10-May-01D.P.Kelsey, Security Workshop Summary1 DataGrid Security Workshop 29/30 March 2001 SUMMARY David Kelsey CLRC/RAL, UK

Slides:



Advertisements
Similar presentations
24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
Advertisements

WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - Manchester HEP - 29/30 March 2001 gridmapdir patch Overview of the problem Constraints from local systems Outline of how it works How to.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK
WP4 Gridification Subsystem overlap Globus & existing systems LCAS and AAA in WP4 for Gridification Task: David Groep
DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
/ David GroepSummary of Security Workshop - DataGRID WP4 workshop1 DataGrid Security WS Summary Targets: Identify requirements from WP's Define.
Security Mechanisms The European DataGrid Project Team
Status of Globus activities within INFN (update) Massimo Sgaravatto INFN Padova for the INFN Globus group
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
5 November 2001F Harris GridPP Edinburgh 1 WP8 status for validating Testbed1 and middleware F Harris(LHCb/Oxford)
Andrew McNab - Manchester HEP - 5 July 2001 WP6/Testbed Status Status by partner –CNRS, Czech R., INFN, NIKHEF, NorduGrid, LIP, Russia, UK Security Integration.
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Ákos FROHNER – DataGrid Security Requirements n° 1 Security Group D7.5 Document and Open Issues
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
9-May-02D.P.Kelsey, Security Plans, GridPP41 Security: Plans 9 May 2002 GridPP4 meeting, Manchester David Kelsey CLRC/RAL, UK
DataGrid Applications Federico Carminati WP6 WorkShop December 11, 2000.
Summary from CA coordination and Security working group meeting WP4 workshop
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
EU DataGrid (EDG) & GridPP Authorization and Access Control User VOMS C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups,
RAL Site Report John Gordon IT Department, CLRC/RAL HEPiX Meeting, JLAB, October 2000.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX1 LCG Security Update HEPiX-HEPNT, TRIUMF, 23 October 2003 David Kelsey CCLRC/RAL, UK
8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK
3-Nov-00D.P.Kelsey, HEPiX, JLAB1 Certificates for DataGRID David Kelsey CLRC/RAL, UK
Security in DataGrid1 Security in DataGrid 12 Mar 2002 TERENA GRID-AN BoF David Groep NIKHEF, Amsterdam based on a presentation by David Kelsey.
GridPP Presentation to AstroGrid 13 December 2001 Steve Lloyd Queen Mary University of London.
3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK
30-Sep-03D.P.Kelsey, SCG Summary1 Security Co-ordination Group (WP7 SCG) EDG Heidelberg 30 September 2003 David Kelsey CCLRC/RAL, UK
Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.
User Management: Authentication & Authorization on the NorduGrid Balázs Kónya, AndersWäänänen 3 rd NorduGrid Workshop, 23 May, 2002 Helsinki.
23-Oct-02D.P.Kelsey, Grid Security, HEPiX, FNAL1 LCG/EDG Security - update and plans HEPiX/HEPNT - FNAL 23 Oct 2002 David Kelsey CLRC/RAL, UK
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
29/1/2002A.Ghiselli, INFN-CNAF1 DataTAG / WP4 meeting Cern, 29 January 2002 Agenda  start at  Project introduction, Olivier Martin  WP4 introduction,
Status of NorduGrid testbed DataGrid Workshop, Oxford 2 nd – 5 th of July Anders Waananen.
2-Sep-02D.P.Kelsey, WP6 CA, Budapest1 WP6 CA report Budapest 2 Sep 2002 David Kelsey CLRC/RAL, UK
11-Dec-00D.P.Kelsey, Certificates, WP6 meeting, Milan1 Certificates for DataGrid Testbed0 David Kelsey CLRC/RAL, UK
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
Ákos FROHNER – DataGrid Security n° 1 Security Group TODO
Status of Globus activities Massimo Sgaravatto INFN Padova for the INFN Globus group
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
WP7 Security Coordination 23/24 Jan 2002 David Kelsey CLRC/RAL, UK
Troubleshooting Grid authentication from the client side By Adriaan van der Zee Big Grid meeting
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
15-May-03D.P.Kelsey, SCG Summary1 Security Coord Group (SCG) EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
10-May-01D.P.Kelsey, WP6 Security1 Certificates/Authorisation for DataGrid Testbeds David Kelsey CLRC/RAL, UK
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK
CERN 1 DataGrid Architecture Group Bob Jones CERN.
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
9-Jul-02D.P.Kelsey, DataGrid Security1 EU DataGrid Security 9 July 2002 UK Security Task Force Meeting #2 David Kelsey CLRC/RAL, UK
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
7-Mar-01D.P.Kelsey, User access, WP6, Amsterdam1 WP6: GRID mapfiles and Users access policy David Kelsey CLRC/RAL, UK
David Kelsey CLRC/RAL, UK
David Kelsey CCLRC/RAL, UK
LCG Security Status and Issues
David Kelsey CCLRC/RAL, UK
Presentation transcript:

