OSG RA, DOEGrids CA features Doug Olson, LBNL August 2006.

Slides:

Advertisements

Similar presentations

Support: Certificates and Helpdesks Andrew Richards (GSC/NGS) – CCLRC, RAL.

Advertisements

Financial Aid Management System Account Registration and Confirmation.

ProcessIt Document Library 8.0 Controlled Documents Suite.

GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.

OSG PKI RA Training Mine Altunay, Jim Basney OSG PKI Team October 1, 2012.

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April

OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Summer School Certificates Diego Romano & Gilda Team.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Getting grid-enabled Steps involved: personal grid certificate  Request a certificate from:

OSG PKI Grid Admin (GA) Training Mine Altunay, Jim Basney OSG PKI Team October 8, 2012.

CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.

OSG Area Coordinators Meeting Security Team Report Kevin Hill 08/14/2013.

VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.

OSG RA plans Doug Olson, LBNL May Contents RA, agent, sponsor layout & OU=People use case Sample web form Agent Role GridAdmin Role Questions.

May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,

OSG Security Kevin Hill. Goals Operational Security – Identify software vulnerabilities – observing the practices of our VOs and sites, and sending alerts.

Computing Division Helpdesk Activity Report Rick Thies May 23, 2006.

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

Report by the Open Science Grid Council Subcommittee to Address At- Large VO Representation on the Consortium Council Shaowen Wang (on behalf of the committee)

Sonoma State White Pages Implementation Barry Blackburn Andru Luvisi Brian Biggs.

ESnet PKI Developed for the DOE Science Grid and SciDAC.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.

The Open Science Grid OSG Ruth Pordes Fermilab. 2 What is OSG? A Consortium of people working together to Interface Farms and Storage to a Grid and Researchers.

KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: Jan. 8, 2007.

OSG PKI Transition: Transition Phase Report Von Welch OSG PKI Transition Lead Indiana University Center for Applied Cybersecurity Research.

Michael Fenn CPSC 620, Fall 09.  Grid computing is the process of allowing loosely-coupled virtual organizations to share resources over a wide area.

Open Science Grid Open Science Grid: Beyond the Honeymoon Dane Skow Fermilab September 1, 2005.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

VO management: Progress since Chicago Workshop Vincenzo Ciaschini 23/5/2002 CNAF – Bologna.

LIGO's Evolving Certificate Authority and Account Management Needs Warren G. Anderson University of Wisconsin-Milwaukee LIGO Scientific Collaboration.

VO Privilege Activity. The VO Privilege Project develops and implements fine-grained authorization to grid- enabled resources and services Started Spring.

G Z LIGO's Physics at the Information Frontier Grant and OSG: Update Warren Anderson for Patrick Brady (PIF PI) OSG Executive Board Meeting Caltech.

Opensciencegrid.org User Support in/and OSG Doug Olson, LBNL 2 nd EGEE/LCG Operations Workshop CNR, Bologna 25 May 2005.

HLRmon accounting portal DGAS (Distributed Grid Accounting System) sensors collect accounting information at site level. Site data are sent to site or.

Open Science Grid Security Activities Mine Altunay, FNAL OSG Security Officer For the OSG Security Team: Doug Olson, Deputy Security Officer, LBNL, Jim.

VO Membership Registration Workflow, Policies and VOMRS software (VOX Project) Tanya Levshina Fermilab.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Last update 21/01/ :05 LCG 1Maria Dimou- cern-it-gd Current LCG User Registration, VO management and Authorisation Procedures VOMS workshop

Virtual Organization Membership Service eXtension (VOX) Ian Fisk On behalf of the VOX Project Fermilab.

Operations Activity Doug Olson, LBNL Co-chair OSG Operations OSG Council Meeting 3 May 2005, Madison, WI.

Open Science Grid: Beyond the Honeymoon Dane Skow Fermilab October 25, 2005.

OSG Deployment Preparations Status Dane Skow OSG Council Meeting May 3, 2005 Madison, WI.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 02/13/2012.

HLRmon accounting portal The accounting layout A. Cristofori 1, E. Fattibene 1, L. Gaido 2, P. Veronesi 1 INFN-CNAF Bologna (Italy) 1, INFN-Torino Torino.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay, James Basney,

Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.

