Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Area Christoph Witzig (SWITCH) on behalf of John White (HIP)

Published byBertha Mills Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Area Christoph Witzig (SWITCH) on behalf of John White (HIP)"— Presentation transcript:

1 Security Area Christoph Witzig (SWITCH) on behalf of John White (HIP)

2 EMI INFSO-RI-261611 Maintenance – of existing security components Harmonization – Common authN library – Common profiles (SAML, XACML) – Common authorization service New Stuff: – Easier credential management Overview of Work 1/6/2011 EMI All Hands Meeting 2011, Lund 2

3 EMI INFSO-RI-261611 Java Delegation service: – coordination with EMI-ES MyProxy, Proxy Renewal, GridSite, gSoap,... – By CESNET Site access control: – gLExec  add support for PAM module (e.g. Argus) – LCAS/LCMAPS/EES: convergence of code Reduction of components: – Generally hard to drop entire components Code reduction often more feasible – Trustmanager, java-util  common authN library Maintenance – gLite (1) 1/6/2011 EMI All Hands Meeting 2011, Lund 3

4 EMI INFSO-RI-261611 Confidentiality Services: – Hydra: will be released in an EMI-1 update cycle New tests, documentation, vulnerability assessment – Pseudonymity service: Refactoring, certification, release Q4 2011 VOMS: – VOM(R)S convergence – Third-party attribute queries Maintenance – gLite (2) 1/6/2011 EMI All Hands Meeting 2011, Lund 4

5 EMI INFSO-RI-261611 ARC: – Support according to user requests – Nordugridmap, arcproxy: adapt to possible changes in VOMS – Recover LCAS/LCMAPS support Unicore – Refactoring of security PT (done) – Optimization of security stack – Support for resource sharing Maintenance – ARC and Unicore 1/6/2011 EMI All Hands Meeting 2011, Lund 5

6 EMI INFSO-RI-261611 Common authentication library – APIs for C, C++, Java done (almost) all internally reviewed – PT must be formed (TBC) 1st release Feb 2012 Java: UNICORE security PT C: NIKHEF, additional manpower needed C++: ARC – Note: Assumption: Most code taken from existing libraries Reach-out to other PT needs to be done Harmonization (1) 1/6/2011 EMI All Hands Meeting 2011, Lund 6

7 EMI INFSO-RI-261611 Common SAML profile: – Defined – Implementation in VOMS, 1st use by UNICORE Common XACML profile: – Defined – Support by Argus – Use by CREAM, UNICORE, ARC Harmonization (2) 1/6/2011 EMI All Hands Meeting 2011, Lund 7

8 EMI INFSO-RI-261611 Common authorization service – Use of Argus – Today: gLExec, global banning – Support in CREAM and data management (DPM, LFC) added – Coming: Support in ARC and UNICORE (  common XACML profile) – New feature: Argus EES Harmonization (3) 1/6/2011 EMI All Hands Meeting 2011, Lund 8

9 EMI INFSO-RI-261611 EMI AAI WG: – Easier credential management for non X.509 users – Support for AAIs and Kerberos – Late start of activity due to other priorities Security Token Service (STS) – To translate tokens into another format SAML / Kerberos  X.509 – Brokers trust between different security domains – Generic for all kinds of tokens, standards-based interface (WS- Trust) – Current plan to base on Shibboleth IdP v3 – Reach-out to other related efforts Support for AAIs 1/6/2011 EMI All Hands Meeting 2011, Lund 9

10 EMI INFSO-RI-261611 Work done by E.Heymann, UAB, w/collab. UWM Components assessed: VOMS Admin 2.0.18  vulnerabilities fixed gLExec 0.8  vulnerabilities fixed in EMI-1 Argus 1.2  no vulnerabilities found Components to be assessed: VOMS core (2.0.2) started To do: CREAM, WMS, Target System Interface, Gateway UAB cannot assess every component  security training for SW developers 1/6/2011 EMI All Hands Meeting 2011, Lund 10 Vulnerability Assessment

