Password?. Project CLASP: Common Login and Access rights across Services Plan

Slides:



Advertisements
Similar presentations
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Advertisements

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.
Access Control Chapter 3 Part 3 Pages 209 to 227.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
HEP Data Sharing … … and Web Storage services Alberto Pace Information Technology Division.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.
Lecture 23 Internet Authentication Applications
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Password?. Project CLASP: Common Login and Access rights across Services Plan
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Active Directory: Final Solution to Enterprise System Integration
Password? CLASP Phase 2: Revised Proposal C5 Meeting, 16 February 2001 Denise Heagerty, IT/IS.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
Secure Off Site Backup at CERN Katrine Aam Svendsen.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Update and Discussions on Technology Initiatives TSAG Meeting 4/11/02.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Virtual Private Network
Public Key Infrastructure from the Most Trusted Name in e-Security.
Smart Card Single Sign On with Access Gateway Enterprise Edition
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
Welcome to HEPNT Gian Piero Siroli, Physics Dept., Univ. of Bologna LAL, HEPiX-HEPNT 2001.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
KX509: Leveraging Kerberos to Obtain Digital Certificates for Web Client Authentication University of Michigan Kevin Coffman Bill Doster.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Windows NT ® Single Sign On Cross Platform Applications (Part II) John Brezak Program Manager Windows NT Security Microsoft Corporation.
Module 9: Fundamentals of Securing Network Communication.
Scaling NT To The Campus Integrating NT into the MIT Computing Environment Danilo Almeida, MIT.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
PKI Activities at Virginia September 2000 Jim Jokl
Password? CLASP Project FOCUS Meeting, 12 October 2000 Denise Heagerty, IT/IS.
Single Sign-On across Web Services Ernest Artiaga CERN - OpenLab Security Workshop – April 2004.
File sharing requirements of remote users G. Bagliesi INFN - Pisa EP Forum on File Sharing 18/6/2001.
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content:  Seek feedback on.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Carnegie Mellon Computing Services 2/15/2001 v1.2DRAFT1 Systems Development Joseph Jackson Walter Wong.
Advanced Authentication Campus-Booster ID: Copyright © SUPINFO. All rights reserved Kerberos.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
Password? CLASP Phase 2: Revised Proposal FOCUS, 3 May 2001 Denise Heagerty, IT/IS.
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Project CLASP: Common Login and Access rights across Services Plan Goal  Propose a detailed plan to reduce the number of login/passwords entered by users.
Basharat Institute of Higher Education
Secure Connected Infrastructure
Data and Applications Security Developments and Directions
Module 8: Securing Network Traffic by Using IPSec and Certificates
Goals Introduce the Windows Server 2003 family of operating systems
Management of users at UNIL
Public Key Infrastructure from the Most Trusted Name in e-Security
CLASP Project AAI Workshop, Nov 2000 Denise Heagerty, CERN
Presentation transcript:

Password?

Project CLASP: Common Login and Access rights across Services Plan

Outline  What is CLASP? - Project Goal  Why launch this project now?  What is included? - Project Scope  Project Status Service Survey & Feasibility Study  Technology Kerberos, LDAP, PKI, Certificates  Summary

 Propose a detailed plan to reduce the number of login/passwords entered by users to access services they are authorised to use Goal “Single Sign On” Access Control +

Why launch this project now?  The number of login/passwords has become a frustration for the user community  The number of services continues to grow  Initiatives towards a common login id and password synchronisation are in progress  Windows 2000 and Linux 2000 provide an opportunity for further improvement  Technologies such as Kerberos v5, PKI, Certificates & LDAP are becoming mature  Can we have a common solution across services?

Project Scope  Address computing services offered by at least IT and AS Divisions  Normal user access from in or outside CERN  Target W2000 and Linux for web, mail, telnet, X and file access  Focus on a common solution, even if it does not cover all services today  Not a “security project”- but elimination of clear-text passwords is desirable

The final proposal will include:  A proposed common authentication and authorisation mechanism  A plan for introducing the mechanism  A list of services covered  Recommendations for services not covered  An opt-out mechanism for special cases  Security levels achievable, including a password (check & change) policy  An assessment of the impact on users and service providers both at CERN and other sites

Project Status Project Mandate (Dec 1999):  Goal, Background, Purpose, Scope, Phases Phase 1 (Jan - Apr 2000):  Service Survey and Feasibility Study what do we have now and what is possible for the future Phase 2 (from May 200):  Final Proposal and Detailed Plan Phase 1 will define the steps required for Phase 2

Kerberos  A network authentication protocol created by MIT, based on encrypted tickets  Kerberos v5 has better security and cross- realm authentication than previous versions  Kerberos v5 is in W2000, Solaris 8, and the public domain (e.g. for Linux) integration with AFS (Kerberos v4) is possible  Not all applications offer a Kerberos interface, but its popularity is growing GSS-API allows Kerberos authentication  FNAL’s “Strong Authentication Project” is based on Kerberos v5

LDAP  LDAP = Lightweight Directory Access Protocol  Applications can authenticate using passwords on LDAP servers tested for imap and http(s) protocols  X.509 certificates used for authentication are stored in LDAP servers  Authorisation groups can be stored on LDAP servers tested for web page access

PKI and Certificates  PKI = Public Key Infrastructure  Electronic keys are stored in certificates  Authentication on the scale of the Internet Based on public and private keys used for encryption Public keys are accessible to the Internet  Current use is still quite limited certificates are used for encryption in e-commerce Eurocard (SET) uses PKI to authenticate who a person really is PKI is used for web based GRID applications - being evaluated for LHC wide area computing

Summary  CLASP will propose a plan for common login and access rights across CERN services focus on W2000 an Linux platforms for general use (e.g. web, mail, file access, telnet, X) acceptance by service managers and user community  Cross-platform technology for authentication and access control is maturing native Kerberos in W2000 and UNIX platforms advances in e-commerce (certificates, smart cards) LDAP servers used for passwords and access groups  Service survey and feasibility study are in progress in collaboration with CERN “service providers”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.