GGF16, Athens AuthZ Interoperability Here and Now Workshop, 16 Feb 2006.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.

© 2006 Open Grid Forum Security Area OGF19 Standard All Hands.

© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.

Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.

24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK

Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.

4 December 2002 Grid Resource Access Workshop, NeSC 1 Managing Access to Resources on the Grid David Boyd CLRC e-Science Centre

The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK

OSG/TeraGrid Interopations: The Authz Perspective Von Welch (NCSA) Presenting work by Christopher A. Baumbauer (Purdue U.) Greg Cross (U. Chicago) Stuart.

Thoughts & Ideas on AuthZ Interoperability Christos Kanellopoulos AUTH/GRNET skanct at physics.auth.gr.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

INFSO-RI Enabling Grids for E-sciencE Security (JRA3) Åke Edlund, JRA3 Manager, KTH David Groep, EUGridPMA chair, NIKHEF EGEE 1.

Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE EGEE Security Status – Biomed meeting – Valencia, January 27th, 2006 EGEE Security status.

EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group EGI Technical Forum Sep 2010 David Kelsey.

TeraGrid VO Support and Plans for AAA Testbed Dane Skow, Deputy Director TeraGrid University of Chicago / Argonne National Laboratory Internet2 Member.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,

Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.

1 OSG Accounting Service Requirements Matteo Melani SLAC for the OSG Accounting Activity.

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Ake Edlund EGEE Sec Head 9th MWSG meeting, SLAC,

Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.

Security Policy Update LCG GDB Prague, 4 Apr 2007 David Kelsey CCLRC/RAL

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX1 LCG Security Update HEPiX-HEPNT, TRIUMF, 23 October 2003 David Kelsey CCLRC/RAL, UK

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE and OSG: Common Security Policies? OSG.

3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE GGF16 workshop Authorization Interoperability (Here and Now) David Kelsey, CCLRC/RAL, UK

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Linda Cornwall CCLRC (RAL) FP6 Security workshop.

US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Dr Linda Cornwall CCLRC (RAL) FP6 Security workshop.

Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.

David Groep Nikhef Amsterdam PDP & Grid Some Comments on “Problem description for non-proliferation issues in Grids” Joint Security Policy Group 7 December.

Open Science Grid & its Security Technical Group ESCC22 Jul 2004 Bob Cowles

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.

Security Operations David Kelsey GridPP Deployment Board 3 Mar 2005

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.

INFSO-RI Enabling Grids for E-sciencE Security Summary Åke Edlund, JRA3 4 th EGEE Conference Pisa, Italy 28 th October 2005.

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL

EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE and JSPG activities David Kelsey CCLRC/RAL.

Security EGEE/SA1 ROC Managers ARM-3 meeting Lyon, 17 March 2005 David Kelsey CCLRC/RAL, UK

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.

Open Science Grid OSG Accounting System Matteo Melani SLAC 9/28/05 Joint OSG and EGEE Operations Workshop.

INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.

LCG User, Site & VO Registration in EGEE/LCG Bob Cowles OSG Technical Meeting Dec 15-17, 2004 UCSD.

LCG Pilot Jobs + glexec John Gordon, STFC-RAL GDB 7 December 2007.

EGEE is a project funded by the European Union under contract IST EGEE Security Åke Edlund Security Head EU IST-FP6 Concertation, 17 th September.

Security Bob Cowles

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Ake Edlund for JRA3 EGEE EU Review (CERN) May 23-24, 2006.

Grid Security Policy: EGEE to EGI David Kelsey (RAL) 16 Sep 2009 JSPG meeting, DFN Berlin david.kelsey at stfc.ac.uk.

INFSO-RI Enabling Grids for E-sciencE JRA3 Åke Edlund On behalf of JRA3 EGEE 8th All-activity meeting January 18-19,

May 4, 2006Dane Skow Managing (Dis)Honorable Guests -- A Role for Grid Security Dane Skow University of Chicago and Argonne National.

Bob Jones EGEE Technical Director

Open Science Grid Consortium Meeting

JRA3 Introduction Åke Edlund EGEE Security Head

Incident Response Plan for the Open Science Grid

David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016

David Kelsey CCLRC/RAL, UK

Presentation transcript:

GGF16, Athens AuthZ Interoperability Here and Now Workshop, 16 Feb 2006

Organising Committee Christophe Blanchet(CNRS IBCP&EGEE biomed VO dep) Vincent Breton(CNRS & EGEE Dir of Applications) Bob Cowles(SLAC and OSG Security co-chair) Ake Edlund(KTH and EGEE Director of Security) David Groep(NIKHEF and IGTF chair) David Kelsey(CCLRC and LCG/EGEE JSPG chair) Olle Mulmo(KTH and GGF Security Area Director) Dane Skow(USA and GGF Security Area Director) Von Welch(NCSA and Globus Alliance)

Background Much work on Grid Authentication -> success –International GridTrust Federation (IGTF) –facilitates cross-Grid authentication Grid Authorization is less mature Many large-scale application communities (VOs) are global in nature –have the need to access multiple Grid infrastructures Authorization (AuthZ) assertions and policy needs to be controlled at the VO level Important requirement for interoperability in AuthZ between Grids –protocols and evaluation of the AuthZ/Policy assertions –different implementations interwork and make AuthZ decisions.

Aims This workshop will consider short-term (now and next two years) Grid Authorization and Policy implementations, requirements and issues Investigate what improvements can be made to encourage and facilitate interoperability between Grid operational infrastructures Lessons learned from today's implementations –For the Grid security standards activities in GGF for the longer-term future. Highlight the Life Science perspective with requirements from the biomed VO in EGEE and in the overall biomedical community

AuthZ Interoperability Here and Now - Agenda - # Welcome, introduction and aims The LHC experiments (particle physics) AuthZ requirements (David Kelsey) The Biomed/EGEE AuthZ requirements (Christophe Blanchet/Rémi Mollon) AuthZ in Open Science Grid (Bob Cowles) Discussion

Agenda #2 Panel presentations & discussion - AuthZ interoperability issues and plans Von Welch TeraGrid/OSG interoperation issues David Groep EGEE framework and local PDP's Jens Jensen Data management AuthZ Yuri Demchenko GAAA/GT4 gap analysis Christos Kanellopoulos Ideas on interoperation/interoperability Olle MulmoFuture plans and directions (for GGF) leading into general discussion - recommendations for short-term and mid-term direction

MultiGrid Auth Group Will discuss use of common role definitions A proposal: Group User: would be provisioned with the default permissions and capabilities for the standard usage of a resource by that group Role Admin: would be provisioned full permissions and capabilities allowed to the group managers (probably not equivalent to root access to a machine) Role Storage Admin: would be provisioned with the ability to read/ write/delete all files and directories owned by the group Role Priority Admin: would be provisioned with the ability to adjust priorities for queued requests by that group on a resource. (This probably implies the requirement for a common interface for manipulating priority of queued requests).

TONIC group TONIC Taskforce Organizing Near-term Interoperation for Credentials Draft Charter: Community group formed to develop interoperation agreements to support various levels of interoperation between grids participating in the Grid Interoperation Now (GIN) activity. Create documents defining interoperation agreements for levels of interoperation. Act as an intermediate between the immediate needs of the production grid interoperation actions and the standards development process.