10-May-01D.P.Kelsey, Security Workshop Summary1 DataGrid Security Workshop 29/30 March 2001 SUMMARY David Kelsey CLRC/RAL, UK

10-May-01D.P.Kelsey, Security Workshop Summary2 Agenda – Day 1 Middleware Requirements –WP1M RudaCESnet –WP2B SegalCERN –WP3S FisherRAL –WP4L ConsCERN –WP5J GordonRAL Discussion and conclusions on middleware –M9 and longer term WP6: Testbed Certificate AuthoritiesD Kelsey/RAL –including efforts to agree on CA CP/CPS –plans for Testbed0/M9

10-May-01D.P.Kelsey, Security Workshop Summary3 Agenda – Day 2 (am) Experiment/Application requirements –WP8 - LHCbEric van HerwijnenCERN –WP8 - Alice, Atlas, CMSIngo AugustinCERN –WP9 - Earth ObservationNo input –WP10 - BiologyVincent BretonIN2P3 Site/Network Requirements Denise HeagertyCERN Work of the AAAARCH research group in the IRTF and possible emerging co-operation between GGF and IETF/IRTFCees deLaatUtrecht, NL Ideas for M9 authorisation –Tools from INFNFrancesco GiacominiINFN –Ideas for map filesAndrew McNabManchester

10-May-01D.P.Kelsey, Security Workshop Summary4 Agenda – Day 2 (pm) Discussion of Authorisation possibilities –For M9 –Longer term (CAS etc) Other M9 requirements –Audit? –Incident tracking? Plans for continuation of this work Summary and conclusions

10-May-01D.P.Kelsey, Security Workshop Summary5 Summary – Day 1 (M9) Authentication - GSI seems OK Some authorisation required –GIIS – will require MDS V3 – but not critical –Grid mapfile probably OK No requirement for groups? (probably yes) Tools to maintain and manage this –Job (re) submission – renew authorisation MyProxy may be useful List of appropriate clusters for WP1 WAN access to SE only by ReplicaManager –But users need more (e.g. remote database updates) Audit and Incident management?

10-May-01D.P.Kelsey, Security Workshop Summary6 Summary – Day 1 – long term Longer term Security very important – can we trust it? –Can we afford it? Warn PMB? Retain local control Authorisation the big problem to solve –Revocation of authorisation Policies – language? Accounting Audit Firewalls (& NAT?) DOS Incident monitoring, tracking etc.

10-May-01D.P.Kelsey, Security Workshop Summary7 WP8/9/10 requirements Single sign-on Authorisation, quotas, accounting –By role, by group Policies Encryption for WP10 Light-weight access for WP10 Web servlets for LHCb Long lived credentials

10-May-01D.P.Kelsey, Security Workshop Summary8 Site security requirements Denise’s slide: How to agree a common security policy across site boundaries? –national laws may differ, e.g privacy Are firewalls feasible at high data rates? –do we need common configurations across sites? How to detect intrusions? How to respond to incidents across sites? –blocking access, tracing break-ins, a GRID-CSIRT? What issues are raised by a grid-wide SSO? How do we protect access to resources? What are the time scales and priorities? –Are there already security issues for the Testbed?

10-May-01D.P.Kelsey, Security Workshop Summary9 AAAArch See Cees de Laat slides AAA Architecture

10-May-01D.P.Kelsey, Security Workshop Summary10 Tools for Grid Mapfile INFN –Users and Groups in LDAP –Tool to aid grid mapfile maintenance Gridmapdir patch to Globus (A McNab/Manchester) –Maps to generic accounts Babar001, babar002, atlas001 etc Leased (and expired?)

10-May-01D.P.Kelsey, Security Workshop Summary11 Future plans WP6 Security concerns –Responsibility of Site managers, Security mgrs –CA – next meeting CERN 5 th June –Authentication, Authorisation –User/Group registration –Many management issues New Security task force –Coordinate activities in middleware WP’s –Identify missing resources –Architectural design (with ATF) –Propose meeting at CERN on 6 th June

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.