Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in the wider world David Kelsey (STFC-RAL) GridPP37 – Ambleside 2 Sep 2016.

Similar presentations


Presentation on theme: "Security in the wider world David Kelsey (STFC-RAL) GridPP37 – Ambleside 2 Sep 2016."— Presentation transcript:

1 Security in the wider world David Kelsey (STFC-RAL) GridPP37 – Ambleside 2 Sep 2016

2 Overview Reminder - EGI CSIRT continues to be the operational security body for WLCG (in Europe) –The UK NGI Security team plays a leading role –Funding for security coordination from the EGI Foundation Many different activities – just show a few today –Policies, Procedures, Monitoring, Training, Dissemination … EU H2020 projects - development –EGI-Engage –AARC (Authentication and Authorisation for Research & Collaboration) “Wise Information Security for Einfrastructures” (WISE) Future H2020 proposals –AARC2 now approved: ? May 2017 – April 2019 –EINFRA12 call (EGI-Engage follow-on): ? Jan 2018 – Dec 2020 2 Sep 2016 Kelsey/Security 2

3 EGI-Engage SA1.2 2 Sep 2016 Kelsey/Security 3

4 EGI SVG 2 Sep 2016 Kelsey/Security 4

5 2 Sep 2016 Kelsey/Security 5

6 AARC 2 Sep 2016 Kelsey/Security 6

7 2 Sep 2016 Kelsey/Security 7

8 The new EGI AAI infrastructure TJRA1.1 JRA1 E-Infrastructure Commons EGI-Engage JRA1.1 – slides from Diego Scardaci

9 Core requirements for the AAI Credentials/Tokens –Users access EGI services with credentials released by his/her home organisation (eduGAIN support) –Take into account the so-called homeless users –Level Of Assurance (LoA) for each credential type Open architecture –Support the most common technologies to manage federated identities: SAML, OpenID Connect, X.509, etc. –Support several attributes sources –Easily extensible and interoperable with other infrastructures Hide the complexity to the Service providers –Token Translator Services (TTSs) Convert a credential to be recognised by the service JRA1 E-Infrastructure Commons

10 New EGI AAI and trust model JRA1 E-Infrastructure Commons Information sent to service providers Community Attribute Authority TRUST Community attributes User “User A” EGI Services Level of Assurance

11 Liaison with AARC & Requirements gathering Collaboration established with the AARC project: –Adopt AAI policies, solutions and best practices defined at European level –Deal with problems that require a larger scope to be resolved (e.g. global unique identifiers, levels of assurance, etc.) –The AARC Blueprint IdP/SP proxy model, TTS based on CILogon Requirements gathering –EGI-Engage Competence Centers –Other EGI communities and RIs –EGI Tools JRA1 E-Infrastructure Commons

12 EGI AAI WP3 E-Infrastructure Commons

13 EGI AAI WP3 E-Infrastructure Commons

14 EGI AAI WP3 E-Infrastructure Commons

15 IGTF/AARC 2 Sep 2016 Kelsey/Security 15

16 USA - CILogon 2 Sep 2016 Kelsey/Security 16

17 AARC IOTA CA 2 Sep 2016 Kelsey/Security 17

18 WISE 2 Sep 2016 Kelsey/Security 18

19 2 Sep 2016 Kelsey/Security 19

20 WISE 2 Sep 2016 Kelsey/Security 20

21 WISE 2 Sep 2016 Kelsey/Security 21

22 WISE 2 Sep 2016 Kelsey/Security 22

23 Next WISE Workshop Tuesday 27 Sep 2016 Before the Digital Infrastructures for Research (DI4R) conference in Krakow, Poland 2 Sep 2016 Kelsey/Security 23

24 QUESTIONS? 2 Sep 2016 Kelsey/Security 24


Download ppt "Security in the wider world David Kelsey (STFC-RAL) GridPP37 – Ambleside 2 Sep 2016."

Similar presentations


Ads by Google