Federation Strategy Robert Ricci GENI-FIRE Workshop September 2015.

Slides:



Advertisements
Similar presentations
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Advertisements

The Future of Technology Presentation of the 2003 IEEE Fellows Technology Survey Prof. R. Struzak School on Radio Use for Information.
Sponsored by the National Science Foundation 1 Activities this trimester 0.5 revision of Operational Security Plan Independently (from GPO) developing.
The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.
CERN August 2011CERN Teacher Programmes1 CERN Teacher Programmes Inspiring the next generation of scientists Mick Storr Head CERN Teacher Programmes and.
CERN October 2014CERN Teacher Programmes1 CERN Teacher Programmes Inspiring the next generation of scientists Mick Storr CERN, JINR Dubna, and University.
HOPE August CERN Inspiring the next generation of scientists Mick Storr CERN and University of Birmingham.
Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.
1 Disruptive Technology … an innovation that helps create a new market and value network, and eventually goes on to disrupt an existing market and value.
Sponsored by the National Science Foundation GENI Clearinghouse Panel GEC 12 Nov. 2, 2011 INSERT PROJECT REVIEW DATE.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Emulab Federation Preliminary Design Robert Ricci with Jay Lepreau, Leigh Stoller, Mike Hibler University of Utah USC/ISI Federation Workshop December.
1 Governance in Identity Management Federations Clair Goldsmith, Ph.D. The University of Texas System Administration.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Windows 2003 and 802.1x Secure Wireless Deployments.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Overview of Security Research in Ad Hoc Networks Melanie Agnew John Folkerts Cory Virok.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Gary Brown, Senior Systems Developer, Portal Development Team Identity Management Toolkit a JISC sponsored project.
Middleware challenges to service providers, the Nordic view TERENA, Ingrid Melve, UNINETT.
1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.
Digital Object Architecture
Tom Clarke VP, Research & Technology National Center for State Courts.
Sponsored by the National Science Foundation GEC17: Developer Track Introduction Marshall Brinn, GPO July 21, 2013.
Security Planning and Administrative Delegation Lesson 6.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC
IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.
Sponsored by the National Science Foundation Enabling Trusted Federation Marshall Brinn, GENI Program Office October 1, 2014.
Sponsored by the National Science Foundation Towards Uniform Clearinghouse APIs GEC17 Developer Working Sessions July 23,
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
Windows CardSpace Martin Parry Developer Evangelist Microsoft
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
D u k e S y s t e m s GENI Federation Basics Jeff Chase Duke University.
Dyalog’08. Conga, SSL and WebServices Morten Kromberg Dyalog’08 - Elsinore.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
CERN Teachers Programme Inspiring the next generation of scientists Virginija Birenienė Klaipėda
What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
BEA position on W3C ‘Web Services’ Standards Jags Ramnarayan 11th April 2001.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
CEG 2400 Fall 2012 Directory Services Active Directory Tree Domain.
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Using Orgsync to Manage Your Department June 28, 2013 Kenn Heller, Associate Director of Innovation and Assistant Dean of Students Jason Zeck, Assistant.
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
OGF 43, Washington 26 March FELIX background information Authorization NSI Proposed solution Summary.
Designing a Federated Testbed as a Distributed System Robert Ricci, Jonathon Duerig, Gary Wong, Leigh Stoller, Srikanth Chikkulapelly, Woojin Seok 1.
CERN July 2009CERN Bulgarian Teacher Programmes 1 CERN BulgarianTeacher Programmes Inspiring the next generation of Bulgarian scientists Mick Storr Head.
CERN June 2010CERN Spanish Teacher Programmes 1 CERN SpanishTeacher Programmes Inspiring the next generation of Spanish scientists Mick Storr Head CERN.
Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006.
DISP-2003 Dr. Hugh Blanton ENTC 4600
CERN Teacher Programmes Inspiring the next generation of scientists
CERN Teacher Programmes Inspiring the next generation of scientists
Marketplace & service catalog concepts, first design analysis
GENI Terminology Sponsored by the National Science Foundation.
CERN Teacher Programmes Inspiring the next generation of scientists
ONC P2 FHIR Ecosystem Task Force
Five Reasons to Use SharePoint 2013 Communities
A Business Case for Identity Management in Higher Education
Tiffany Ong, Rushali Patel, Colin Dolese, Joseph Lim
STIR Certificate delegation
CERN Teacher Programmes Inspiring the next generation of scientists
CERN Teacher Programmes Inspiring the next generation of scientists
Presentation transcript:

Federation Strategy Robert Ricci GENI-FIRE Workshop September 2015

Basics of GENI Federation Partitioned trust All identities and assertions verified cryptographically No federation member can forge credentials for other members Separate Authentication and Authorization Authentication: “Who is this user?” (Member Authority) Authorization: “Why are they allowed to use the facility?” (Slice Authority) Use untrusted tools as much as possible Eg. multiple portals “Speaks-for” for accountability Federation established by a trusted third party (Clearinghouse) Anyone can join more than one federation As simple as adding and removing root certificates

Successes in GENI Federation 142 aggregates federated Moderately heterogeneous Clusters Wireless Backbone networks Existing testbeds Includes international resources Reasonably broad and consistent tool support Adding a new federate is easy (from a clearinghouse standpoint) Decentralized model / autonomous facilities Model is used for multiple testbeds / federations Multiple overlapping federations

Contributing Factors Limited number of implementations Can use personal communication, not precise specs Limited number of resource owners -> common purpose Mostly moving in the same direction Limited heterogeneity Would be hard to find what you want, but most of it is similar Not much policy diversity Don’t have to explain differences to users, tools Frequent meetings Close communications, forcing functions

Scaling to an International Effort More implementations Heavier reliance on specifications and tests More resource owners Every owner needs an incentive to federate More heterogeneous Ability to search More policy diversity We are going to have to talk more about how to expose this to users More loosely coupled development More reliance on online collaboration, less on face-to-face meetings

Rob’s Thoughts

Infrastructure doesn’t federate, people federate Give people-organization features priority from the beginning

Build loose, rather than strict, federations Federation structures between people are complex and vary a lot

– Clarke’s Third Law “Any sufficiently advanced technology is indistinguishable from magic.” –Ricci’s Addendum to Clarke’s Third Law “… but any sufficiently advanced federation is still distinguishable from a single facility.”

Users want to do research or take classes, not learn about infrastructure Smooth over the differences you can, expose those that you can’t directly

–Clarke’s Second Law “The only way of discovering the limits of the possible is to venture a little way past them into the impossible.” Enable people to use the infrastructure for things you didn’t think you designed it for, without asking your permission.

–Clarke’s First Law “When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.”

Federate early and often

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.