Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.

Slides:



Advertisements
Similar presentations
© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.
Advertisements

Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
GGF16, Athens AuthZ Interoperability Here and Now Workshop, 16 Feb 2006.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group Summary EGI TF David Kelsey 6/28/
Federated A(A(A))I Jens Jensen hepsysman, RAL,
Grid Trust Fabric TNC 2006, Catania 16 May 2006 David Kelsey CCLRC/RAL, UK
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group EGI Technical Forum Sep 2010 David Kelsey.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.
JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
TERENA TF-EMC2 Workshop David Groep,
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
Updates from the EUGridPMA David Groep, July 16 st, 2007.
Andrew McNab - GGF Authz - 16 Dec 2003 GGF Authorization work Andrew McNab, University of Manchester
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.
Security Policy Update LCG GDB Prague, 4 Apr 2007 David Kelsey CCLRC/RAL
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK
JRA Execution Plan 13 January JRA1 Execution Plan Frédéric Hemmer EGEE Middleware Manager EGEE is proposed as a project funded by the European.
INFSO-RI Enabling Grids for E-sciencE External Projects Integration Summary – Trigger for Open Discussion Fotis Karayannis, Joanne.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Linda Cornwall CCLRC (RAL) FP6 Security workshop.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
INFSO-RI Enabling Grids for E-sciencE EGEE SA1 in EGEE-II – Overview Ian Bird IT Department CERN, Switzerland EGEE.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Dr Linda Cornwall CCLRC (RAL) FP6 Security workshop.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
David Groep Nikhef Amsterdam PDP & Grid Some Comments on “Problem description for non-proliferation issues in Grids” Joint Security Policy Group 7 December.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.
NRENs, Grids and Integrated AAI In Search For the Utopian Solution Christos Kanellopoulos AUTH/GRNET October 17 th, 2005 skanct at physics.auth.gr 2nd.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
WLCG Laura Perini1 EGI Operation Scenarios Introduction to panel discussion.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE and JSPG activities David Kelsey CCLRC/RAL.
VOMS Attribute Authorities Michael Helm ESnet/LBNL 23 Feb 2007.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
18-May-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) Barcelona 18 May 2004 David Kelsey CCLRC/RAL, UK
Security Policy Update WLCG GDB CERN, 8 Dec 2010 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk.
Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable.
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
TACAR Updates version David Groep, NIKHEF. 9 th EUGridPMA ‘RAL’ meeting – Jan David Groep – TACAR Aims  Trusted and.
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
LCG Pilot Jobs + glexec John Gordon, STFC-RAL GDB 7 December 2007.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI VOMS Proxy Lifetime UCB 21 Aug 2012 David Kelsey STFC.
Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,
Grid Security Policy: EGEE to EGI David Kelsey (RAL) 16 Sep 2009 JSPG meeting, DFN Berlin david.kelsey at stfc.ac.uk.
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.
Security Policy Update WLCG GDB CERN, 11 June 2008 David Kelsey STFC/RAL
LCG Security Status and Issues
Ian Bird GDB Meeting CERN 9 September 2003
David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016
David Kelsey (STFC-RAL)
Presentation transcript:

Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008

27 May 08EU Grid PMA, Kelsey2 Mandate EUGridPMA Working Group on Policy Management for Grid Authorisation –Mandate and aims To prepare recommendations on policy and global trust issues related to Grid Authorisation (AuthZ) The initial list of issues will include: –Minimum requirements and best practice for the operation of a Grid AuthZ attribute authority –Minimum requirements and best practice for Virtual Organisation user and service membership management –Accreditation of Attribute Authorities (AA) –Accreditation of Virtual Organisations and their membership management procedures

Mandate (2) –Repositories and distribution of accredited AA roots of trust –Technical details of attribute signing and trust validation To recommend how IGTF could handle the definition of AuthZ policy and related accreditation during the next 3 to 5 years, taking into account the move towards a sustainable EU Grid Infrastructure and constituent national Grids 27 May 08EU Grid PMA, Kelsey3

Mailing list members M Altunay J Basney V Ciaschini R Cowles G Garzoglio D Groep M Helm E Imamagic J Jensen C Kanellopoulos D Kelsey O Koeroo D Kouril A McNab D O’Callaghan M Sova Y Tanaka C Triantafyllidis W Weisz J Wolfrat 27 May 08EU Grid PMA, Kelsey4

Discussion on mandate Several suggestions received First mandate for this WG should be to set up a list of all known AuthZ tools for the Grid environment available and in development –To determine actual and near future best practice Especially it should help to discern advantages and disadvantages of SAML assertions versus Attribute certificates versus attributes directly included in proxy certificates. This could guide us in the more theoretical aspects of the WG work. 27 May 08EU Grid PMA, Kelsey5

Discussion (2) Policy implications for VOs and VO service providers are essentially the same whatever signing and attribute/assertion technology is used Perhaps there is scope for an AAOPS in OGF? –need for implementations that work, as opposed to blue sky protocol design 27 May 08EU Grid PMA, Kelsey6

Discussion (3) I agree that we may start with working on VOMS; however, staying implementation- independent, as much as possible, would help us in the long run How LoA of the underlying AuC assertions affect what AuZ can do –This leads to a sort of risk assessment framework –If I have a precious resource, I need high quality AuC assertions underneath it. 27 May 08EU Grid PMA, Kelsey7

Policy models Attribute Authority Service Profile –Based on VOMS Can we make it technology independent? –This should be written VO procedures –JSPG working on two documents VO Registration Policy VO Membership Management Policy –Probably don’t need another one! 27 May 08EU Grid PMA, Kelsey8

Scaling issues Today in EGEE –~200 VOs (mix of global, international, regional, national, local) –# VOMS servers (how many?) Need to quantify Future EGI/NGI world –~35 to 40 Grids in Europe EU Grid PMA –Accredits ~2 per meeting and reviews ~4 27 May 08EU Grid PMA, Kelsey9

Accreditation Options –Existing IGTF PMAs –Form new AuthZ PMAs –Large Grids (EGEE, OSG etc) –NGIs –Or mix of some/all of these 27 May 08EU Grid PMA, Kelsey10

Accreditation (2) My personal preferences (not discussed yet) IGTF defines the standards Others do accreditation –With IGTF members –Important to have feedback into standards Large Grids or Coordination (call it EGI) –Accredit Global VOs –And run AA services for them Accredited by IGTF 27 May 08EU Grid PMA, Kelsey11

Accreditation (3) Every VO should have a home Grid –Runs the AA services NGI AA service is accredited by IGTF or EGI –Accredits the VO procedures Bootstrap –Prepare draft profiles (AA and VO) –Accredit a small number of global VOs –Feedback and improve profiles 27 May 08EU Grid PMA, Kelsey12

AC validation Document from OSG Attribute Certificate Validation in OSG –Mike H to say more? 27 May 08EU Grid PMA, Kelsey13

Meetings and plans Work should start on the draft AA profile –Needs a small team –Then wider discussion I propose to hold a workshop –Early autumn –EGEE’08? –Joint with EU Grid PMA Lisbon meeting? 27 May 08EU Grid PMA, Kelsey14

Discussion 27 May 08EU Grid PMA, Kelsey15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.