1/11/2000LDAP Status Report - HEPix - JLab 2000 LDAP Status Report Michel Jouvin LAL / IN2P3

Slides:

Advertisements

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

HEPiX Meeting Wrap Up Fall 2000 JLab. Meeting Highlights Monitoring –Several projects underway –Collaboration of ideas occurred –Communication earlier.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

LAL Site Report Michel Jouvin LAL / IN2P3

Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.

Password?. Project CLASP: Common Login and Access rights across Services Plan

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

Password?. Project CLASP: Common Login and Access rights across Services Plan

Active Directory: Final Solution to Enterprise System Integration

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Password? CLASP Phase 2: Revised Proposal C5 Meeting, 16 February 2001 Denise Heagerty, IT/IS.

INFN Grid Information Services G. Lo Biondo INFN Milano (presented by F. Prelz)

Understanding Active Directory

1 30 September 1999 Concepts A directory is a hierarchical, searchable database for relatively stable data - Information about users and other global entities.

WSU A Symphony in Four Movements. A Century of Controlled Flight.

HEPIX - October 1999 IN2P3 LDAP Services Jamet Hélène IN2P3 Computing Center (LYON)

INFN experience with Globus GIS A. Cavalli - F. Semeria INFN Grid Information Services workshop CERN, March 2001.

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

PKI To The Masses IPCCC 2004 Dan Massey USC/ISI. 1 March PKI Is Necessary l My PKI related actions since arriving at IPCCC n Used an.

Why Interchange?. What is Interchange? Interchange Capabilities: Offers complete replacement of CommBridge point-to-point solution with a hub and spoke.

31/10/2000NT Domain - AD Migration - JLab 2000 NT DOMAIN - ACTIVE DIRECTORY MIGRATION Michel Jouvin LAL Orsay

HEPiX Orsay 27 th April 2001 Alan Silverman HEPiX Large Cluster SIG Report Alan Silverman 27 th April 2001 HEPiX 2001, Orsay.

Users’ Authentication in the VRVS System David Collados California Institute of Technology November 20th, 2003TERENA - Authentication & Authorization.

23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

10-Nov-00D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL rl.ac.uk 10 November 2000, CERN (

LAL Site Report Michel Jouvin LAL / IN2P3

Configuring Directory Certificate Services Lesson 13.

CERN IT/IA/MI HEPiX RAL 99 14th April CERN Messaging Infrastructure Status and next steps Arnaud Taddei HEPiX RAL April 1999.

Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers

Module 9: Fundamentals of Securing Network Communication.

Adventures in Authentication Ian Upton. Introduction the BUILDER model our authentication needs LDAP / NDS Talis conclusions.

8-Jul-00D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL rl.ac.uk 8 July 2000, SLAC (

30/10/2000 Software Installation and Maintenance at LAL - JLab 2000 Software Installation and Maintenance at LAL Michel Jouvin LAL, Orsay

16-Jun-01D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL rl.ac.uk 16 June 2001, CNAF/INFN/Bologna (

ESnet PKI Developed for the DOE Science Grid and SciDAC.

LAL Site Report Michel Jouvin LAL / IN2P3

LAL Site Report Michel Jouvin LAL / IN2P3

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

17-Mar-00D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL rl.ac.uk 17 March 2000, CERN (

3-Nov-00D.P.Kelsey, HEPiX, JLAB1 Certificates for DataGRID David Kelsey CLRC/RAL, UK

Password? CLASP Project FOCUS Meeting, 12 October 2000 Denise Heagerty, IT/IS.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

The HEP White Pages Project Ray Jackson CERN / IT - Internet Services Group 23rd April HEPiX/HEPNT Conference, LAL-Orsay, France.

26/4/2001LAL Site Report - HEPix - LAL 2001 LAL Site Report HEPix – LAL Apr Michel Jouvin

CERN Print Manager Michel Jouvin LAL / IN2P3

Directory Services at Texas Instruments Jim May Senior Member Technical Staff

Internet2 AdvCollab Apps 1 Access Grid Vision To create virtual spaces where distributed people can work together. Challenges:

14 th April 1999CERN Site Report, HEPiX RAL. A.Silverman CERN Site Report HEPiX April 1999 RAL Alan Silverman CERN/IT/DIS.

Session 8 Windows Platform Dina Alkhoudari. Learning Objectives Read Only Domain Controller Active Directory Certificate Service Group Policy.

