TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

Slides:

Advertisements

Similar presentations

Universal Electronic Signatures Tarvi Martens ESTONIA.

Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Nigel Titley. RIPE 54, 9 May 2007, Tallinn, Estonia. 1 RIPE NCC Certification Task Force Update Presented by Nigel Titley RIPE NCC.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

Lecture 23 Internet Authentication Applications

Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

The EC PERMIS Project David Chadwick

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

TERENA News Update TERENA User Services related Activity IETF50, Minneapolis IETF User Services WG Yuri Demchenko, TERENA

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.

CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.

TechSec WG: Related activities overview and Fonkey Project update TechSec WG, RIPE-46 September 3, 2003 Yuri Demchenko.

Donkey Project Technologies and Target applications March 6, 2003, Vrije Universiteit Yuri Demchenko.

IODEF Design principles and IODEF Data Model Overview IODEF Data Model and XML DTD pre-draft Version 0.03 TERENA IODEF WG Yuri Demchenko.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Incident Object Description and Exchange Format TF-CSIRT at TERENA IODEF Editorial Group Jimmy Arvidsson Andrew Cormack Yuri Demchenko Jan Meijer.

TERENA News Update TERENA User Services related Activity IETF49, San Diego IETF User Services WG Yuri Demchenko, TERENA

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005

Certificate revocation list

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

SAML 2.0: Federation Models, Use-Cases and Standards Roadmap

Incident Object Description and Exchange Format

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March Electronic Signature infrastructure for Europe Riccardo Genghini Cen/Isss.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

SAML in Authorization Policies draft-guenther-geopriv-saml-policy-00.

Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

White paper overview 2 nd eIRG meeting April, 16 th 2004 Fotis Karayannis, Editor GRNET - Greek Research & Technology Network

Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.

TERENA update Karel Vietsch TERENA CEO Internet2 Fall Meeting, Atlanta 30 October 2000.

GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.

Fonkey Project Update: Target Applications TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

NRENs, Grids and Integrated AAI In Search For the Utopian Solution Christos Kanellopoulos AUTH/GRNET October 17 th, 2005 skanct at physics.auth.gr 2nd.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Rob Blokzijl. RIPE 61 Rome, November RIPE Réseaux IP Européens Rob Blokzijl RIPE Chairman

Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL

Wed 24 Mar 2010SIDR IETF 77 Anaheim, CA1 SIDR Working Group IETF 77 Anaheim, CA Wednesday, Mar 24, 2010.

Programme ›TERENA ›Overview of the middleware initiatives in the European Higher Education ›What is eduroam: the technology and how to set up eduroam ›eduroam-in-a-box:

8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

European collaboration on research networking development update on TERENA activities Karel Vietsch TERENA CEO Spring 2002 Internet2 Member Meeting Arlington.

TNC 2004 – Rhodes (Greece) On a Taxonomy of Authentication and Authorization Solutions (Exploring open problems) José A. Montenegro Javier López Rolf Oppliger.

10/08/20041 © 2004 Pete Palmer Federated Identity Management and Regional Health Information Organizations Pete Palmer, Principal Security Analyst, Guidant.

© 2008 Open Grid Forum PGI - Information Security in the UNICORE Grid Middleware Morris Riedel (FZJ – Jülich Supercomputing Centre & DEISA) PGI Co-Chair.

HMA Identity Management Status

Tim Bornholtz Director of Technology Services

ITU-T Study Group 17 Security

Presentation transcript:

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko

May 14, RIPE-45, Barcelona TechSec WG: Related activity overview Slide _2 Outline  TechSec WG liaison with CSIRT community u Results and developments in CSIRT community  Other possible areas of interest u PKI and AuthN/AuthZ developments  Discussion: Interest from RIPE community and possible forms

May 14, RIPE-45, Barcelona TechSec WG: Related activity overview Slide _3 Developments in CSIRT community  TF-CSIRT – Task Force for Computer Security Incident Response Team Coordination for Europe -  TI – Trusted Introducer Service -  Training for new CSIRT members – TRANSITS project u Next training course – May 2003  CHIHT - Clearinghouse of Incident Handling Tools -  BCP working group to assist new CSIRTs with focus for East European countries u Mailing list archive -  Prospects for closer cooperation - TF-CSIRT meetings: u May, 2003 Warsaw u September, 2003 Amsterdam

May 14, RIPE-45, Barcelona TechSec WG: Related activity overview Slide _4 IETF INCH WG (INCident Handling) INCH WG - Status and recent developments  Requirements for Format for INcident Report Exchange (FINE) u To be updated before IETF-57  The Incident Data Exchange Format Data Model and XML Implementation Document Type Definition  Planned implementation u CERT/CC AIRCERT project - u eCSIRT Project - u Interest from AP region, GRID community (EEGE Project)

