3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK

Slides:



Advertisements
Similar presentations
24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
Advertisements

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
Security Mechanisms The European DataGrid Project Team
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
C. Loomis – Testbed: Status… – Sep. 5, 2002 – 1 Testbed: Status & Plans Charles Loomis (CNRS) Sept. 5, th Project Conference (Budapest)
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
9-May-02D.P.Kelsey, Security Plans, GridPP41 Security: Plans 9 May 2002 GridPP4 meeting, Manchester David Kelsey CLRC/RAL, UK
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
DOE Grids New subordinate CP/CPS v2.3 New subordinate CP/CPS v2.3 New name DOEGrids.org New name DOEGrids.org Old name DOESciencegrid.org Old name DOESciencegrid.org.
EU DataGrid (EDG) & GridPP Authorization and Access Control User VOMS C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups,
10-Jun-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 10 June 2003 David Kelsey CCLRC/RAL, UK
Security Policy Update LCG GDB Prague, 4 Apr 2007 David Kelsey CCLRC/RAL
DataGrid WP6/CA CA Trust Matrices Trinity College Dublin (TCD) Brian Coghlan CERN DEC-2002.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX1 LCG Security Update HEPiX-HEPNT, TRIUMF, 23 October 2003 David Kelsey CCLRC/RAL, UK
8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK
3-Nov-00D.P.Kelsey, HEPiX, JLAB1 Certificates for DataGRID David Kelsey CLRC/RAL, UK
10-May-01D.P.Kelsey, Security Workshop Summary1 DataGrid Security Workshop 29/30 March 2001 SUMMARY David Kelsey CLRC/RAL, UK
Security in DataGrid1 Security in DataGrid 12 Mar 2002 TERENA GRID-AN BoF David Groep NIKHEF, Amsterdam based on a presentation by David Kelsey.
HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.
Security Mechanisms The European DataGrid Project Team
30-Sep-03D.P.Kelsey, SCG Summary1 Security Co-ordination Group (WP7 SCG) EDG Heidelberg 30 September 2003 David Kelsey CCLRC/RAL, UK
23-Oct-02D.P.Kelsey, Grid Security, HEPiX, FNAL1 LCG/EDG Security - update and plans HEPiX/HEPNT - FNAL 23 Oct 2002 David Kelsey CLRC/RAL, UK
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Andrew McNab - EDG Access Control - 4 Dec 2002 EDG Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
2-Sep-02D.P.Kelsey, WP6 CA, Budapest1 WP6 CA report Budapest 2 Sep 2002 David Kelsey CLRC/RAL, UK
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Last update 21/01/ :05 LCG 1Maria Dimou- cern-it-gd Current LCG User Registration, VO management and Authorisation Procedures VOMS workshop
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
11-Dec-00D.P.Kelsey, Certificates, WP6 meeting, Milan1 Certificates for DataGrid Testbed0 David Kelsey CLRC/RAL, UK
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
The NGS Support Centre Katie Weeks. NGS Support Centre SLD Many areas to NGS Support Centre –SLD defines supported areas including: Certification Authority.
Andrew McNab - Dynamic Accounts - 2 July 2002 Dynamic Accounts in TB1.3 What we could do with what we’ve got now... Andrew McNab, University of Manchester.
Ákos FROHNER – DataGrid Security n° 1 Security Group TODO
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
WP7 Security Coordination 23/24 Jan 2002 David Kelsey CLRC/RAL, UK
18-May-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) Barcelona 18 May 2004 David Kelsey CCLRC/RAL, UK
15-May-03D.P.Kelsey, SCG Summary1 Security Coord Group (SCG) EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
10-May-01D.P.Kelsey, WP6 Security1 Certificates/Authorisation for DataGrid Testbeds David Kelsey CLRC/RAL, UK
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK
Dave Newbold, University of Bristol14/8/2001 Testbed 1 What is it? First deployment of DataGrid middleware tools The place where we find out if it all.
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
9-Jul-02D.P.Kelsey, DataGrid Security1 EU DataGrid Security 9 July 2002 UK Security Task Force Meeting #2 David Kelsey CLRC/RAL, UK
Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
7-Mar-01D.P.Kelsey, User access, WP6, Amsterdam1 WP6: GRID mapfiles and Users access policy David Kelsey CLRC/RAL, UK
J Jensen / WP5 /RAL UCL 4/5 March 2004 GridPP / DataGrid wrap-up Mass Storage Management J Jensen
David Kelsey CLRC/RAL, UK
Testbed: Status & Plans
David Kelsey CCLRC/RAL, UK
CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather.
Update on EDG Security (VOMS)
Presentation transcript:

