Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.

Slides:



Advertisements
Similar presentations
24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
Advertisements

Security middleware Andrew McNab University of Manchester.
WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.
DataGrid is a project funded by the European Union CHEP 2003 – March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 24 May 2001 WorkGroup H: Software Support Both middleware and application support Installation tools and expertise Communication.
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.
Plateforme de Calcul pour les Sciences du Vivant SRB & gLite V. Breton.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 6 November Old version of website was maintained from Unix command line => needed (gsi)ssh access.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
Andrew McNab - GACL - 16 Dec 2003 Grid Access Control Language Andrew McNab, University of Manchester
3 May 2006 GridSite Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.
Andrew McNab - EDG Access Control - 17 Jan 2003 EDG Site Access Control (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.
Andrew McNab - GridPP Security - 24 Feb 2003 GridPP Security Middleware Andrew McNab, University of Manchester
Andrew McNab - SlashGrid, HTTPS, fileGridSite SlashGrid, HTTPS and fileGridSite 30 October 2002 Andrew McNab, University of Manchester
Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester.
May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,
The GridSite Security System Andrew McNab and Shiv Kaushal University of Manchester.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
Andrew McNab - Access Control - 28 May 2002 Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester.
EU DataGrid (EDG) & GridPP Authorization and Access Control User VOMS C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups,
Andrew McNab - GGF Authz - 16 Dec 2003 GGF Authorization work Andrew McNab, University of Manchester
Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.
EGEE is a project funded by the European Union under contract IST Gap analysis draft v2 Olle Mulmo, David Groep, Joni Hahkala JRA3 Gap, 10.
Security Middleware in GridPP2 5 Feb 2004 Security Middleware in GridPP2 Current Status – GridSite GridPP2 Themes – libgridsite.
Andrew McNab - GridSite/EDG/GGF - 29 Sept 2003 GridSite, EDG and GGF Andrew McNab, University of Manchester
EDG Security European DataGrid Project Security Coordination Group
Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.
Andrew McNab - Security - 1 July 2003 Security: Authorization, Access Control and Usage Control Andrew McNab, University of Manchester
3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK
JRA Execution Plan 13 January JRA1 Execution Plan Frédéric Hemmer EGEE Middleware Manager EGEE is proposed as a project funded by the European.
30-Sep-03D.P.Kelsey, SCG Summary1 Security Co-ordination Group (WP7 SCG) EDG Heidelberg 30 September 2003 David Kelsey CCLRC/RAL, UK
GridSite Web Servers for bulk file transfers & storage Andrew McNab Grid Security Research Fellow University of Manchester, UK.
Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
23-Oct-02D.P.Kelsey, Grid Security, HEPiX, FNAL1 LCG/EDG Security - update and plans HEPiX/HEPNT - FNAL 23 Oct 2002 David Kelsey CLRC/RAL, UK
Andrew McNab - EDG Access Control - 4 Dec 2002 EDG Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of.
Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 1 Grid Work in 2002 Andrew McNab High Energy Physics University of Manchester.
Andrew McNab - EDG Access Control - 17 Jun 2003 EU DataGrid and GridPP Authorization and Access Control Andrew McNab, University of Manchester
WP3 Information and Monitoring Rob Byrom / WP3
Grid Security work in 2004 Andrew McNab Grid Security Research Fellow University of Manchester.
Andrew McNabGESA/Authz, GGF9, 7 Oct 2003Slide 1 Authorization status Andrew McNab High Energy Physics University of Manchester
Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services.
Security Middleware Andrew McNab University of Manchester.
Ákos FROHNER – DataGrid Security n° 1 Security Group TODO
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
15-May-03D.P.Kelsey, SCG Summary1 Security Coord Group (SCG) EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks OpenSAML extension library and API to support.
Gridification progress report David Groep, Oscar Koeroo Wim Som de Cerff, Gerben Venekamp Martijn Steenbakkers.
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.
Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 1 SlashGrid = “/grid” Andrew McNab High Energy Physics University of Manchester
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.
J Jensen / WP5 /RAL UCL 4/5 March 2004 GridPP / DataGrid wrap-up Mass Storage Management J Jensen
Massimo Sgaravatto INFN Padova
Presentation transcript:

Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester

Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 2 Overview Security in EDG/GridPP-1 Currently deployed (EDG 2.0) Being integrated (EDG 2.1) GridPP-2 requirements GridPP-2 proposal GGF Involvement Research Areas

Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 3 Security in EDG / GridPP-1 When proposals were written, Security mostly just seen as Authentication (CAs etc) –From Globus, we inherited the static, manually edited /etc/grid-security/grid-mapfile Better Authorization mechanisms were needed to make the Testbed actually work. In EDG, security effort split between WP7 (networking) and WP6 (“getting things to work”), but also components inside WP1-5. –In GridPP, security middleware effort from WP6.

Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 4 Currently deployed middleware Pool accounts (from GridPP) –an short term measure that’s become long term and ubiquitous. XML Grid Access Control Lists (from GridPP) –used by Storage Element, but grew out of GridPP GridSite work. Other components: –INFN’s VO-LDAP server (GridSite implementation of this used for GridPP+BaBar) –WP2 Java Security packages. –Specific security pieces inside each WP.

Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 5 Middleware being integrated INFN-WP6/WP2 Virtual Organisation Membership Service is major component –(GACL support for VOMS attribute certs already present in EDG 1.x/2.0) GACL support in WP4 LCAS/EDG Gatekeeper –so can write XML site access policies, rather than use grid-mapfile VOMS, and new GSI + X509v3 support added to GridSite and mod_ssl-gridsite –HTTPS servers controlled by VOMS+GACL WP1 Logging and Bookkeeping using GACL

Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 6 GridPP2 Security Middleware GridPP2 focuses on practical requirements of production systems (LCG + EGEE) Many gaps in functionality of security systems –eg accounting / usage control Based on WP6 + WP8 + LCG requirements documents, identified 8 tasks –extend GridPP 1 work to address urgent gaps Research rather than implementation areas left out of this –aim to get funding for these elsewhere

Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 7 GridPP2 Proposal GridPP2 Security Middleware Proposal –Java and C++ APIs for GACL library –Add Usage Control (quotas etc) handling –Improve/generalise GridSite user interface –VO access and usage management service(s) –Support for other systems: CAS, VOM etc –Grid level Auditing/Intrusion Detection –Porting to other Unix/Windows flavours This was estimated at 4 FTE, but with 2.5 FTE in GridPP2 proposal as submitted.

Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 8 GGF Involvement Participating / influencing / following GGF standards clearly helps our work: –less effort supporting multiple protocols –our implementation attractive to more projects I’m co-chair of Authz WG and now the OGSA-Authz WG –aim to standardise policy language (cf GACL) –assertion protocol (eg SAML, LCAS callout) –attribute formats (eg VOMS) Also contacts with Accounting GGF groups, via Manchester Computing / eSNW.

Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 9 Research areas PPARC-funded e-Science Studentship –Starting now, on Authorization/Accounting. –Aim to get involved in GGF WGs’ protocols and models work, and apply to HEP contexts. –This may feed into GridPP2 implementations. Other research proposals underway: –How to support ad-hoc, short term VOs –Using SlashGrid to create on-demand security contexts and sandboxes for native binaries –Medical Applications, including extensions of PPARC/MRC project at Manchester

Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 10 Summary GridPP has made significant security middleware contributions to EDG –More will be deployed when EDG 2.1 released For GridPP-2, we identified key practical requirements –wait to see how many can be addressed Direct involvement in GGF standards process Other funding obtained (studentship) or being sought (EU and MRC/DoH) for further research rather than implementation