EMI is partially funded by the European Commission under Grant Agreement RI-261611 Security Token Service (STS) Transforming the Existing User Credentials.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.

EMI Development Plans for Identity Management Henri Mikkonen / HIP Moonshot, Grid and HPC Workshop London, UK.

 Rich Randall Development Lead Microsoft Corporation BB44.

Lecture 23 Internet Authentication Applications

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Core Web Service Security Patterns

WebFTS as a first WLCG/HEP FIM pilot

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

Web Service Standards, Security & Management Chris Peiris

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,

WS-Trust Joseph Calandrino Vincent Noël Department of Computer Science University of Virginia February 9, 2004.

EMI INFSO-RI AAI in EEF Projects John White (Helsinki University) EMI Security Area Leader.

17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.

Overview of user client usage: ARC Iván Márton Zsombor Nagy.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

WS-Trust “From each,according to his ability;to each, according to his need. “ Karl marx Ahmet Emre Naza Selçuk Durna

Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.

Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Security Token Service (STS) Design & Development Plans Henri Mikkonen / HIP 3 rd EMI All-Hands Meeting , Padova, Italy.

WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2.

Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.

Technofolies Brussels, Oct 29 & 30. Technofolies.

Web Services Security Patterns Alex Mackman CM Group Ltd

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.

EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI TF.

Claims-based security with Windows Identity Foundation.

European Middleware Initiative (EMI) – Training Kathryn Cassidy, TCD EMI NA2.

Placeholder ES 1 CERN IT EGI Technical Forum, Experiment Support group AAI usage, issues and wishes for WLCG Maarten Litmaath CERN.

EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.

EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.

AAI needs of the Distributed Computing Infrastructures - CLARIN Dieter Van Uytvanck Max Planck Institute for Psycholinguistics

EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.

Kipper – a Grid bridge to Identity Federation Andrey Kiryanov.

Workshop on Security for Web Services. Amsterdam, April 2010 Applying SAML to Identity Data Exchange.

In Vivo Imaging Middleware — Phase 6 Ashish Sharma, Tony Pan, Y. Nadir Saghar.

CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland.

Security Area Christoph Witzig (SWITCH) on behalf of John White (HIP)

ScienceSoft is incubated by EMI, partially funded by the European Commission under Grant Agreement RI ScienceSoft – Call for Action Alberto Di Meglio,

Authentication Interact Cloud.

EMI Interoperability Activities

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Security Token Service (STS) Status Update

The New Virtual Organization Membership Service (VOMS)

Presentation transcript:

EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Transforming the Existing User Credentials For the Grid Henri Mikkonen, Helsinki Institute of Physics EGI Technical Forum 2012 (AAI Workshop) , Prague, Czech Republic

EMI INFSO-RI Security Token? – WS-Security: A collection of statements (claims) about a user or resource Any digital identity that can be attached into a SOAP message: X.509, SAML assertion, Kerberos ticket, … Security Token Service? – WS-Trust: A Web service used to issue, renew, validate and cancel security tokens Establishes a trust relationship between different application / security domains Terminology 19/09/2012Henri EGI Technical Forum 20122

EMI INFSO-RI SAML token -> X.509 token 19/09/2012Henri EGI Technical Forum STS CA SAML assertion -token Requests a certificate Issues a certificate STS Client Tool Username, Password, Home Institute Home Institute Username, Password SAML assertion X.509 & Private key to the filesystem X.509 certificate -token (public key + proof)

EMI INFSO-RI SAML token -> X.509 token 19/09/2012Henri EGI Technical Forum STS SAML assertion -token X.509 certificate -token Requests a certificate Issues a certificate STS Client Tool Username, Password, Home Institute Home Institute SAML Trust Domain Username, Password SAML assertion X.509 & Private key to the filesystem X.509 Trust Domain CA (public key + proof)

EMI INFSO-RI SAML token -> X.509 token 19/09/2012Henri EGI Technical Forum 20125

EMI INFSO-RI SAML token into a VOMS token 19/09/2012Henri EGI Technical Forum STS SAML assertion -token X.509 proxy certificate -token Requests a certificate Issues a certificate STS Client Tool Username, Password, Home Institute Home Institute SAML Trust Domain Username, Password SAML assertion X.509 proxy certificate chain & private key to the filesystem VOMS Requests attributes Issues an attribute certificate X.509 Trust Domain CA (public key + proof + VO-info)

EMI INFSO-RI SAML token into a VOMS token 19/09/2012Henri EGI Technical Forum 20127

EMI INFSO-RI SAML token into a VOMS token 19/09/2012Henri EGI Technical Forum SAML assertion -token Grid Portal Home Institute SAML Trust Domain Username, Password SAML assertion Access Grid Services using the user’s proxy Web browser access X.509 proxy certificate -token STS VOMS CA Requests a certificate Issues a certificate Requests attributes Issues an attribute certificate X.509 Trust Domain (public key + proof + VO-info)

EMI INFSO-RI SAML token into a VOMS token 19/09/2012Henri EGI Technical Forum 20129

EMI INFSO-RI Thursday , 14:00 – 15:30, EMI Security for Grids and Clouds – Henri Mikkonen: “STS Status Update” – Carolina Lindqvist: “Exploring the SAML 2.0 ECP Profile” More details tomorrow 19/09/2012Henri EGI Technical Forum

EMI is partially funded by the European Commission under Grant Agreement RI Thank you! Questions? Henri Mikkonen