3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK

3-Jul-02D.P.Kelsey, Security2 WP6 CA meeting Prague, 27/28 June Datagrid, 6 CrossGrid, 2 USA attendees (+2 EDG Video) Updates to Minimum Requirements –continue by for TB2 –Discussed certificate lifetime (CA and users) – no change –Allow online CA if special security hardware storage –More on RA procedures Plan to collect statistics of certificates issued, revoked etc. Acceptance Matrix –Good progress on automatic extraction of CP/CPS features New CrossGrid CA’s –Karlsruhe/Germany approved, first report from Greece CA –Poland and Slovakia to be considered by –More still to come

3-Jul-02D.P.Kelsey, Security3 WP6 CA (2) Cross Domain Trust –New GGF working group proposed – “CA operations” We will participate – lots to feed in! Presentation by US DOE GRIDS CA – service and RA’s –Issued 258 certificates to date Presentation on OpenCA at RAL Brief discussions on CRL’s, Directories CERN will write CP/CPS for a Kerberos-based CA for discussion by Next meeting – CERN, ~ first week of October 2002

3-Jul-02D.P.Kelsey, Security4 WP7 SCG meeting CERN, 2 July 2002 Review of To-Do list (12 items) WP2 Security Authorisation Scaling Authentication and Authorisation to LCG Delegation Dynamic Accounts in TB 1.3 Plans for GGF5 Plans for Budapest Reviews of Security Design and implementation(s) Firewall settings – machine level

3-Jul-02D.P.Kelsey, Security5 Authorisation New version of mkgridmap tool Virtual Organisation Membership Service (VOMS) –Basic functionality working Time to release not yet known –“Groups/Roles” added to User Proxy Signed by VOMS Globus CAS also going this way now –Will also take another look at EU PERMIS s/w Grid ACLs and SlashGrid from Andrew McNab et al

3-Jul-02D.P.Kelsey, Security6 Authorisation RA Both Security groups concerned about the procedures used to Check/Register users in VO’s Authorisation more important than Authentication –Gives access to resources! CA’s do not check the right to use resources Sites need to be convinced of VO procedures to establish “trust” VO RA needs to reliably confirm –Right to join VO –That the user rightfully owns the certificate (?) PPDG Site-AA project has important input here

3-Jul-02D.P.Kelsey, Security7 Scaling AA to LCG Authentication –Ever growing number of CA’s –Lots of work to establish trust –CNRS catch-all works fine for EDG but not LCG –CERN (FNAL and BNL) keen to use Kerberos and online CA (short lived certs) – need CP/CPS Authorisation (see previous slide) –VO’s will need to work towards a more robust procedure – needs resources!

3-Jul-02D.P.Kelsey, Security8 Dynamic Accounts TB1.3 TB 1.2 Dynamic accounts in use – but difficult to recycle if permanent files created –Need NFS to share locking directory TB 1.3 SlashGrid developments (optional) –Grid DN based home directory –No mapping to a particular UID – can recycle –No need for NFS SCG still concerned about other non-file uses of UID’s – but OK to test and welcomed by WP5

3-Jul-02D.P.Kelsey, Security9 GGF5 - Edinburgh We have lots of interesting work and ideas on Authorisation – but no GGF WG yet. Andrew McNab tried to get BOF on Authorisation but failed –DPK will try again, particularly with support from US PPDG-AA project –Would like to make a number of presentations

3-Jul-02D.P.Kelsey, Security10 Budapest SCG requests for joint parallel sessions (2 hours each) in order of priority – if WP’s agree of course! (the security implications of all of these of course) Biomedical Data Security: WP2/5/10 and SCG Accounting: WP1 and others? Quotas (who is doing resource quotas?): WP1? WP4? ACL’s (not just files, but applied to other objects): WP1? WP4?

3-Jul-02D.P.Kelsey, Security11 Reviews of EDG Security Is desirable to check/audit/review the Security Design and Implementation(s) (for next EU Review) –2 separate activities D7.6 (M25) is an important document for the design review – internal and external –Oxford SCG members will contribute How to do the implementation review? –CNRS are looking into external review Not sure whether design or implementation Training of developers in writing secure code?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.