23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX1 LCG Security Update HEPiX-HEPNT, TRIUMF, 23 October 2003 David Kelsey CCLRC/RAL, UK

Slides:



Advertisements
Similar presentations
Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.
Advertisements

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK
Last update 01/06/ :23 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Site Registration policy & procedures
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK
Denise Heagerty, CERN, HEPiX Meeting Oct HEPiX Security Workshop Overview of talks Some extracts of general interest LCG Security Group FNAL, KEK,
Grid Security in EGEE/LCG ISGC 2005, Taipei, Taiwan 29 April 2005 David Kelsey CCLRC/RAL, UK
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Security Mechanisms The European DataGrid Project Team
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
RomeWorkshop on eInfrastructures 9 December LCG Progress on Policies & Coming Challenges Ian Bird IT Division, CERN LCG and EGEE Rome 9 December.
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
20-May-03D.P.Kelsey, LCG-1 Security, HEPiX1 Grid Security for LCG-1 HEPiX, NIKHEF, 20 May 2003 David Kelsey CCLRC/RAL, UK
Ákos FROHNER – DataGrid Security Requirements n° 1 Security Group D7.5 Document and Open Issues
GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
LCG/EGEE Security Update HEPiX, Fall 2004 BNL, 18 October 2004 David Kelsey CCLRC/RAL, UK
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
EU DataGrid (EDG) & GridPP Authorization and Access Control User VOMS C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups,
10-Jun-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 10 June 2003 David Kelsey CCLRC/RAL, UK
13-Jul-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint LCG/EGEE Security Group) CERN 13 July 2004 David Kelsey CCLRC/RAL,
9-Sep-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 9 September 2003 David Kelsey CCLRC/RAL, UK
Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.
EDG Security European DataGrid Project Security Coordination Group
8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK
Ákos FROHNER – DataGrid Security n° 1 Security Group D7.6 Design Ideas
10-May-01D.P.Kelsey, Security Workshop Summary1 DataGrid Security Workshop 29/30 March 2001 SUMMARY David Kelsey CLRC/RAL, UK
3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK
30-Sep-03D.P.Kelsey, SCG Summary1 Security Co-ordination Group (WP7 SCG) EDG Heidelberg 30 September 2003 David Kelsey CCLRC/RAL, UK
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Linda Cornwall CCLRC (RAL) FP6 Security workshop.
LCG/EGEE Security Operations HEPiX, Fall 2004 BNL, 22 October 2004 David Kelsey CCLRC/RAL, UK
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
9-Oct-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK
23-Oct-02D.P.Kelsey, Grid Security, HEPiX, FNAL1 LCG/EDG Security - update and plans HEPiX/HEPNT - FNAL 23 Oct 2002 David Kelsey CLRC/RAL, UK
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
VO management: Progress since Chicago Workshop Vincenzo Ciaschini 23/5/2002 CNAF – Bologna.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
VO Box Issues Summary of concerns expressed following publication of Jeff’s slides Ian Bird GDB, Bologna, 12 Oct 2005 (not necessarily the opinion of)
Last update 21/01/ :05 LCG 1Maria Dimou- cern-it-gd Current LCG User Registration, VO management and Authorisation Procedures VOMS workshop
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
Ákos FROHNER – DataGrid Security n° 1 Security Group TODO
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE and JSPG activities David Kelsey CCLRC/RAL.
EGEE ARM-2 – 5 Oct LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN.
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
18-May-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) Barcelona 18 May 2004 David Kelsey CCLRC/RAL, UK
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
15-May-03D.P.Kelsey, SCG Summary1 Security Coord Group (SCG) EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
10-May-01D.P.Kelsey, WP6 Security1 Certificates/Authorisation for DataGrid Testbeds David Kelsey CLRC/RAL, UK
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,
Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
David Kelsey CCLRC/RAL, UK
LCG Security Status and Issues
David Kelsey CCLRC/RAL, UK
NAREGI-CA Development of NAREGI-CA NAREGI-CA Software CP/CPS Audit
David Kelsey CCLRC/RAL, UK
Update on EDG Security (VOMS)
Presentation transcript:

23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX1 LCG Security Update HEPiX-HEPNT, TRIUMF, 23 October 2003 David Kelsey CCLRC/RAL, UK

23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX2 Overview LCG Security Group –Mandate and membership Meetings and web pages Policies and procedures Security technology for LCG-1 –including overview of EDG Authorization Future plans

23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX3 LCG Security Group Mandate To advise and make recommendations to the Grid Deployment Manager and the GDB on all matters related to LCG-1 Security –GDB makes the decisions To continue work on the mandate of GDB WG3 –Policies and procedures on Registration, Authentication, Authorization and Security To produce and maintain –Implementation Plan (first 3 months, then for 12 months) –Acceptable Use Policy/Usage Guidelines –LCG-1 Security Policy Where necessary recommend the creation of focussed task- forces made-up of appropriate experts –E.g. the “Security Contacts” group (n.b. GDB = Grid Deployment Board)

