Presentation is loading. Please wait.

Presentation is loading. Please wait.

11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK

Published byCorey Jacobs Modified over 8 years ago

Similar presentations

Presentation on theme: "11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK"— Presentation transcript:

1 11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK d.p.kelsey@rl.ac.uk

2 11-May-01D.P.Kelsey, Security Update2 DataGrid CA status National CA already in operation for DataGrid Testbed0 –CERN –Czech Republic –France –Italy –Netherlands –Nordic –Portugal –Spain –UK

3 11-May-01D.P.Kelsey, Security Update3 UK Testbed CA Old certificates expired 30 th April 2001 –Including the CA public key! Andrew has now re-issued user certificates There is a new CA public key (with longer life!) –End systems need to be reconfigured for new CA key – see new rpm from Alex

4 11-May-01D.P.Kelsey, Security Update4 Certificates for DataGrid users/hosts All testbed users get a certificate from their own national CA. Same for host certificates –Does this cause big problems? See WP6 web page http://marianne.in2p3.fr Countries not yet running a CA –Implement one or –Find an existing CA willing to issue certificates Globus certificates are OK for TB0 but avoid if possible –Will be removed in Testbed 1 (M9)

5 11-May-01D.P.Kelsey, Security Update5 User accounts for DataGrid Testbed0/1 Certificates from national CA Requests for “GRID” accounts via WP managers –For definite need only –WP8 predict about 60 users for Testbed1 –WP manager gives list to WP6 –WP6 will arrange for accounts on Testbed sites This does not scale! –We need to plan beyond Testbed 1 –Longer term – different approach

6 11-May-01D.P.Kelsey, Security Update6 Acceptable use policy? Do we need an acceptable use policy or other document? – Can show to management to convince them that they should allow an unknown set of people to run programs on computers at a testbed site? Who are the users? Why should they use a testbed site? Do we envisage trusting someone who defines the list of people we will allow to run jobs, access data etc? Will such lists be signed etc?

7 11-May-01D.P.Kelsey, Security Update7 Configuration of systems See WP6 web Part of the standard distribution –To configure complete list of trusted CA’s –To configure the certificate request mechanism –To update CRL’s Local site is free to accept trusted CA’s or not. –We will check CPS of each CA to define “trust”

8 11-May-01D.P.Kelsey, Security Update8 Authorisation CAS from Globus –May not be ready/tested for testbed1 –Still uses Grid mapfile –So plan on not using it Therefore Authorisation via Grid mapfile –gid, uid UNIX security mechanisms –INFN LDAP tool for group membership –Andrew McNab patch for leasing generic accounts –Need input from WP8-10 for group structure –WP6 needs to solve the management/admin issues

9 11-May-01D.P.Kelsey, Security Update9 Future plans DataGrid ATF now working on implications of security for the architecture (next mtg 29/30 May) DataGrid WP6 CA mgrs meet on 5 th June (CERN) –To discuss CP, CPS etc. I have proposed a meeting of a new DataGrid Security Task Force (6 th June at CERN) –To coordinate WP security deliverables/work –To discuss architectural issues –To plan for future work (+ resource needs) GridPP has a work group on security (WG E) –Bid for 6.5 FTE (~50% of this for development)

Download ppt "11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK"

Similar presentations

INFN CA1 active since July 1998 manager: –Roberto Cecchini types of certificates released: –personal –server –object signing.

INFN CA1 active since July manager: –Roberto Cecchini types of certificates released: –personal –server –object signing.
24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK

24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.

WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.

Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK

22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK

11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK
Andrew McNab - Manchester HEP - 29/30 March 2001 gridmapdir patch Overview of the problem Constraints from local systems Outline of how it works How to.

Andrew McNab - Manchester HEP - 29/30 March 2001 gridmapdir patch Overview of the problem Constraints from local systems Outline of how it works How to.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK

5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK
Andrew McNab - Manchester HEP - 6 November 2001 www.gridpp.ac.uk Old version of website was maintained from Unix command line => needed (gsi)ssh access.

Andrew McNab - Manchester HEP - 6 November Old version of website was maintained from Unix command line => needed (gsi)ssh access.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
2001.04.02 / David GroepSummary of Security Workshop - DataGRID WP4 workshop1 DataGrid Security WS Summary Targets: Identify requirements from WP's Define.

/ David GroepSummary of Security Workshop - DataGRID WP4 workshop1 DataGrid Security WS Summary Targets: Identify requirements from WP's Define.
Security Mechanisms The European DataGrid Project Team

Security Mechanisms The European DataGrid Project Team
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
DATAGRID Testbed release 0 Organization and working model F.Etienne, A.Ghiselli CNRS/IN2P3 – Marseille, INFN-CNAF Bologna DATAGRID Conference, 7-9 March.

DATAGRID Testbed release 0 Organization and working model F.Etienne, A.Ghiselli CNRS/IN2P3 – Marseille, INFN-CNAF Bologna DATAGRID Conference, 7-9 March.
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file www.gridpp.ac.uk grid “ping”

Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”

Similar presentations

Ads by Google