GridShib Grid-Shibboleth Integration An Overview Von Welch

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.
Federated Identity for Grid Architects Tom Scavo NCSA
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch
Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Identity Management, PKI and Grids Jill Gemmill, PhD University of Alabama at Birmingham.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.
Knowledge Environments for Science: Representative Projects Ian Foster Argonne National Laboratory University of Chicago
Widely Distributed Access Management Tom Barton University of Chicago.
GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch
GridShib Project Update Tom Barton 1, Tim Freeman 1, Kate Keahey 1, Raj Kettimuthu 1, Tom Scavo 2, Frank Siebenlist 1, Von Welch 2 1 University of Chicago.
SC06 – Powerful Beyond Imagination Tampa, FL Nov 14, 2006 Scaling TeraGrid Access: A Roadmap (Testbed) for Federated Identity Management for a Large Cyberinfrastructure.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
GridShib Grid-Shibboleth Integration Von Welch, Tom Barton, Kate Keahey, Frank Siebenlist GlobusWORLD 2005.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
MyVocs and GridShib: Integrated VO Management Jill Gemmill, John-Paul Robinson University of Alabama at Birmingham Tom Scavo, Von Welch National Center.
Final Steps in the NMI Integration Testbed Program Mary Fran Yafchak SURA IT Program Coordinator NMI Integration Testbed Manager
TeraGrid VO Support and Plans for AAA Testbed Dane Skow, Deputy Director TeraGrid University of Chicago / Argonne National Laboratory Internet2 Member.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
GridShib and MyProxy Grid Credential Management and Identity Federation Von Welch NCSA
10/24/2015OSG at CANS1 Open Science Grid Ruth Pordes Fermilab
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
Shibboleth and TAGPMA Michael Helm DOEGRids/ESnet 27 Mar 2006.
NMI End-to-End Diagnostic Advisory Group BoF Fall 2003 Internet2 Member Meeting.
Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, GridShib, and MyProxy Tom Barton 1, Jim Basney 2, Tim Freeman.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
GridShib: Campus/Grid RBAC Integration Penn State Grid Computing Workshop August 5th, 2005 Von Welch
Grid Security: Authentication Most Grids rely on a Public Key Infrastructure system for issuing credentials. Users are issued long term public and private.
GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.
Gridshib-tech-overview-dec051 GridShib A Technical Overview Tom Scavo NCSA.
Middleware Camp NMI (NSF Middleware Initiative) Program Director Alan Blatecky Advanced Networking Infrastructure and Research.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.
VO Privilege Activity. The VO Privilege Project develops and implements fine-grained authorization to grid- enabled resources and services Started Spring.
Tools for Grid/Campus Integration: GridShib and MyProxy Internet2 Advanced Camp July 1, 2005 Von Welch
More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago.
GridChem Architecture Overview Rion Dooley. Presentation Outline Computational Chemistry Grid (CCG) Current Architectural Overview CCG Future Architectural.
U.S. Grid Projects and Involvement in EGEE Ian Foster Argonne National Laboratory University of Chicago EGEE-LHC Town Meeting,
NSF Middleware Initiative Purpose To design, develop, deploy and support a set of reusable, expandable set of middleware functions and services that benefit.
Gridshib-tech-overview-apr061 GridShib A Technical Overview Tom Scavo NCSA.
Supporting education and research The JISC Core Middleware Call Brian Gilmore The University of Edinburgh and JISC Committee for Support of Research.
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
University of Illinois at Urbana-Champaign National Center for Supercomputing Applications GridShib Grid/Shibboleth Interoperability
University of Illinois at Urbana-Champaign National Center for Supercomputing Applications GridShib Grid/Shibboleth Interoperability
Security in Research Computing John Sandefur UAB Comprehensive Cancer Center John-Paul Robinson UAB Research Computing.
2NCSA/University of Illinois
Von Welch Emerging NCSA Security R&D NSF CyberSecurity Summit September 28th, 2004 Von Welch
I2/NMI Update: Signet, Grouper, & GridShib
Leigh Grundhoefer Indiana University
Shibboleth for Non-Web-Based Applications: GridShib
NSF Middleware Initiative: GridShib
GridShib: Grid/Shibboleth Integration Update GGF 18 Shibboleth Developers BoF September 10-11, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey,
TeraGrid 08 Tom Scavo, Jim Basney , Terry Fleury, Von Welch
A Grid Authorization Model for Science Gateways
TeraGrid Identity Federation Testbed Update I2MM April 25, 2007
NSF Middleware Initiative: GridShib
Presentation transcript:

