Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building Interoperable Global Trust

Published byRodney Robbins Modified over 6 years ago

Similar presentations

Presentation on theme: "Building Interoperable Global Trust"— Presentation transcript:

1 Building Interoperable Global Trust
v Building Interoperable Global Trust bridging technology and policy divides David Groep EWTI 2015 Image by Cristian Bortes, May 2011, CC-BY -

2 Research as a global distributed enterprise
Climate modelling Aerospace air flow and stress Slide: Nicole Gregoire, SURFnet for EYR3, CC-BY Flood prediction & disaster mitigation Global data flows for genomics

3 The intended outcome … 2x3000 physicists >10k technical staff
150 institutes 50 countries/areas 2 people 2-3 people

4 One independent ‘policy-bridge’ PKI
Image source: joint CERN (wLCG) and EGI Organisations participating in the global collaboration of e-Infrastructures Even just for wLCG, supporting the CERN LHC programme More than 200 independent institutes with end-users More than 50 countries & regions More than 300 service centres Handful regional ‘service coordination organisations’ CPU cores, 200+PByte storage One independent ‘policy-bridge’ PKI

5 Building Sustainable Trust
Single Organisation managerial control over all assets Collaborative Community distributed responsibility loose controls varying jurisdictions left: the SuperMUC, LRZ, Garching bei München – which is actually also part of the R&E e-Infrastructure …

6 Identifying participants – classifying risks
Subject Action P Resource ID & Vetting Attributes Identifier Other Attributes Single organisation responsible for entire risk envelope

7 Identifying participants – classifying risks
Subject Action Resource Identifier ID & Vetting Attributes Other Attributes P Subject Action Resource Identifier ID & Vetting Attributes Other Attributes P Subject Action Resource Identifier ID & Vetting Attributes Attributes Other P Subject Action Resource Identifier ID & Vetting Attributes Other Attributes P Single organisation responsible for entire risk envelope Multiple ‘monolithic’ organisations in equivalent roles interwork

8 Identifying participants – classifying risks
Subject Action P Resource ID & Vetting Attributes Identifier Other Attributes residual risk Single organisation responsible for entire risk envelope Multiple ‘monolithic’ organisations in equivalent roles interwork Independent administrative domains collaborate in distinct roles

9 Relying Parties as a Defining Element
Service providers (‘relying parties’) absorb almost all of the residual risk – as they host and manage resources under threat They trust others for a particular purpose Sources of ‘subject authority’ should align with RP interests to be useful RP must have policy controls to compose sources of authority RP must be equipped with effective controls to mitigate risks source: NorthWood LAN party 7 -

10 Multi-authority access control with PKI in e-Infrastructures using composable policy
RFC3820 facilitates composition, brokering and non-web single sign-on SSO RFC RFC3281+ ‘VOMS’ profile VOMS Attribute Certificate Format,

11 Why a dedicated trust fabric for eScience?
Specific assurances required for e-Infrastructures globally unique, non-reassigned identifiers identify end-users as well as networked services active participation in incident response at last resort Issues for e-Infra compared to current browser trust ‘actual’ relying party – end users – are not even encouraged to make trust decisions autonomously - it’s e.g. impossible to consistently remove an individual trust anchor from NSS default set decisions (necessarily) consensus-based, but consensus in a group far larger and with divergent interests from specific cross-enterprise RPs public browser trust almost exclusively DNS focused Not all RPs nor all risks are equal, so ultimately one gets differentiated LoA even in a single federation ‘non-alignment’

12 Empowering the Relying Party
User Identity Community Attributes Community Resource SLA Trusted Third Parties Aggregated Policy Decision Trust Policy AuthZ Service Resource Policy Resource Attributes graphic inspired by OGF OGSA-AuthZ WG, 2005

13 Establishing PKI interworking: AP EU TAG
European resource provider collaboration established first CA Coordination Group for e-Infrastructures in 2000 Leveraged on purpose existing PKI CAs where available Global research needs resulted in the 2003 ‘Tokyo Accord’ With start of production e-Infrastructures in 2004 EUGridPMA: national (e-infra) identity services plus major e-Infrastructures & TERENA APGrid and PRAGMA establish APGridPMA Canada, Latin America and USA establish TAGPMA bringing together resource providers, communities, IdPs agree on global, shared minimum requirements and assurance levels inspired and coordinated by the needs of relying parties, who frequently co-support some of the identity management operations

14 Interoperable Global Trust Federation
3 regional chapters: EMEA, Americas, AP ~ 90 Identity Providers (some leveraging a R&E federation) ~ 10 international major relying parties ~ 60 countries / economic areas / extra-territorial orgs > 1000 relying service provider collaborations