HEPiX 2 nd Nov 2000 Alan Silverman Proposal to form a Large Cluster SIG Alan Silverman 2 nd Nov 2000 HEPiX – Jefferson Lab.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

15 May 2001© 2001 University of Salford1 Deficiencies in LDAP when used to support Public Key Infrastructures David W Chadwick

Module 3 Planning for Active Directory®

LAL Site Report Michel Jouvin LAL / IN2P3

IN2P3 AD Forest Project Michel Jouvin LAL / IN2P3

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

GIIS Implementation and Requirements F. Semeria INFN European Datagrid Conference Amsterdam, 7 March 2001.

1/11/2000LAL Site Report - HEPix - JLab 2000 LAL Site Report HEPix – Jlab Nov Michel Jouvin

8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK

Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:

Password? CLASP Phase 2: Revised Proposal FOCUS, 3 May 2001 Denise Heagerty, IT/IS.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Few Highlights from HEPIX/HEPNT Alberto Pace. Warning  This is not a comprehensive report.  See Alan Silverman’s excellent summary if you need this.

1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.

Networks Software.

CLASP Project AAI Workshop, Nov 2000 Denise Heagerty, CERN

HEPix - SLAC 99 Michel Jouvin

Presentation transcript:

1/11/2000LDAP Status Report - HEPix - JLab 2000 LDAP Status Report Michel Jouvin LAL / IN2P3

1/11/2000LDAP Status Report - HEPix - JLab 2000 Outlines LDAP coordination group goals LDAP different usage LDAP general and HEP specific issues LDAP coordination future

1/11/2000LDAP Status Report - HEPix - JLab 2000 LDAP Coordination Group Unofficial group formed at Zeuten –Arnaud Taddei and me as leaders Goals –LDAP white pages deployment coordination –Capitalize on IN2P3 / CERN experience A lot of work has been done but : –Arnaud left CERN in September –Hélène Jamet (IN2P3) is leaving IN2P3

1/11/2000LDAP Status Report - HEPix - JLab 2000 LDAP Is Everywhere... White Pages service –LDAP has emerged as the technology of choice –All clients LDAP capable Windows 2000 : AD is based on LDAP –Resources management relies on ActiveDirectory

1/11/2000LDAP Status Report - HEPix - JLab 2000 … LDAP Is Everywhere Public Key Infrastructure (PKI) –Required by all the certificate/public key based security protocols –LDAP is a strong candidate for certificate distribution GRID uses LDAP as a core technology –Security relies on certificates –Metadirectory used for resources location

1/11/2000LDAP Status Report - HEPix - JLab 2000 What is LDAP ? An access protocol –Originally designed for X500 access –2 "incompatible" versions V2 : first production version. Most used V3 : all servers now v3 but not all clients Several server infrastructures possible –Standalone / Distributed –Proprietary / Standard (X500)

1/11/2000LDAP Status Report - HEPix - JLab 2000 Issues with Standalone LDAP No chaining, referrals only in v3 –Popular mail clients like Pine or Netscape < 4.7 are v2 –Knowledge about servers inside the v2 client : difficult to maintain when infrastructure changes Strong authentication not available –Can be overcome by SSL No shadowing protocol –Proprietary solutions (incompatible)

1/11/2000LDAP Status Report - HEPix - JLab 2000 HEP Specific issues… HEP is a "virtual" organization –International –No central control –Every organization/lab has national and/or non HEP constraints Naming constraints No common root for HEP information tree Non HEP groups requirements

1/11/2000LDAP Status Report - HEPix - JLab 2000 … HEP Specific issues Windows 2000 –Goal (still) unclear : do we need a unified W2000 infrastructure (forest ?) ? –Do we need to unify with non W2000 use ? PKI –Still advanced project for HEP –CERN is quite active (Denise) –Interference between GRID and local projects

1/11/2000LDAP Status Report - HEPix - JLab 2000 HEP Wide White Pages –Goal : create a "virtual" HEP root –Proposal : create 1 HEP tree per country Contains aliases to real sites (CERN, IN2P3, …) Still problems with alias derefencing for some clients (ex: Netscape) This tree could be an international org but who will maintain it ? Tested but who is using it ? –Not specific to white pages Should be possible to extend to every part of the DIT requiring an HEP wide viewing

1/11/2000LDAP Status Report - HEPix - JLab 2000 LDAP Coordination Future HEP CCC / HTASC still advocating the need for an LDAP meeting –Originally planned during this meeting Project : have an LDAP meeting in March –Discuss all LDAP issues, particularly GRID Questions remaining –Who is interested ? US interest ? –Should we co-locate with another meeting Grid ? Hepix ?