May 14, RIPE-45, Barcelona TechSec WG: Related activity overview Slide _5 Registry services for CSIRTs  Trusted Introducer for CSIRTs u Formal procedure of accreditation u Special information services for members, i.e. maintained trust relations u Accredited teams – more than 30 (NRENs, Com, Gov) u Not limited by region and type of CSIRT  FIRST ( Forum for Incident Response Security Teams) u More than 120 teams u No formal procedure, no accreditation, no maintained trust relations  IRT Object in RIPE NCC database

May 14, RIPE-45, Barcelona TechSec WG: Related activity overview Slide _6 IRT Object in RIPE NCC database  Initiative by TF-CSIRT and RIPE NCC – two years project u RIPE NCC document ripe  Purpose to allow search for IRT/CSIRT responsible for specific IP address space u Prospectively by automatic tools  Registration procedure: u Individual CSIRTs via ISP/LIR or u by Trusted Introducer Service, also considerably by FIRST  Number of IRT objects created – total 16 u By TI maintainer – 9 u By ISP/CSIRT - 7

May 14, RIPE-45, Barcelona TechSec WG: Related activity overview Slide _7 PKI related development by IETF, ETSI and others  X.509 PKI is a basic technology for trusted secure communications, protocols and services  IETF PKIX WG - Public-Key Infrastructure (X.509) u Profiles and Identitfies: PK Certificate, Qualified Cert, Attribute Cert for AuthZ/PMI, Proxy Certificate, etc. u Using LDAP for PKI u Protocols and services for PKI management, e.g. CVP (Certificate Validation Protocol), OCSP (Online Certificate Status Protocol), Timestamping, etc.  European Electronic Signature Standardisation Initiative (EESSI) by ETSI - u Number of practical documents are published, e.g. “ETSI TR Requirements for role and attribute certificates -  Next joint meeting between IETF PKIX and EESSI at IETF57 in Vienna

May 14, RIPE-45, Barcelona TechSec WG: Related activity overview Slide _8 PKI and AuthN/AuthZ (AA) services  PKI also creates a basis for AuthN/AuthZ services and Identity management u They are intending to become “killer”-applications for PKI  IETF Standards u An Internet Attribute Certificate Profile for Authorization (RFC 3281) – defines AC for X.509 role-based Privilege Management Infrastructure (PMI) u RFC2902-RFC2906 – Authentication, Authorisation, Accounting Framework – mostly oriented for mobile communications  ITU-T Rec. X.812(1995) | ISO/IEC :1996, Information technology - Open systems interconnection - Security frameworks in open systems: Access control framework  OASIS developments u SAML (Security Assertion Markup Language) u XACML (eXtensible Access Control Markup Language) u Web Services Security (actually SOAP Security)

May 14, RIPE-45, Barcelona TechSec WG: Related activity overview Slide _9 Existing OpenSource solutions for AA and PMI  PERMIS (PrivilEge and Role Management Infrastructure Standards Validation Project) -  SPOCP (Simple POlicy Control Protocol) -  Internet2 PubCookie/WebISO -  Shibboleth AuthZ Service -  A-Select (AuthN and SSO) -

May 14, RIPE-45, Barcelona TechSec WG: Related activity overview Slide _10 Liberty Alliance Project (LAP) and Network Identity Liberty is a set of protocols that collectively provide a solution for identity federation management, cross-domain authentication, and session management.  New set of LAP specifications Version 1.1 was published in April u Using SAML and Web Services technology  The Liberty architecture contains three actors: Principal, Identity provider, and Service provider u Circles of trust are initiated and controlled by user/principal

May 14, RIPE-45, Barcelona TechSec WG: Related activity overview Slide _11 Liberty Identity and Protocol Liberty protocol provides federation of Principal’s identity between the Identity provider and the Service provider.  Principal is authenticated to the Identity provider  Identity provider provides an authentication assertion to the Principal  Principal can present the assertion to the Service provider  Principal is then also authenticated to the Service provider if the Service provider trusts the assertion.  An identity federation is said to exist between an Identity provider and a Service provider when the Service provider accepts authentication assertions regarding a particular Principal from the Identity provider

May 14, RIPE-45, Barcelona TechSec WG: Related activity overview Slide _12 Discussion – Interest from RIPE community  Provide information on PKI and AA/Identity development u Including BCP and Use cases  Provide training courses – in support of the proposed RIPE NCC PKI based Secure service model u PKI basics u Setup own Certification Authority u Using PKI for Authentication and Authorisation  Any other suggestions?