Download presentation
Presentation is loading. Please wait.
1
CRIC ・ Authentication & Authorization
Aresh Vedaee CRIC ・ Authentication & Authorization
2
Authentication Sources (Role = List of permissions)
MAPPING SCHEMA AUTHENTICATION Authentication Sources SSO CERN HR DB VOMS CRIC DB … Principals Users Groups (Group = Collection of individuals) Roles (Role = List of permissions) Site Admin Experiment Site Support Experiment Admin CRIC Admin
3
Authentication Sources (Role = List of permissions)
MAPPING SCHEMA AUTHENTICATION AUTHORIZATION Authentication Sources SSO CERN HR DB VOMS CRIC DB … Principals Users Groups (Group = Collection of individuals) Roles (Role = List of permissions) Site Admin Experiment Site Support Experiment Admin CRIC Admin
4
Authentication sources (Role = List of permissions)
MAPPING SCHEMA AUTHENTICATION AUTHORIZATION PERMISSIONS (Permission = Action + Entity) Authentication sources SSO CERN HR DB VOMS CRIC DB … Principals Users Groups (Group = Collection of individuals) Roles (Role = List of permissions) Site Admin Experiment Site Support Experiment Admin CRIC Admin Create Modify Delete Read Actions Object instances Object properties WEB UI / API Entities
5
Authentication Sources (Role = List of permissions)
MAPPING SCHEMA AUTHENTICATION AUTHORIZATION PERMISSIONS (Permission = Action + Entity) Authentication Sources SSO CERN HR DB VOMS CRIC DB … Principals Users Groups (Group = Collection of individuals) Roles (Role = List of permissions) Site Admin Experiment Site Support Experiment Admin CRIC Admin Create Modify Delete Read Actions Object instances Object properties WEB UI / API Entities Restrictions
6
ROLES CORE Expert Experiment Expert Site A Site A Site B Site B Site C
SEs CEs Site A SEs CEs Site A SEs CEs Site B SEs CEs Site B SEs CEs Site C
7
ROLES CORE Expert Experiment Expert Experiment Admin Site A Site A
SEs CEs Site A SEs CEs Site A SEs CEs Site B SEs CEs Site B Experiment Admin + Restriction( VO = “CMS” ) SEs CEs Site C
8
ROLES CORE Expert Experiment Expert Experiment Admin
SEs CEs Site A SEs CEs Site A SEs CEs Site B SEs CEs Site B Experiment Admin + Restriction( VO = “CMS” ) SEs CEs Site C Experiment Site Support + Restriction( VO = “CMS”, Site = “Site B” )
9
ROLES CORE Expert Experiment Expert Site Admin Experiment Admin
SEs CEs Site A SEs CEs Site A Site Admin + Restriction( Site = “Site A” ) SEs CEs Site B SEs CEs Site B Experiment Admin + Restriction( VO = “CMS” ) SEs CEs Site C Experiment Site Support + Restriction( VO = “CMS”, Site = “Site B” )
Similar presentations
