Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

Slides:



Advertisements
Similar presentations
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Advertisements

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI GGUS user authentication Tiziana Ferrari/EGI.eu Peter Solagna/EGI.eu
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group Summary EGI TF David Kelsey 6/28/
Federated A(A(A))I Jens Jensen hepsysman, RAL,
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
SICSA student induction day, 2009Slide 1 Social Simulation Tutorial Session 6: Introduction to grids and cloud computing International Symposium on Grid.
EGI: A European Distributed Computing Infrastructure Steven Newhouse Interim EGI.eu Director.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group EGI Technical Forum Sep 2010 David Kelsey.
EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE EGI services for the long tail of science Peter Solagna Senior Operations.
What is EGI? The European Grid Infrastructure enables access to computing resources for European scientists from all fields of science, from Physics to.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
EGI-InSPIRE RI EGI-InSPIRE RI European Grid Infrastructure: status and services for users 04/11/ Gergely Sipos.
EGI: SA1 Operations John Gordon EGEE09 Barcelona September 2009.
EGI-InSPIRE Steven Newhouse Interim EGI.eu Director EGI-InSPIRE Project Director.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.
EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Future Plans T. Ferrari/EGI.eu 1.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Vision for European DCIs Steven Newhouse Project Director, EGI-InSPIRE 15/09/2010.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
RI EGI-InSPIRE RI EGI Future activities Peter Solagna – EGI.eu.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Bob Jones EGEE project director CERN.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
EGEE-III-INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE-III All Activity Meeting Brussels,
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.
EGI-InSPIRE Steven Newhouse Interim EGI.eu Director EGI-InSPIRE Project Director Technical Director EGEE-III 1GDB - December 2009.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI and MeDIA Steven Newhouse EGI.eu MeDIA - April
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI strategy and Grand Vision Ludek Matyska EGI Council Chair EGI InSPIRE.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Plans for PY2 Steven Newhouse Project Director, EGI.eu 30/05/2011 Future.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI VOMS Proxy Lifetime UCB 21 Aug 2012 David Kelsey STFC.
European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI UMD Roadmap Steven Newhouse 14/09/2010.
EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE 1 EGI Governance Model Yannick Legré Director, EGI.eu
EGI-InSPIRE RI SPG Tasks for Year 2011 Jan 2011 Kelsey/Security Policy Group1.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Technology Sustainability Discussion Points DCI Sustainability Meeting.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Steven Newhouse Director EGI.eu Project.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Reflections on the first year of EGI & EGI-InSPIRE Steven Newhouse Project.
EGI-Engage EGI Webinar - Introduction - Gergely Sipos EGI.eu / MTA SZTAKI 6/26/
EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF & EUGridPMA status update SHA-2 – and more (David Groep,
EGI-InSPIRE EGI-InSPIRE RI The European Grid Infrastructure Steven Newhouse Director, EGI.eu Project Director, EGI-InSPIRE 29/06/2016CoreGrid.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI A pan-European Research Infrastructure supporting the digital European Research.
EGI-InSPIRE RI EGI Compute and Data Services for Open Access in H2020 Tiziana Ferrari Technical Director, EGI.eu
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI John Gordon EGI Virtualisation and Cloud Workshop Amsterdam 12 th May 2011.
EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE Software provisioning and HTC Solution Peter Solagna Senior Operations Manager.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Sustainability & Business Models Sergio Andreozzi EGI.eu Policy Development.
EGI-InSPIRE RI An Introduction to European Grid Infrastructure (EGI) March An Introduction to the European Grid Infrastructure.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI solution for high throughput data analysis Peter Solagna EGI.eu Operations.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Role and Challenges of the Resource Centre in the EGI Ecosystem Tiziana Ferrari,
Security in the wider world David Kelsey (STFC-RAL) GridPP37 – Ambleside 2 Sep 2016.
EGI Updates Check-in Matthew Viljoen – EGI Foundation
Linked Challenges Virtualisation has a key role to play….
Connecting the European Grid Infrastructure to Research Communities
The New Virtual Organization Membership Service (VOMS)
EGI Webinar - Introduction -
HIMSS National Conference New Orleans Convention Center
David Kelsey (STFC-RAL)
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity Workshop1

EGI-InSPIRE RI C21: Digital Research Federated Identity Workshop Extracting Knowledge from the Data Deluge 2

EGI-InSPIRE RI European Grid Infrastructure (April 2011 and yearly increase) Federated Identity Workshop3 Logical CPUs (cores ) 239,840 EGI (+24.9%) 338,895 All 102 PB disk and 89 PB tape Resource Centres 338 EGI 345 All (+6.8 %) 96 supporting MPI (+6.8%) Countries (+11.5%) 51 EGI 57 All (+18.75) 38 NGIs providing resources 22 National Operations Centres 16 NGIs in 5 Federated Operations Centres 1 EIRO providing resources 18 countries in 4 non-European Operations Centres

EGI-InSPIRE RI Conflicting Issues Federated Pan-European Infrastructure –Need to deal with local laws & processes –Complex as part of a global collaboration  Resource access needs to managed Support multi-disciplinary user communities –Each community has different operating models –Different levels of technology expertise & use  Resource access tuned to the community Federated Identity Workshop4

EGI-InSPIRE RI Key Points Authentication token needs to be trusted –Requires auditable procedures to give value e.g. X.509 CA in the EUGridPMA & IGTF Attributes need to be trusted –Based on the individual, e.g. staff/student –Based on their community e.g. VO membership VOMS Authorisation separated from authentication –Performed locally for each service, e.g. ARGUS Agreed common policies underpin technology Federated Identity Workshop5

EGI-InSPIRE RI Non-Proliferation Issue Major concern for the EGI Council –Local interpretation of international laws –Compliance needs to be demonstrated Need: Nationality Attribute –No attribute  may mean no access Federated Identity Workshop6

EGI-InSPIRE RI Future Challenges Virtualisation changes the relationships Multiple trust relationships Multiple trust levels Site Virtual Machine Management Virtual Machine Virtual Machine Service Virtual Machine Virtual Machine Service Virtual Machine Virtual Machine Service Virtual Machine Virtual Machine Service Trust Relationship Sandboxed site access Multiple sources Multiple communities Federated Identity Workshop7

EGI-InSPIRE RI Implementation Global interoperability is essential –e.g. X.509, Kerberos, SAML, … Link quality of attribute to authorisation –e.g. photo ID linked to IGTF X.509 certificate –e.g. verified address linked to login Ease of use critical to wider adoption –e.g. short-lived certificate servers, security token servers  Convert ‘normal’ ID tokens to ‘Grid’ tokens Federated Identity Workshop8

EGI-InSPIRE RI Conclusions Virtualisation changes the game –Can separate management from use Security of the whole infrastructure critical –Traceability across different tokens key Need solutions with global scope –Either deployment or interoperability Contact: Federated Identity Workshop9