NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

Slides:



Advertisements
Similar presentations
GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.
Advertisements

Federated Identity for Grid Architects Tom Scavo NCSA
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Identity Management, PKI and Grids Jill Gemmill, PhD University of Alabama at Birmingham.
TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Widely Distributed Access Management Tom Barton University of Chicago.
Kate Keahey Argonne National Laboratory University of Chicago Globus Toolkit® 4: from common Grid protocols to virtualization.
Federated Security and the Federal Government Ken Klingenstein Director, Internet2 Middleware and Security.
GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch
GridShib Project Update Tom Barton 1, Tim Freeman 1, Kate Keahey 1, Raj Kettimuthu 1, Tom Scavo 2, Frank Siebenlist 1, Von Welch 2 1 University of Chicago.
SC06 – Powerful Beyond Imagination Tampa, FL Nov 14, 2006 Scaling TeraGrid Access: A Roadmap (Testbed) for Federated Identity Management for a Large Cyberinfrastructure.
Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Digital Object Architecture
GridShib Grid-Shibboleth Integration Von Welch, Tom Barton, Kate Keahey, Frank Siebenlist GlobusWORLD 2005.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
MyVocs and GridShib: Integrated VO Management Jill Gemmill, John-Paul Robinson University of Alabama at Birmingham Tom Scavo, Von Welch National Center.
TeraGrid VO Support and Plans for AAA Testbed Dane Skow, Deputy Director TeraGrid University of Chicago / Argonne National Laboratory Internet2 Member.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of.
SAML support in VOMS Valerio Venturi EGEE JRA1 AH Meeting, Amsterdam 20/23 February 2008.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
GridShib and MyProxy Grid Credential Management and Identity Federation Von Welch NCSA
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
1 Globus Toolkit Security Rachana Ananthakrishnan Frank Siebenlist Argonne National Laboratory.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.
Shibboleth: An Introduction
Shibboleth and TAGPMA Michael Helm DOEGRids/ESnet 27 Mar 2006.
Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, GridShib, and MyProxy Tom Barton 1, Jim Basney 2, Tim Freeman.
GridShib: Campus/Grid RBAC Integration Penn State Grid Computing Workshop August 5th, 2005 Von Welch
OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland
Gridshib-tech-overview-dec051 GridShib A Technical Overview Tom Scavo NCSA.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.
Tools for Grid/Campus Integration: GridShib and MyProxy Internet2 Advanced Camp July 1, 2005 Von Welch
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
GridShib Grid-Shibboleth Integration An Overview Von Welch
More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago.
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
Gridshib-tech-overview-apr061 GridShib A Technical Overview Tom Scavo NCSA.
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
TeraGrid 08 The Third Annual TeraGrid Conference Las Vegas, NV June 9–13, 2008 Tom Scavo, Jim Basney, Terry Fleury, Von Welch.
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
University of Illinois at Urbana-Champaign National Center for Supercomputing Applications GridShib Grid/Shibboleth Interoperability
University of Illinois at Urbana-Champaign National Center for Supercomputing Applications GridShib Grid/Shibboleth Interoperability
Security in Research Computing John Sandefur UAB Comprehensive Cancer Center John-Paul Robinson UAB Research Computing.
2NCSA/University of Illinois
I2/NMI Update: Signet, Grouper, & GridShib
e-Infrastructure Workshop 28th March 2006, University of Leeds
Shibboleth for Non-Web-Based Applications: GridShib
Overview and Development Plans
NSF Middleware Initiative: GridShib
GridShib: Grid/Shibboleth Integration Update GGF 18 Shibboleth Developers BoF September 10-11, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey,
TeraGrid 08 Tom Scavo, Jim Basney , Terry Fleury, Von Welch
A Grid Authorization Model for Science Gateways
NSF Middleware Initiative: GridShib
Presentation transcript:

NSF Middleware Initiative: GridShib Tom Barton University of Chicago

2 What is GridShib? NSF Middleware Initiative (NMI) Grant: “Policy Controlled Attribute Framework” Allow the use of Shibboleth-transported attributes for authorization in NMI Grids built on the Globus Toolkit v4 2 year project started December 1, 2004 Participants Von Welch, UIUC/NCSA (PI) Kate Keahey, UChicago/Argonne (PI) Frank Siebenlist, Argonne Tom Barton, UChicago

3 Why? Attribute-based authorization has shown itself to be useful in large grids with far-flung participants in several types of roles Identity-based approach scales poorly Shibboleth is well supported and becoming widely deployed SAML is used by larger identity federation world, not just Shibboleth. Integrating SAML support into Grids opens the door to leveraging this large technology space

4 GridShib Integration Principles No modification to typical grid client applications Modifications only to Grid Services and security clients (e.g. grid-proxy-init) Leverage shibboleth’s attribute marshaling capability and release policies Leverage strategic investment that campuses make in Identity Management operations

5 GridShib Progress Developers hired February 2005 Substantial resolution of GridShib’s Shibboleth usage profile Shibboleth IdP plugin nearing completion Maps externally-issued X.509 identity certificates to local identifiers SAML attribute marshaling in GT4 runtime nearing completion

6 GridShib Progress (cont’d) Common attribute format internal to GT4 runtime to support access policies spanning SAML and X.509 PMI attribute sources Uses XACML Request Context Initial GridShib release for closed alpha deployment Readiness by end of June Overlays GT 4.0 and Shib 1.3

7 Potential Early Adopters Focused efforts to understand and evaluate potential use of GridShib in: caBIG, Cancer Bioinformatics Grid UK eScience Grid LOOKING, Laboratory for the Ocean Observatory Knowledge Integration Grid University of Southern California University of Alabama at Birmingham SURAgrid

8 GridShib Challenges Identity Provider Discovery Compounded by need in some grids to consult several identity providers for each user Distributed Attribute Administration What happens when the folks running the attribute authority are not the ones authoritative for the attributes? Some projects don’t have resources to run a 7x24 security service, but are the only ones who know the attribute space Explore Signet, Grouper Mapping local subject identifier to externally issued EEC

9 Distributed Authorities Grid Service Session authentication credential Attribute Authority Home Org Virtual Org Affiliated Org Authorities Grid user Signet, Grouper

10 Project objectives Priority 1: Pull mode operation Globus services contact Shibboleth to obtain attributes about identified user Support both GT4.x Web Services and pre-WS code Priority 2: Push mode operation User obtains Shib attributes and push to service Allows role selection Priority 3: Online CAs Pseudonymous operation Integration with local authentication services

11 Timeline December 1, 2004: formal start February 1, 2005: Developers on board and coding Mid-Summer 2005: closed alpha release pull model with user identified Fall 2005: public releases Production pull model with user identified Beta push model with user identified Implementation of simple policy description language Targeting GT 4.1.x and Shibboleth : Integration with online CAs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.