GridShib Grid-Shibboleth Integration An Overview Von Welch

Nov 5, 20042GridShib Overview Some Background: Shibboleth Internet2 project Allows for inter-institutional sharing of web resources –Federation of identities and attributes –Uses attribute-based authorization –Standards-based (SAML) Being extended to non-web resources Part of NMI/EDIT distribution

Nov 5, 20043GridShib Overview Some Background: Globus Toolkit Collaborative work from the Globus Alliance Toolkit for Grid computing –Job submission, data movement, data management, resource management Security based on X.509 identity- and proxy-certificates Part of NMI Grids Center Suite

Nov 5, 20044GridShib Overview What is GridShib? Formally known as: –NSF Middleware Initiative (NMI) Grant: Policy Controlled Attribute Framework We call it “GridShib” In a nutshell: Allow the use of Shibboleth-issued attributes for authorization in NMI Grids built on the Globus Toolkit 2 year project starting December 1, 2004

Nov 5, 20045GridShib Overview The GridShib picture (1) Grid Authentication (2) Shib Attribute Request Shibboleth (3) Attributes Grid Service (4) Attribute-based authorization Campus User (0) Attribute Release Policy

Nov 5, 20046GridShib Overview Who is GridShib? NCSA Von Welch (PI) Shibboleth-PKI Integration “Get the assertion into the Grid.” Argonne/U. Chicago Kate Keahey (PI) Frank Siebenlist Globus Toolkit Policy Framework “Do something with the assertion in the Grid.” U. Chicago Tom Barton Deployment, Testing, Hardening “Make sure real users can use it.”

Nov 5, 20047GridShib Overview Why? Critical mass of grid deployments could use it Large grid, far-flung participants with several types of roles among them Examples: NEESgrid, Earth System Grid, TeraGrid, Grid3 (GriPhyN, iVDGL, and PPDG), SCEC Grid-mapfile approach not scaling Shibboleth is well supported and deployed Centralized campus resource for research computing Examples: UChicago, USC, UAB

Nov 5, 20048GridShib Overview Time is finally right Shibboleth & SAML have shown how to Authorize the anonymous user Extend integration of common infrastructure across administrative and operational domains Others are now trying non-browser-based “shibbolization” approaches roughly analogous to what we envision Sufficiently abstracted security related interfaces provided by NMI Grid componentry Plug: all code elements above are NMI components. We’re building on 3 years’ work of many people.

Nov 5, 20049GridShib Overview GridShib Integration Principles No modification to typical grid client applications Leverage shibboleth’s attribute administration and end-user maintenance of attribute release policies Leverage high-quality Campus Identity Provider operations Leverage high-quality Shib and Grid software

Nov 5, GridShib Overview GridShib Challenges Use of an identifier in X.509 certificate as a subject handle for use by the Shib Attribute Authority (SAA) –Shibboleth v1.3 should handle this Allowing VOs to define attributes meaningful to them Attribute Authority identification –“Where are you from” problem Plumbing interconnect Translating requirements into meaningful authorization policy Support pseudonymity

Nov 5, GridShib Overview Project objectives Priority 0: Gather requirements, identify users, related work –Users: U Chicago USC (Henderson) TeraGrid –Related work: Already established coordination with ESP-Grid, Dr. Jeffreys, Oxford, UK UAB (Gemmil) Georgetown (Leonhardt)

Nov 5, GridShib Overview Project objectives Priority 1: Pull mode operation –Globus services contact Shibboleth to obtain attributes about identified user Priority 2: Push mode operation –User obtains Shib attributes and push to service Allows role selection Priority 3: Pseudonymous access with MyProxy/GridLogon

Nov 5, GridShib Overview Timeline December 1, 2004: formal start –Kickoff meeting Dec U Chicago Summer 2005: First release –Basic integration: code supporting pull model with user identified –Selection and simple implementation of policy description language –GT 4.2? 4.4? (Timeframe not set) –Shibboleth 1.3

Nov 5, GridShib Overview Timeline (cont) 2006: Second release –Advanced integration: code supporting push and user-pseudonymity –Integration with MyProxy/GridLogon for improved usability –Integration of feedback from Y1 release

Nov 5, GridShib Overview Potential objectives Collaboration with Signet folks to allow for distributed attribute administration Support for alternatives to GT4: –Standard PKI-authenticated web services in addition to GT4 Some Grid projects looking at plain web services approach –Support for GT2 legacy code? Will there still be demand?

Nov 5, GridShib Overview Acknowledgements Working in collaboration with Steven Carmody and the Internet2 Shibboleth Design team –Providers of much valuable advice. Funded under NSF award SCI

Nov 5, GridShib Overview Questions? Project website: – Or contact: For more information on NMI: –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.