15 Minimum requirements: assurance profiles
Federation minimum requirements (APs) reflect specific operational and security needs of resource providers differentiated LoA support: classic direct-vetting subscriber services identity services leveraging (R&E) federations with ID vetting ‘LoA1+’ Identifier-Only Trust Assurance – if relying party has other ways to vet its users, allow for lower-assurance identifiers, thus enabling more federations as ID source ‘research-inspired’ trust verification process: self-audits, peer-review, transparent open policies and processes ‘meet or exceed’ required minimum standards

16 Assurance Profiles – declaration of consistency towards Relying Parties
Vetting and assurance – for identity and attributes vetting rules and data quality expiration and renewal revocation and incident containment Operational requirements for identity providers operating environment and site security staff qualification and control Publication and audits openness of policy, practices and meta-data review and auditing Privacy and confidentiality guarantees Compromise, disaster recovery and business continuity

17 Engendering trust through transparent processes and procedures
IGTF itself works on peer review process Supported by self-assessments shared with the peer group Depending on the RP risk assessment, for identified use cases this is actually sufficient LoA Especially when there are complementary sources of assurance: community attributes, ‘reputation’, … Image: EUGridPMA Plenary Meeting, Amsterdam 2009

18 Cryptographic PKI bridging
Organisations typically act as both CA (IdP) and Relying Party Technically path discovery support permissible ‘naming’ defined in the cross-signing certs policy mapping is done in the bridges only Bridges take care of policy responsibility for their trusting connected CAs and RPs

19 Rendering a PKI federation as a Policy Bridge
Once role separation is recognised, federation is simple composable - and removable - assurance-tagged trust anchor lists mechanism to distribute trust-anchor (meta) data via the federation provide controls that permit the RP – under its own policy – to trust only those elements that match its risk profile based on assurance profiles expressed as accreditation trust marks based on relying party defined namespace constraints to set trust scope and global uniqueness of identifiers in the federation permit subject-based policy decisions (on name, issuer, attributes) Policy bridges are not new: public browser trust uses esentailyl the same model, except that trust is fored upon the RP (=end-user in that case) Minimum requirements model used by IGTF allows for a ‘many-to-one’ mapping in importing ‘foreign’ federations. The RP-first model does not require mutual bridgeing – it’s like a single-sided cross-signing cert.

20 Collaboration is based on Bridging Trust!
Policy bridges are fairly common … in various technologies and scenarios … Bridging bridged trust fabrics GEANT TCS DFN AAI SLCS CILogon Basic, Silver ‘and trust is technology agnostic’ Image: Bryan Tong Minh, CC-BY-SA Oosterscheldekering, Rijkswaterstaat, NL SLCS/MICS graphic: Jan Meijer, UNINETT

21 Dutch National Institute for Subatomic Physics
Interoperable Global Trust Federation Dutch National Institute for Subatomic Physics Image: Bryan Tong Minh, CC-BY-SA Oosterscheldekering, Rijkswaterstaat, NL except where otherwise noted on images logos owned by respective trademark holders and used as citations only

Download ppt "Building Interoperable Global Trust"

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.

David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
David Groep EUGridPMA The International Grid Trust Federation enabling an interoperable global trust fabric also supported by EGI.eu EGI-InSPIRE RI-261323,

David Groep EUGridPMA The International Grid Trust Federation enabling an interoperable global trust fabric also supported by EGI.eu EGI-InSPIRE RI ,
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
LiveAP Towards Differentiated Identity Assurance David Groep, Nikhef supported by the Netherlands e-Infrastructure SURFsara, and EGI.eu O-E-15 and EGI-InSPIRE.

LiveAP Towards Differentiated Identity Assurance David Groep, Nikhef supported by the Netherlands e-Infrastructure SURFsara, and EGI.eu O-E-15 and EGI-InSPIRE.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
TERENA TF-EMC2 Workshop David Groep, 2004.11.04

TERENA TF-EMC2 Workshop David Groep,
Www.egi.eu EGI-InSPIRE RI-261323 EGI (IGTF Liaison Function) www.egi.eu EGI-InSPIRE RI-261323 Towards Differentiated Identity Assurance as a collaborative.

EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI Towards Differentiated Identity Assurance as a collaborative.
Updates from the EUGridPMA David Groep, July 16 st, 2007.

Updates from the EUGridPMA David Groep, July 16 st, 2007.
David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – going where? Collaborative, distributed, and generalized assurance beyond just identity authentication.

David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – going where? Collaborative, distributed, and generalized assurance beyond just identity authentication.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Jimmy C. Tseng Assistant Professor of Electronic Commerce

Jimmy C. Tseng Assistant Professor of Electronic Commerce
IOTA Questions for RPs Sept 9, 2013 Bucharest, Romania.

IOTA Questions for RPs Sept 9, 2013 Bucharest, Romania.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

Similar presentations

Ads by Google