11 EMI INFSO-RI-261611 EMI JRA1 security Wiki: https://twiki.cern.ch/twiki/bin/view/EMI /EmiJra1T4Security https://twiki.cern.ch/twiki/bin/view/EMI /EmiJra1T4Security DJRA1.3.2: Security Work Plan Further Information 1/6/2011 EMI All Hands Meeting 2011, Lund 11

12 EMI is partially funded by the European Commission under Grant Agreement RI-261611 Thank you! 1/6/2011 12 EMI All Hands Meeting 2011, Lund

Download ppt "Security Area Christoph Witzig (SWITCH) on behalf of John White (HIP)"

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
EMI Development Plans for Identity Management Henri Mikkonen / HIP Moonshot, Grid and HPC Workshop 7.7.2011 London, UK.

EMI Development Plans for Identity Management Henri Mikkonen / HIP Moonshot, Grid and HPC Workshop London, UK.
2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.

2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 The EGI Software Vulnerability Group and EMI Dr Linda Cornwall, STFC, Rutherford.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI The EGI Software Vulnerability Group and EMI Dr Linda Cornwall, STFC, Rutherford.
EMI INFSO-RI-261611 European Middleware Initiative (EMI) Alberto Di Meglio (CERN) Project Director.

EMI INFSO-RI European Middleware Initiative (EMI) Alberto Di Meglio (CERN) Project Director.
EMI INFSO-RI-261611 EMI roadmap (development plan) Balázs Kónya (Lund University, Sweden) EMI Technical Director 25 th October 2010, Brussels, EGI-TCB.

EMI INFSO-RI EMI roadmap (development plan) Balázs Kónya (Lund University, Sweden) EMI Technical Director 25 th October 2010, Brussels, EGI-TCB.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
EMI is partially funded by the European Commission under Grant Agreement RI-261611 Software stack consolidation Balázs Kónya, Lund University 3rd EMI all-hands,

EMI is partially funded by the European Commission under Grant Agreement RI Software stack consolidation Balázs Kónya, Lund University 3rd EMI all-hands,
Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.

Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.

Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop 09.06.2011, CERN,

EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,
EMI INFSO-RI-261611 ARC on the European Distributed Computing Infrastructure (DCI) landscape Balázs Kónya (Lund University) NorduGrid Technical Workshop.

EMI INFSO-RI ARC on the European Distributed Computing Infrastructure (DCI) landscape Balázs Kónya (Lund University) NorduGrid Technical Workshop.
SAML support in VOMS Valerio Venturi EGEE JRA1 AH Meeting, Amsterdam 20/23 February 2008.

SAML support in VOMS Valerio Venturi EGEE JRA1 AH Meeting, Amsterdam 20/23 February 2008.
EMI INFSO-RI-261611 AAI in EEF Projects John White (Helsinki University) EMI Security Area Leader.

EMI INFSO-RI AAI in EEF Projects John White (Helsinki University) EMI Security Area Leader.
EMI INFSO-RI-261611 EMI Structure, Plans, Deliverables Alberto Di Meglio (CERN) Project Director ATLAS Software & Computing Week Geneva, 21 July 2011.

EMI INFSO-RI EMI Structure, Plans, Deliverables Alberto Di Meglio (CERN) Project Director ATLAS Software & Computing Week Geneva, 21 July 2011.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org www.glite.org EGEE and gLite are registered trademarks Security and Job Management.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security and Job Management.
European Middleware Initiative (EMI) – Release Process Doina Cristina Aiftimiei (INFN) EGI Technical Forum, Amsterdam 17. Sept.2010.

European Middleware Initiative (EMI) – Release Process Doina Cristina Aiftimiei (INFN) EGI Technical Forum, Amsterdam 17. Sept.2010.
Overview of user client usage: ARC Iván Márton Zsombor Nagy.

Overview of user client usage: ARC Iván Márton Zsombor Nagy.

Similar presentations

Ads by Google