Opensciencegrid.org Operations Interfaces and Interactions Rob Quick, Indiana University July 21, 2005.

Gilda certificates. Certification Authority

OSG PKI Transition Impact on CMS. Impact on End User After March , DOEGrids CA will stop issuing or renewing certificates. If a user is entitled.

OSG Security: Updates on OSG CA & Federated Identities Mine Altunay, PhD OSG Security Team OSG AHM March 24, 2015.

Fermilab / FermiGrid / FermiCloud Security Update Work supported by the U.S. Department of Energy under contract No. DE-AC02-07CH11359 Keith Chadwick Grid.

Open Science Grid Security Activities D. Olson, LBNL OSG Deputy Security Officer For the OSG Security Team: M. Altunay, FNAL, OSG Security Officer, D.O.,

VO Management Tanya Levshina Computing Division, Fermilab.

OSG PKI Transition Mine Altunay OSG Security Officer

A Survey of Certificate Management Processes and Procedures in OSG Gabriel Ghinita and Mine Altunay

Computing Division Helpdesk Activity Report Rick Thies October 10, 2006.

Certificate Security For Users Obtaining and Using Your Personal Certificate using the OSG PKI Kyle Gross – OSG Operations Support Lead Elizabeth Prout.

VOX Project Status Report Tanya Levshina. 03/10/2004 VOX Project Status Report2 Presentation overview Introduction Stakeholders, team and collaborators.

New OSG Virtual Organization Security Training OSG Security Team.

Operations Support for the UK National Grid Service

Operations Interfaces and Interactions

OSG Security Kevin Hill.

Open Science Grid Progress and Status

CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather.

Open Science Grid Overview

Requisition Approval Tracking Module

Presentation transcript:

OSG RA, DOEGrids CA features Doug Olson, LBNL August 2006

2 Contents RA, agent, sponsor layout & OU=People use case Sample web form Agent Role GridAdmin Role Questions Schedule

3 1.Subscriber requests Certificate 2.RM posts signing request notice 3.The RA for the Subscriber retrieves request 4.The RA agent reviews request with Grid project 5.The agent updates/approves/rejects request 6.Approved Certificate Request is sent to CM Grid Classic PKI People Certificate Workflow Subscriber 1 2 Registration Authority (RA) Agent CM issues certificate 8.RM sends notice to Subscriber 9.Subscriber picks up new certificate 2 Sponsor Project DBMS Certificate Manager (CM) (Certificate Signing Engine) Registration Manager (RM) PKI1.DOEGrids.Org CA

4 2. notify OSG RA Layout CDF CMS DES DOSAR DZero Fermilab fMRI GADU geant4 GLOW GRASE GridChem GridEx GROW i2u2 iVDGL LIGO mariachi MIS nanoHUB SDSS STAR USATLAS DOEGrids CA 1 Registration Manager Registered VOs Registered Support Centers CSC DOSAR DZero Fermilab fGOC GADU GRASE GROW-GOC LIGO mariach-support OSG-GOC PROD_SLAC SDSS STAR TACC UC CI USATLAS USCMS VDT Agents within each support center know which VOs and sites they support Subscriber Sponsor Certificate 10. download 4.c verify4.d reply 4.e. confirm or deny 5. approve or reject request 1. submit Subscriber chooses one of the existing OSG registered VOs Draft 19 Apr 2006 Typical use case for personal certificate. 3. retrieve request 4.b authenticate ,8. notify VO sponsor DB 4.a check authorized sponsors RA Log 9. Record RA actions LDAP Cert. directory Publish certificates

5 Things on the horizon ESnet has a new version of the CA software in and house under investigation –RedHat Certificate System evolution of same code base of iPlanet/SUN CMS OSG RA setting up Roundup Issue Tracking to track request processing with more flexibility than the CA Agent interface. –Will form basis of RA performance metrics. Implementing https based sponsor confirmation as alternative to digitally signed DOEGrids/ESnet looking at setting up CA tied to other user account database via Radius, such as LDAP, …

6 Interfaces we can affect Cert Request form (somewhat) Cert management scripts request notices to agents (somewhat) Consider separate OSG Registration Manager to isolate OSG from other RA requests Ldap directory of published certificates