Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Umbrella Project Authentication The minimum user information possible is stored centrally to avoid Data Protection issues. The Authentication is done.

Published byRalph Goodwin Modified over 8 years ago

Similar presentations

Presentation on theme: "The Umbrella Project Authentication The minimum user information possible is stored centrally to avoid Data Protection issues. The Authentication is done."— Presentation transcript:

1 The Umbrella Project Authentication The minimum user information possible is stored centrally to avoid Data Protection issues. The Authentication is done by the user logging into the Umbrella central site – currently umbrella.psi.ch – to generate a Shibboleth token. Authorization is delegated to the facility site. Minimum information necessary

2 Authentication Interface

3 Diamond Authentication CAS Server auth.diamond.ac. uk CAS Login Active Directory duo.diamond.ac.uk usernet.diamond.ac.ukpublications.diamond.ac.uk uss.diamond.ac.uk kerberos Authenticated + username quest Wrong credentials Interactive session jira.diamond.ac.uk Umbrella Service Provider Umbrella IdP umbrella.psi.ch

4 Recommendations from Pandata Europe WP 4 (AAI) 1.An authentication mechanism based on Umbrella should be implemented as widely as possible across participating facilities. 2.A technical solution needs to be provided to allow interactive sessions on computing resources at the facilities’ sites. Initial coverage must include Linux and Windows (optionally Macintosh) systems in order for any complete adoption of the authentication system. 3.An important architectural advantage is offered by using a system such as the Jasig Central Authentication Service (CAS) where most of the internal Authentication and Authorization issues are covered by this one system thereby obviating the need to modify dependent systems.

5 Integration with Project Moonshot - Basic Requirements The deliverables of project Moonshot look to be appropriate to address the Roadmap requirement. Notes: a.In essence this would be to use the Umbrella shibboleth credentials to set up interactive sessions for systems including Linux, Macintosh and Windows; this would provide a fairly complete solution for proposal submission through data acquisition to data analysis with one single set of credentials. The major component would be the modified openssh provided with Moonshot. Ideally this would be modified to accept shibboleth credentials and then allow ssh sessions on Linux and Macintosh (probably). I understand that Windows authentication follows the same principles. Notes: a.An optional but very useful extension would be the availability of a Pluggable Authentication Module (PAM) that would address the issue of collaborating facilities having to support multiple authentication systems particularly during transitional phases. The ideal deliverable would be a package managed installation such as an rpm or msi file that could be installed by a Systems Administrator and then be configured for IdP, optional CAS and other items that the author has not considered yet.

6 Moonshot Potential Future Authentication Strategy

7 User Session Authentication with Moonshot

8 Issues for consideration Current systems can be difficult to define the duration for which users can be authenticated. a.X509 certificates may be useful to help with this problem A mechanism of persistence or caching is necessary to avoid loss of service due to network unavailability. PAM stacks. User X509 certificates Must support Windows, Macintosh and Linux Should be very simple to install and configure (consider rpm or msi) The overall network infrastructure should provide the necessary support. Interesting: Compatible with any Microsoft initiative if possible. EduRoam Mobile devices Acknowledgements: a)Brian Abram (Diamond/Janet UK) b)Bjoern Abt (PSI) c)Roland Hedburg d)Josh Howlett (Janet UK) e)Rhys Smith (Cardiff)

9 Thank you

Download ppt "The Umbrella Project Authentication The minimum user information possible is stored centrally to avoid Data Protection issues. The Authentication is done."

Similar presentations

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Secure Lync mobile Authentication

Secure Lync mobile Authentication
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.

Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.
© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.

© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.

Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Office of Science U.S. Department of Energy Grids and Portals at NERSC Presented by Steve Chan.

Office of Science U.S. Department of Energy Grids and Portals at NERSC Presented by Steve Chan.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Similar presentations

Ads by Google