Andrew McNabGESA/Authz, GGF9, 7 Oct 2003Slide 1 Authorization status Andrew McNab High Energy Physics University of Manchester

Slides:



Advertisements
Similar presentations
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Advertisements

GT 4 Security Goals & Plans Sam Meder
Thoughts & Ideas on AuthZ Interoperability Christos Kanellopoulos AUTH/GRNET skanct at physics.auth.gr.
Security Standards (…and Competing Standards … and Implementations … and Interoperability) Marty Humphrey Assistant Professor Computer Science Department.
GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
VOMS & SAML Valerio Venturi MWSG /6/07. EU project: RIO31844-OMII-EUROPE OMII-Europe OMII-Europe is an EU-funded project which has been established.
New Challenges for Access Control April 27, Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.
System Center Configuration Manager Push Software By, Teresa Behm.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
A conceptual model of grid resources and services Authors: Sergio Andreozzi Massimo Sgaravatto Cristina Vistoli Presenter: Sergio Andreozzi INFN-CNAF Bologna.
Authz work in GGF David Chadwick
PDC Enabling Science Grid Security Research Olle Mulmo.
20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.
Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
Identity, Spheres and Privacy Rules Henning Schulzrinne (with Hannes Tschofenig and Richard Barnes) Workshop on Identity, Information and Context October.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Andrew McNab - GACL - 16 Dec 2003 Grid Access Control Language Andrew McNab, University of Manchester
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
OGSA SEC WG [OGSA= Open Grid Services Architecture] Co-chairs: Nataraj Nagaratnam, IBM, USA Marty Humphrey University of Virginia, USA GGF9.
Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
Andrew McNab - GGF Authz - 16 Dec 2003 GGF Authorization work Andrew McNab, University of Manchester
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.
Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.
1 Globus Toolkit Security Rachana Ananthakrishnan Frank Siebenlist Argonne National Laboratory.
OGSA Security Roadmap Discussion GGF5 – 7/24/02. Outline l Introduction l Architecture Goal l Roadmap Goal l Proposed Specs l Challenges l Next Steps.
Andrew McNab - GridSite/EDG/GGF - 29 Sept 2003 GridSite, EDG and GGF Andrew McNab, University of Manchester
Data Manipulation Jonathan Rosenberg dynamicsoft.
30-Sep-03D.P.Kelsey, SCG Summary1 Security Co-ordination Group (WP7 SCG) EDG Heidelberg 30 September 2003 David Kelsey CCLRC/RAL, UK
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Andrew McNab - EDG Access Control - 4 Dec 2002 EDG Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
Grid Authorization Landscape and Futures Von Welch NCSA
Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.
Jun 12, 20071/17 AuthZ Interoperability – Status and Plan Gabriele Garzoglio AuthZ Interoperability Status and Plans June 12, 2007 Middleware Security.
Ákos FROHNER – DataGrid Security n° 1 Security Group TODO
AFS/OSD Project R.Belloni, L.Giammarino, A.Maslennikov, G.Palumbo, H.Reuter, R.Toebbicke.
AuthZ WG Conceptual Grid Authorization Framework document Presentation of Chapter 2 GGF8 Seattle June 25th 2003 Document AID 222 draft-ggf-authz-framework pdf.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks OpenSAML extension library and API to support.
The Roadmap of NAREGI Security Services Masataka Kanamori NAREGI WP
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen.
OGSA Attributes: Requirements, Definitions, and SAML Profile Abstract This document specifies elements and vocabulary for expressing attribute assertions.
Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 1 SlashGrid = “/grid” Andrew McNab High Energy Physics University of Manchester
Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid ConsortiumCHEP 2006 Mumbai INDIA February gPLAZMA:
GGF - © Birds of a Feather - Policy Architecture Working Group.
GridSite status Andrew McNab University of Manchester.
INFSO-RI Enabling Grids for E-sciencE GUMS vs. LCMAPS Oscar Koeroo.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
Trygve Aspelien and Yuri Demchenko
OGF PGI – EDGI Security Use Case and Requirements
Obligations in the OGSA SAML Authorization Service Interface
OGSA-WG Basic Profile Session #1 Security
GGF8 Authorization Frameworks and Mechanisms Working Group
Resource monitoring and discovery in OGSA
Usecases and Requirements for OGSA-Security
Osamu Tatebe Grid Technology Research Center, AIST
University of Virginia, USA GGF9, Chicago, Illinois, US
Groups and Permissions
Presentation transcript:

Andrew McNabGESA/Authz, GGF9, 7 Oct 2003Slide 1 Authorization status Andrew McNab High Energy Physics University of Manchester

Andrew McNabGESA/Authz, GGF9, 7 Oct 2003Slide 2 Authz-WG Meetings Tokyo, Seattle and here (yesterday) Main work is the frameworks document –describes terminology (IETF/ISO) –general models for authorization –components (eg Attribute Authority) –describes some real systems in these terms Also producing a glossary for Authz Work of Authz-WG coming to an end –Final version of documents before next GGF? –Specifications to be produced elsewhere.

Andrew McNabGESA/Authz, GGF9, 7 Oct 2003Slide 3 OGSA Authz WG First meeting at 4pm today. Producing specifications needed for Authorization in OGSA: –Attributes eg attribute certs like CAS,VOMS –Use of SAML assertions and queries / “wire protocol” –Use of XACML expression / “storage” –Requirements General enough to be used outside of OGSA too: eg for services’ internal use.

Andrew McNabGESA/Authz, GGF9, 7 Oct 2003Slide 4 What does this get you? Standard ways of handling and specifying attributes (eg group membership) Standard ways of asking a service if a user with a set of credentials can do a particular action. Standard ways of expressing policy about what users can do: –in terms of identities, groups, time of day, location, current usage of a resource etc. Support for these in the rest of OGSA.

Andrew McNabGESA/Authz, GGF9, 7 Oct 2003Slide 5 What do you need from Authz? Authz systems can provide local enforcement of “permissions”. In most cases, can readily be extended to quotas or limits too. What hooks are needed to specify these externally? –eg as per-user credit limits?? What about reporting of Use to other GESA components? –Granularity: Per site? Per resource? Per “file”?