websites Dan Roberts Kent Network Users Group Wednesday, 17 March 2004.

Discussions on the Life Ray Portal and credential management David Groep, Oct 11 th, 2011.

EGI-InSPIRE Steven Newhouse Interim EGI.eu Director EGI-InSPIRE Project Director Technical Director EGEE-III 1GDB - December 2009.

NRENs, Grids and Integrated AAI In Search For the Utopian Solution Christos Kanellopoulos AUTH/GRNET October 17 th, 2005 skanct at physics.auth.gr 2nd.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL

Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA

EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

© Copyright AARNet Pty Ltd PRAGMA Update & some personal observations James Sankar Network Engineer - Middleware.

VOMS Attribute Authorities Michael Helm ESnet/LBNL 23 Feb 2007.

JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

Grid Security Update David Kelsey (RAL) HEPiX, LBNL 28 Oct 2009.

Storage, an infrastructure component TERENA storage collaboration meeting Amsterdam, Jan Meijer uninett.no.

European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.

NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting Nicosia Tamás Máray NIIF Institute.

OSG Security: Updates on OSG CA & Federated Identities Mine Altunay, PhD OSG Security Team OSG AHM March 24, 2015.

TERENA Certificate Service (TCS) 2 August Slide 2 ›TCS is a competitively tendered bulk-buy contract between TERENA and Comodo Limited on behalf.

Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.

2007© SWITCH SWITCHslcs the new AAI-based short-lived credential service for Grid users C.Witzig Swiss Grid Day, Berne, May 7, 2007.

CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland.

J. Templon Nikhef Amsterdam Physics Data Processing Group Large Scale Computing Jeff Templon Nikhef Jamboree, Utrecht, 10 december 2012.

29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.

TERENA Certificate Service (TCS) September SCS,TCS,TCS-II – the ten year road to simple unlimited certificates › Back in 2004 many NRENs had set-up.

Accessing the VI-SEEM infrastructure

JRA3 Introduction Åke Edlund EGEE Security Head

AEGIS Certification Authority

HellasGrid CA & euGridPMA

Patrick Dreher Research Scientist & Associate Director

Brian Gilmore University of Edinburgh

Presentation transcript:

a Grid certificate in 5 minutes large scale federated automated issuing of grid certificates Jan MeijerEGEE’ Sept 2009 Barcelona

me : SURFnet – CERT, security, PKI, systems engineering, e-voting 2007-now: UNINETT – service development, storage, PKI

collaborative service the true story of developing a sustainable scalable pan-European service

Problem 1 Norwegian Grid, HPC, Data Storage Norwegian authentication infrastructure (AAI) ?

Problem 2 eScience Gridauthentication = x.509 certificates

Traditional certificate issuing

Manual identity vetting annoying for the user annoying for the service provider

your identity has been vetted!

Solution: reuse and automate

not new: SLCS/MICS

establish the service 1.Certificate issuing backend 2.Web portal front end 3.EuGridPMA accreditation

EUgridPMA accreditation?

establish service = people hours + $$

Automation scales: share the cost!

use technology an online automated CA can handle s of requests AAI Federations

TERENA Certificate Service combined acquisition of certificates operational since March 2006 current provider: Comodo

TERENA Certificate Service by NRENs for NRENs

SCS Numbers Participating NRENs18 (3 recent) Certificates issued19,400 Participating organisations 2,225 Proxies3,800 Apr 2006 – Aug 2008

TCS TERENA SSL CA: Server certificates TERENA eScience SSL CA TERENA Code Signing CA TERENA Personal CA TERENA eScience Personal CA

TCS Participating NRENs CountryMember org.ServerCode SigningPersonal AustriaACOnetXXX BelgiumBELNETXXX CroatiaCARnetX Czech RepublicCESNETXX DenmarkUNI-CX FranceRENATERXX GreeceGRNETXX HungaryHUNGARNETX IrelandHEAnetXX ItalyGARRX LithuaniaLITNETXX MaltaUoMX NetherlandsSURFnetXXX NorwayUNINETTXXX PolandPSNCXXX PortugalFCCNX SloveniaARNESX SpainRedIRISXXX SwedenSUNETXXX UKJANETX 20712

TERENA eScience Personal CA

Delegated Responsibilities

Governance Service responsible: TERENA delivers on behalf of participating NRENs Important decisions: SCS-Rep per NREN Day-to-day: TCS PMA Kent Engström, Jan Meijer, Kevin Meynell, Teun Nijssen, Milan Sova

steps to production EUgridPMA accreditation: – formal start in Oct 2009 Portal software development: – production ready in Sept 2009 Shared portal (.cz,.fi,.nl,.no,.se) – production Oct 2009 Service operational: – Nov 2009

a story of smooth collaboration UNINETT/Sigma coordinates NGIs, NRENs and AAI Federations of Czech Republic, Denmark, Finland, Netherlands, Norway, Sweden TERENA, NDGF, all TCS NRENs and countless others....

Funding development: – UNINETT/Sigma, TERENA, NDGF, other participants operations: – NRENs

soon your grid certificate in 5 minutes through an NREN near you jan.meijer uninett.no