WP4 Security Update For WP4: David Groep

Slides:



Advertisements
Similar presentations
TSpaces Services Suite: Automating the Development and Management of Web Services Presenter: Kevin McCurley IBM Almaden Research Center Contact: Marcus.
Advertisements

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
The Anatomy of the Grid: An Integrated View of Grid Architecture Carl Kesselman USC/Information Sciences Institute Ian Foster, Steve Tuecke Argonne National.
Gridification Task Development Plan for Release 1.1 – 2.0 For Gridification: David Groep
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
DataGrid is a project funded by the European Union 22 September 2003 – n° 1 EDG WP4 Fabric Management: Fabric Monitoring and Fault Tolerance
WP4 Gridification Subsystem overlap Globus & existing systems LCAS and AAA in WP4 for Gridification Task: David Groep
Internet Sellouts Final Presentation Enterprise Architecture Group.
WP4 Gridification Subsystem overlap & existing systems for Gridification Task: David Groep
WP4 Gridification Security Components in the Fabric overview of the WP4 architecture as of D4.2 for Gridification Task: David Groep
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
Active Security Infrastructure Stuart Kenny Trinity College Dublin.
Deploying Experiments with Raven Scott Baker SB-Software John H. Hartman University of Arizona.
Evolution to CIMI Charles (Cal) Loomis & Mohammed Airaj LAL, Univ. Paris-Sud, CNRS/IN2P3 29 August 2013.
WP4-install task report WP4 workshop Barcelona project conference 5/03 German Cancio.
Introduction to the Atlas Platform Mobile & Pervasive Computing Laboratory Department of Computer and Information Sciences and Engineering University of.
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.
WP4 Security and AA(A) issues For WP4: David Groep
Partner Logo DataGRID WP4 - Fabric Management Status HEPiX 2002, Catania / IT, , Jan Iven Role and.
ISYS 562 Microcomputer Business Applications David Chao.
Olof Bärring – WP4 summary- 4/9/ n° 1 Partner Logo WP4 report Plans for testbed 2
Network Security. Need for security  Connecting to the Internet is quickly becoming a necessity for companies/ individuals  Understand the security.
Shannon Hastings Multiscale Computing Laboratory Department of Biomedical Informatics.
1 The new Fabric Management Tools in Production at CERN Thorsten Kleinwort for CERN IT/FIO HEPiX Autumn 2003 Triumf Vancouver Monday, October 20, 2003.
GUMS Gabriele Carcassi PPDG Collaboration meeting June 27, 2004.
EGEE is a project funded by the European Union under contract IST Gap analysis draft v2 Olle Mulmo, David Groep, Joni Hahkala JRA3 Gap, 10.
EDG Security European DataGrid Project Security Coordination Group
20-May-2003HEPiX Amsterdam EDG Fabric Management on Solaris G. Cancio Melia, L. Cons, Ph. Defert, I. Reguero, J. Pelegrin, P. Poznanski, C. Ungil Presented.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Security Mechanisms The European DataGrid Project Team
DataGrid Fabric Management (WP4) Gridification of Large Farms, a very brief overview David Groep, NIKHEF
Maite Barroso – WP4 Barcelona – 13/05/ n° 1 -WP4 Barcelona- Closure Maite Barroso 13/05/2003
2/26/021 Pegasus Security Architecture Author: Nag Boranna Hewlett-Packard Company.
INFSO-RI Enabling Grids for E-sciencE LCAS/LCMAPS and WSS Site Access Control boundary conditions David Groep NIKHEF.
Olof Bärring – WP4 summary- 4/9/ n° 1 Partner Logo WP4 report Plans for testbed 2 [Including slides prepared by Lex Holt.]
Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.
WP6: Authorization Service Workshop in Eger Marcin Adamski, Michał Chmielewski, Sergiusz Fonrobert, Jarek Nabrzyski and Tomasz Ostwald Poznań Supercomputing.
INFSO-RI Enabling Grids for E-sciencE LCAS/LCMAPS and WSS Site Access Control boundary conditions David Groep et al. NIKHEF.
VO management: Progress since Chicago Workshop Vincenzo Ciaschini 23/5/2002 CNAF – Bologna.
Chapter 9 & 10 Database Planning, Design and Administration Database Application Lifecycle DBMS Selection Database Administration.
07/10/2007 VDCT Status Update EPICS Collaboration, October 2007 Knoxville, Tennessee
WP3 Security and R-GMA Linda Cornwall. WP3 UserVOMS service authr map pre-proc authr LCAS LCMAPS pre-proc LCAS Coarse-grained e.g. Spitfire WP2 service.
AFS/OSD Project R.Belloni, L.Giammarino, A.Maslennikov, G.Palumbo, H.Reuter, R.Toebbicke.
The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.
VOX Project Status T. Levshina. 5/7/2003LCG SEC meetings2 Goals, team and collaborators Purpose: To facilitate the remote participation of US based physicists.
Gridification progress report David Groep, Oscar Koeroo Wim Som de Cerff, Gerben Venekamp Martijn Steenbakkers.
APRIL 10, Meeting Agenda  Prototype 2 Goals  Robust Connections Demo  System Diagnostics Tool Demo  Final Prototype Risk Mitigation  Final.
Current Globus Developments Jennifer Schopf, ANL.
Future Developments in EDG The European DataGrid Project Team
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
ACGT Architecture and Grid Infrastructure Juliusz Pukacki ‏ EGEE Conference Budapest, 4 October 2007.
Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Update on Service Availability Monitoring (SAM) Marian Babik, David Collados,
INFSO-RI Enabling Grids for E-sciencE GUMS vs. LCMAPS Oscar Koeroo.
Monitoring Working Group Update Grid Deployment Board 5 th December, CERN Ian Neilson.
The European DataGrid Project Team
StratusLab Final Periodic Review
StratusLab Final Periodic Review
Online Steering in gLite with RMOST
WP4 Security Update For WP4: David Groep
Gridification Gatekeeper LCAS: Local Centre AuthZ Service LCAS
Gridification progress report
Information Providers
PitchBook For MS Dynamics Plugin
Database Design Hacettepe University
Mobile Reference Diagram Template
Presentation transcript:

WP4 Security Update For WP4: David Groep

David Groep – WP4 security update – A Job lifecycle within the Fabric

David Groep – WP4 security update – Some WP4 security components u Plug-able system for authorization (LCAS) n plug-in (PAM-like) framework n Use as an engine for policy-driven authorization u LCMAPS local credentials n Credential generation plug-in framework n Logical place to add role support u Additional modifications to gatekeeper required n error&status handling n Getting a useful message to the user

David Groep – WP4 security update – Authentication control flow EDG gatekeeper TLS auth LCAS (so) assist_gridmap Jobmanager-* Gatekeeper TLS auth LCAS client apply creds * Jobmanager-* Gatekeeper LCAS ACL timeslot gridmap config LCMAPS clnt LCMAPS role2uid role2afs config * And store in job repository Id Yes/no Id credlist NOW1.3, 1.4, 2+

David Groep – WP4 security update – More components u Configuration database n The CDB should keep all relevant configuration/policies n Can publish to information services (and integrate with WP3 tools) n High-level description language to be defined in June workshop u Monitoring n Monitoring over unsecure networks u Local ID service n To elimitate confusion: primary role is inside fabric n Secure install services, etc.

David Groep – WP4 security update – Status and plans u Progress on LCAS Added hook in gatekeeper  edg_gatekeeper n Early prototype in Release 1.2: shipped as shared object with three components (allow, ban, timeslot) n Dynamic plugin frameworknow being unit tested within WP4/gridification n To be released in 1.3 n More plug-in components can be developed independently (is simple) u LCMAPS n Release planning changed to provide it earlier (1.4) n Keep all the useful functionality from Andrew n Extend with role support (interaction with client side TBD)