Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Roadmap of NAREGI Security Services Masataka Kanamori NAREGI WP5 2005.4.20

Similar presentations


Presentation on theme: "The Roadmap of NAREGI Security Services Masataka Kanamori NAREGI WP5 2005.4.20"— Presentation transcript:

1 The Roadmap of NAREGI Security Services Masataka Kanamori NAREGI WP5 2005.4.20 http://www.naregi.org/

2 2 NAREGI WPs WP6 : Grid-Enabled Apps WP3 : Grid PSE WP3 : Grid Workflow WP1 : SuperSchedul er WP1 : Distributed Information Service WP2 : Grid Programmin g - Grid RPC - Grid MPI WP3 : Grid Visualization WP1 : Grid VM ( Globus,Condor,UNICORE  OGSA) WP5 : High-Performance & Secure Grid Networking WP4 : Packaging

3 3 NAREGI WP5 WP6 : Grid-Enabled Apps WP3 : Grid PSE WP3 : Grid Workflow WP1 : SuperSchedul er WP1 : Distributed Information Service WP2 : Grid Programmin g - Grid RPC - Grid MPI WP3 : Grid Visualization WP1 : Grid VM ( Globus,Condor,UNICORE  OGSA) WP4 : Packaging WP5 : NetworkPKI

4 4 Security Services Architecture Privacy Services Authorization Services Trust Services Attribute Services Audit/Source- Logging Services Credential Validation Services Bridge/ Translation Services AuthenticationIdentity Mapping Credential Conversion VO Policy The Open Grid Services Architecture, Version 1.0 Hypothetical OGSA version 2.0 documents schedule Security Services :WG draft publication GGF17(’06/6)

5 5 Roadmap for NAREGI Security Services (NSS) 20032004200520062007 AuthenticationNAREGI- CA V1.0 NAREGI- CA V1.1 NAREGI- CA V2.0 NAREGI- CA V2.1 Credential Conversion for UNICORE-Globus cooperation MyProxy+ CP/CPS+ Extended BD&DV DP ID MappingFS BD*DV&DP* VO ManagementFSBD&DVDP Bridge/Translation ServicesFSBD*DV&DP* Credential Validation ServicesFSBD*DV&DP* Trust ServicesFS&BDBD&DVDV&DP Authorization ServicesFSBD*DV&DP* Attribute ServicesFSBD*DV&DP* Audit/Source-Logging Services Forensic- FS Forensic- BD Forensic- DV Forensic- DP Privacy ServicesFSBD*DV&DP* FS :Feasibility Study, BD :Basic Design, DV :Development, DP :Deployment Core Functions OGSA Security Services Note: `*` means ‘subject to FS’

6 6 Authentication : NAREGI - CA NAS(NAREGI AUTHENTICATION SERVICE) Network Infrastructure AICA ( existing Certificate Authority Free Software ) LCMP RA: Registration Functions CP/CPS Auth. Policy ( single domain) Auth. Policy Extension (multi-domains) Command User Interface Web User Interface Web Service Interface VO management cooperation functions Development in 2004 After 2005Development in 2003 AuditPMA XKMS

7 7 Authorization assertion Authentication Authority XKMS Authentication & Authorization Service Credential X.509 Cert Policy enforcement point SAML extension in XACML Policy decision point XACML ① Service Request ② ④ VO Info ⑤⑥ ⑦ ⑧ MMJFS etc. Validate Request Reply Policy information point ③ NAREGI-CA WS-based NSS in the future

8 8 NAREGI CA (CD package) ontentsContents – README (Overview, install, etc..) – LICENSE – Release NOTE – naregi-ca-1.0.tar.gz Source files Source files CP/CPS, Administrator Guide, etc.. CP/CPS, Administrator Guide, etc.. – naregi-project naregi_pre.pdf (about NAREGI) naregi_pre.pdf (about NAREGI) wp5_pre.pdf (about NAREGI Work Package 5) wp5_pre.pdf (about NAREGI Work Package 5) Contact: –naregi-psg@grid.nii.ac.jp (about CD package) –naregi.pkiwg@grid.nii.ac.jp (NAREGI WP5 ML) Useful Link –https://www.apgrid.org/CA/AIST/Production/index.htm

9 NAREGI Testbed

10 10 Super SINET Super SINET: http://www.sinet.ad.jp/english/super_sinet.html Src: http://www.sinet.ad.jp/english/japan_map_1.html

11 11 NAREGI Grid Network AIST Kyushu tech Univ. NAREGI Grid Network Kyushu Univ. IMS Tokyo tech Univ. Osaka Univ. connected will be connected NIINAREGI NAREGI NII Cluster NAREGI IMS Cluster

12 12 NAREGI Grid Network ( in the future ) AIST Kyushu tech Univ. NAREGI Grid Network Kyushu Univ. IMS Tokyo tech Univ. Osaka Univ. connected will be connected NIINAREGI NAREGI NII Cluster NAREGI IMS Cluster Universities Grid Network Hokkaido Univ. Tohoku Univ. Tokyo Univ. Nagoya Univ. Doshisha Univ. Kyoto Univ. Kyushu Univ. Osaka Univ.

13 13

14 14 Features of NAREGI CA separates CA server and RA (web enroll). Nobody can access a CA server directly from the Net. –OpenCA is not separated can use a license ID for OneTime authentication. provides two types of interfaces –command-based –web-based.


Download ppt "The Roadmap of NAREGI Security Services Masataka Kanamori NAREGI WP5 2005.4.20"

Similar presentations


Ads by Google