23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX4 Membership Experiment representatives/VO managers –Alberto Masoni, ALICE –Rich Baker, Anders Waananen, ATLAS –David Stickland, Greg Graham, CMS –Joel Closier, LHCb Site Security Officers –Denise Heagerty (CERN), Dane Skow (FNAL) Site/Resource Managers –Dave Kelsey (RAL) - Chair Security middleware experts/developers –Roberto Cecchini (INFN), Akos Frohner (CERN) LCG management and the CERN LCG team –Ian Bird, Ian Neilson Non-LHC experiments/Grids –Many sites also involved in other projects –Bob Cowles (SLAC)

23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX5 Meetings, Web etc Agenda, presentations, minutes etc LCG Security Group Web site Meetings –Started in April 2003 –Met 10 times to date 4 face to face and 6 phone conferences Report to the monthly GDB meetings

23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX6 Policies and procedures 6 documents approved to date (see LCG SEC web) Security and Availability Policy for LCG –Prepared jointly with GOC task force Approval of LCG-1 Certificate Authorities Audit Requirements for LCG-1 Rules for Use of the LCG-1 Computing Resources Agreement on Incident Response for LCG-1 User Registration and VO Management 4 more still to be written (by GOC task force) LCG Procedures for Resource Administrators LCG Guide for Network Administrators LCG Procedure for Site Self-Audit LCG Service Level Agreement Guide

23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX7 LCG-1 security technology Based on EDG release 2.0 Authentication (X.509 PKI) –List of trusted national CA’s (from EDG) –Plus online authentication: FNAL KCA, MyProxy Authorization –VO (LDAP) databases (shared with EDG) Run at NIKHEF, managed by VO-managers (one per expt) –mkgridmap tool to create Grid mapfiles –Map to local user account (real or pool) AuthZ components –VOMS, LCAS/LCMAPS, US CMS VOX –Under development –To be used when available, tested and proved

23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX8 EDG Authorization some slides from Akos Frohner – CERN (Roberto Cecchini leads the VOMS group)

2003/Sept - Update on EDG Security (VOMS) - Ákos Frohner - n° 9 Registration user user cert (long life ) VO-VOMS CA low frequency high frequency registration newconfirmedaccepteddone VO membership request (user) address confirmation (user) allow create to the requestor: address confirmation to the administrator: new request notification denied deny to the requestor: request is accepted/denied (VO admin) web

2003/Sept - Update on EDG Security (VOMS) - Ákos Frohner - n° 10 Multi-VO registration VO-VOMS user user cert (long life ) VO-VOMS CA low frequency high frequency registration VO administration operations u create/delete (sub)group/role/capability u add/remove member of g/r/c u get/set ACLs for these operations VO registration tasks user requested administrative operation; e.g.: user registration = add member

2003/Sept - Update on EDG Security (VOMS) - Ákos Frohner - n° 11 “Login” user user cert (long life ) VO-VOMS CA low frequency high frequency authz cert (short life) proxy cert (short life) voms-proxy-init edg-voms-proxy-init -voms iteam u /tmp/x509_up (normal proxy location) u backward compatible proxy format

2003/Sept - Update on EDG Security (VOMS) - Ákos Frohner - n° 12 Multi-VO “Login” VO-VOMS user user cert (long life ) VO-VOMS CA low frequency high frequency authz cert (short life) proxy cert (short life) voms-proxy-init voms-proxy-init -voms iteam -voms wp6 u single proxy certificate is generated u each VO provides a separate VOMS credential first one is the default VO u each VOMS credential contains multiple group/role entries first one is the default group

2003/Sept - Update on EDG Security (VOMS) - Ákos Frohner - n° 13 Old-style Service VO-VOMS service VO-VOMS CA low frequency high frequency host cert (long life ) crl update gridmap-file mkgridmap Old-style services still use the gridmap-file for authorization u gridftp u EDG 1.4.x services u EDG 2.x service in compatibility mode no advantage, but everything works as before... GSI

2003/Sept - Update on EDG Security (VOMS) - Ákos Frohner - n° 14 Job Submission user CE user cert low frequency high frequency host cert proxy authz VO information system 1. VO affiliation ( AccessControlBase) 4. CEs for VOs in authz? 3. job submission MyProxy server WMS 2. cert upload

2003/Sept - Update on EDG Security (VOMS) - Ákos Frohner - n° 15 MyProxy server Running a Job CE cert (long term) host cert proxy authz VO WMS 1. cert download LCAS/ LCMAPS authentication & authorization info 2. job start LCAS: authorization based on (multiple) VO/group/role attributes LCMAPS: mapping to user pool and to (multiple) groups u default VO = default UNIX group u other VO/group/role = other UNIX group(s) voms-proxy-init

23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX16 Future plans (LCG SEC) We are working on a Risk Analysis document –To help set priorities for the year ahead Many of the agreements to date are for LCG-1 (2003) –Need reviewing for 2004 and beyond Authentication –Must agree the future PMA bodies for CA’s EGEE likely to take over this role for Europe –Online CA services, credential repositories KCA, VSC, MyProxy, … Authorization –VOMS likely to be included in LCG-2 –local AuthZ (LCAS/LCMAPS, US CMS VOX) and VOMS-aware services User Registration and VO Management –Workshop at CERN December 2003 Also reviewing the AuthZ technology

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.