5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

Slides:



Advertisements
Similar presentations
The DataTAG Project 25 March, Brussels FP6 Information Day Peter Clarke, University College London.
Advertisements

Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.
24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.
Stephen Burke - WP8 Status - 14/2/2002 Partner Logo WP8 Status Stephen Burke, PPARC/RAL.
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Tony Doyle GridPP2 Proposal, BT Meeting, Imperial, 23 July 2003.
The National Grid Service Mike Mineter.
Data services on the NGS.
The National Grid Service and OGSA-DAI Mike Mineter
18 April 2002 e-Science Architectural Roadmap Open Meeting 1 Support for the UK e-Science Roadmap David Boyd UK Grid Support Centre CLRC e-Science Centre.
4 December 2002 Grid Resource Access Workshop, NeSC 1 Managing Access to Resources on the Grid David Boyd CLRC e-Science Centre
VO Support and directions in OMII-UK Steven Newhouse, Director.
Grid Security Policy David Kelsey (RAL) 1 July 2009 UK HEP SYSMAN Security workshop david.kelsey at stfc.ac.uk.
The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
Author - Title- Date - n° 1 Partner Logo Authentication John Gordon GridPP 2 nd May 2002.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - Manchester HEP - 31 January 2002 Testbed Release in the UK Integration Team UK deployment TB1 Job Lifecycle VO: Authorisation VO: GIIS and.
11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK
20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
Andrew McNab - EDG Access Control - 17 Jan 2003 EDG Site Access Control (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.
Ákos FROHNER – DataGrid Security Requirements n° 1 Security Group D7.5 Document and Open Issues
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
LCG and HEPiX Ian Bird LCG Project - CERN HEPiX - FNAL 25-Oct-2002.
9-May-02D.P.Kelsey, Security Plans, GridPP41 Security: Plans 9 May 2002 GridPP4 meeting, Manchester David Kelsey CLRC/RAL, UK
JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
EU DataGrid (EDG) & GridPP Authorization and Access Control User VOMS C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups,
EGEE is a project funded by the European Union under contract IST Gap analysis draft v2 Olle Mulmo, David Groep, Joni Hahkala JRA3 Gap, 10.
3-Nov-00D.P.Kelsey, HEPiX, JLAB1 Certificates for DataGRID David Kelsey CLRC/RAL, UK
Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.
10-May-01D.P.Kelsey, Security Workshop Summary1 DataGrid Security Workshop 29/30 March 2001 SUMMARY David Kelsey CLRC/RAL, UK
GridPP Presentation to AstroGrid 13 December 2001 Steve Lloyd Queen Mary University of London.
3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK
Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.
…building the next IT revolution From Web to Grid…
User VOMS Java C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups, roles, capabilities Authentication Certificate Authorities.
23-Oct-02D.P.Kelsey, Grid Security, HEPiX, FNAL1 LCG/EDG Security - update and plans HEPiX/HEPNT - FNAL 23 Oct 2002 David Kelsey CLRC/RAL, UK
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Andrew McNab - EDG Access Control - 4 Dec 2002 EDG Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
2-Sep-02D.P.Kelsey, WP6 CA, Budapest1 WP6 CA report Budapest 2 Sep 2002 David Kelsey CLRC/RAL, UK
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Grid Security work in 2004 Andrew McNab Grid Security Research Fellow University of Manchester.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
10-May-01D.P.Kelsey, WP6 Security1 Certificates/Authorisation for DataGrid Testbeds David Kelsey CLRC/RAL, UK
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
9-Jul-02D.P.Kelsey, DataGrid Security1 EU DataGrid Security 9 July 2002 UK Security Task Force Meeting #2 David Kelsey CLRC/RAL, UK
Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
Bob Jones EGEE Technical Director
David Kelsey CCLRC/RAL, UK
Ian Bird GDB Meeting CERN 9 September 2003
UK Testbed Status Testbed 0 GridPP project Experiments’ tests started
Grid Security M. Jouvin / C. Loomis (LAL-Orsay)
Presentation transcript:

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

5-Dec-02D.P.Kelsey, GridPP Security3 GridPP Provide architecture and middleware Use the Grid with simulated data Use the Grid with real data Future LHC Experiments Running US Experiments £17M PPARC project to Build Grid for UK PP Sep 01 – Aug 04

5-Dec-02D.P.Kelsey, GridPP Security4 GridPP Security Same as EU DataGrid (see tomorrow) –But also US PPDG, GriPhyN, iVDGL –CERN LHC Computing Grid Based on Globus GSI –But adding our own developments and functionality

5-Dec-02D.P.Kelsey, GridPP Security5 Security Requirements 112 documented in D7.5 document –72 essential, 37 desirable aims, 3 long-term aim –Authentication (17), Authorisation (32), Auditing(5), Non- repudiation (3), Delegation (8), Confidentiality (18), Integrity (4), Networking (2), Manageability (4), Usability (8), Interoperability (5), Scalability (1), Performance (5) Includes –Virtual Organisations (VOs) – Role based authorisation Authorise resources as well as users –Local Authorisation Decisions and keep ACLs local to data –Confidentiality Encrypted medical data Dont know who is in a VO –International Collaboration – must inter-operate!

5-Dec-02D.P.Kelsey, GridPP Security6 Authentication More details tomorrow International Collaboration very important Building Trust between national CAs EDG defines list of trusted CAs –Currently 13 national CAs –Will grow to ~20

5-Dec-02D.P.Kelsey, GridPP Security7 Security Developments Security components developed (see EDG web) –CA Trust Matrix tools –VO/LDAP & VOMS – Authorisation –LCAS, LCMAPS – local authorisation and mapping –Gridmapdir – dynamic leased accounts –Gridsite – certificate-based web management –SlashGrid - dn-based grid homefile system –GACL – Library to parse ACLs (XML) –edg-java-security (for Data Management) More details in tomorrows talk

5-Dec-02D.P.Kelsey, GridPP Security8 Grid Deployment - issues Legal, political, site security policies, etc. –The user does not (need to) know where the jobs will run Cannot sign registration forms everywhere –Acceptable Use policies (Rules) What is needed for User Registration? –We have a solution for EDG testbed But not yet for full production (LCG considering this) –What is acceptable to Site Security Officers? GGF Site-AAA research group –An extremely important area – could kill the Grid!

5-Dec-02D.P.Kelsey, GridPP Security9 Issues – Deployment (2) Virtual Organisation Management VOs need to manage their members and sites/resource providers negotiate with VOs –Only system which will scale Sites cannot manage large number of Grid users –Not just a technical problem! –Must develop procedures to allow this to happen –VOs not used to managing resources –Will Computer Centres give up (full) control?

5-Dec-02D.P.Kelsey, GridPP Security10 Summary Authentication –Cross-Domain Trust is the big problem will it continue to scale? Authorisation –The most IMPORTANT area This is where the identity and rights need to be checked –Technology is immature –Need VO management procedures/tools Many operational, legal, deployment issues –To establish Trust between Sites/VOs/users Do/will sites trust each other? EDG has several solutions – see tomorrows talk

5-Dec-02D.P.Kelsey, GridPP Security11 Web links GridPPhttp:// DataGridhttp:// LCGhttp://lcg.web.cern.ch/LCG/ GGF Security Area DataGrid Security Requirements document d7.5.pdf d7.5.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.