Federated Identity Management for HEP David Kelsey STFC – RAL Nijmegen workshop 22 June 2012.

Slides:



Advertisements
Similar presentations
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
Advertisements

Particle physics – the computing challenge CERN Large Hadron Collider –2007 –the worlds most powerful particle accelerator –10 petabytes (10 million billion.
The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Federated Identity Management for Research Communities: FIM 4 R CSC, Helsinki 2 nd October 2013 Bob Jones, CERN.
Hungrid A Possible Distributed Computing Platform for Hungarian Fusion Research Szabolcs Hernáth MTA KFKI RMKI EFDA RP Workshop.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
WebFTS as a first WLCG/HEP FIM pilot
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
HEPiX IPv6 Working Group David Kelsey (STFC-RAL, UK) 4 May 2011 HEPiX, GSI, Darmstadt david.kelsey at stfc.ac.uk.
FIM-ig Federated Identity Management Interest Group.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
GridPP Steve Lloyd, Chair of the GridPP Collaboration Board.
HEPiX Catania 19 th April 2002 Alan Silverman HEPiX Large Cluster SIG Report Alan Silverman 19 th April 2002 HEPiX 2002, Catania.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
Tim Bell 24/09/2015 2Tim Bell - RDA.
Slide David Britton, University of Glasgow IET, Oct 09 1 Prof. David Britton GridPP Project leader University of Glasgow GridPP Computing for Particle.
7 th FIM 4 R meeting April 2014 ESRIN Frascati.
3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK
…building the next IT revolution From Web to Grid…
Next Steps: becoming users of the NGS Mike Mineter
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
HEPiX IPv6 Working Group David Kelsey GDB, CERN 11 Jan 2012.
Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.
2-Sep-02D.P.Kelsey, WP6 CA, Budapest1 WP6 CA report Budapest 2 Sep 2002 David Kelsey CLRC/RAL, UK
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
WLCG Laura Perini1 EGI Operation Scenarios Introduction to panel discussion.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
LHC Computing, CERN, & Federated Identities
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.
Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
WLCG and IPv6 David Kelsey (STFC-RAL) LHCOPN/LHCONE, Rome 28 Apr 2014.
Federated Identity Management How do we proceed? Bob Jones, CERN.
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
David Groep Nikhef Amsterdam PDP & Grid Bring the WLCG federation Home Extending your trust options beyond bottom-up identity by collaborating with global.
11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK
The HEPiX IPv6 Working Group David Kelsey HEPiX, Prague 26 April 2012.
Kipper – a Grid bridge to Identity Federation Andrey Kiryanov.
STFC in INDIGO DataCloud WP3 INDIGO DataCloud Kickoff Meeting Bologna April 2015 Ian Collier
HEPiX IPv6 Working Group David Kelsey david DOT kelsey AT stfc DOT ac DOT uk (STFC-RAL) HEPiX, Vancouver 26 Oct 2011.
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
Federated Identity Management for Research Communities: FIM4R PSI workshop objectives Bob Jones, CERN.
INDIGO – DataCloud CERN CERN RIA
CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland.
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
CERN IT Department CH-1211 Genève 23 Switzerland Federated identity system for scientific collaborations Summary of user requirements session.
Research Community Requirements (FIM4R) David Kelsey (STFC-RAL) VAMP Workshop 6 Sep 2012.
Introduction to AAI Services
Bob Jones EGEE Technical Director
WLCG Update Hannah Short, CERN Computer Security.
David Kelsey CCLRC/RAL, UK
Federated Identity Management for Researchers (FIM4R)
EGI Security Policy Update
Federated Identity Management for Scientific Collaborations
David Kelsey (STFC-RAL)
Presentation transcript:

Federated Identity Management for HEP David Kelsey STFC – RAL Nijmegen workshop 22 June 2012

WLCG 22 June 2012Kelsey, HEP FIM2 Data processing, storage and analysis for the CERN Large Hadron Collider Experiments Making data equally available to all partners, regardless of their physical location WLCG is made up of more than 140 computing centres in ~ 35 countries several * 100K CPU Cores several * 100 PB Storage ~10K users

Endorsement of FIM paper DPK presented the paper to –HEPiX - 26 April 2012 – ntribId=20&confId=160737https://indico.cern.ch/contributionDisplay.py?sessionId=7&co ntribId=20&confId= –WLCG Grid Deployment Board – 9 May – Formally endorsed by WLCG Management Board –Meeting of 5 June June 2012Kelsey, HEP FIM3

Federated IdM in HEP X.509 certificates and VOMS ACs for Grid services –Using TERENA Cert Service in some places –Grid also requires Delegation But many other services (not just Grid) –Collaboration tools, wikis, mail lists, webs, agenda pages… Today CERN has to manage thousands of user accounts, many of these are “external” Which federations should we use? –R&E, Moonshot, OpenID, …? Choice should be based on the required level of assurance 22 June 2012Kelsey, HEP FIM4

Two proposals for pilot projects for WLCG Browser based: a pilot using a WLCG collaborative Web application where users authenticate via their home-issued federated credential Non-browser based: a service enabling access to WLCG Grid resources using home- issued federated credentials 22 June 2012Kelsey, HEP FIM5

Browser-based Not decided yet At CERN or some other site? Traditional federated service –How do we cope with the scaling issues of joining many federations? 22 June 2012Kelsey, HEP FIM6

Non-browser Access to WLCG Grid services Hide the use of X.509 certificates from end users Using credential translation techniques –From federated identity credential –To short-lived X.509 certificate (hidden) –For example using the new EMI STS 2 slides from Romain Wartel (CERN) 22 June 2012Kelsey, HEP FIM7

Questions? 22 June 2012Kelsey, HEP FIM8

22 June 2012Kelsey, HEP FIM9

Questions? 22 June 2012Kelsey, HEP FIM10

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.