Presentation is loading. Please wait.

Presentation is loading. Please wait.

The New Virtual Organization Membership Service (VOMS)

Published byἌλκανδρος Δοξαράς Modified over 6 years ago

Similar presentations

Presentation on theme: "The New Virtual Organization Membership Service (VOMS)"— Presentation transcript:

1 The New Virtual Organization Membership Service (VOMS)
Krasimira Kapitanova

2 Outline VOMS and why do we care (or do we?) The problem The standards
Checkpoint The bigger problem Conclusions

3 Unite and conquer! (what is a VOMS)
Every user of a grid system should be able to identify themselves by presenting the proper authorization credentials. Is that actually feasible? What do we want from VOMS? Decrease the number of credentials issued by the grid system If a user wants to run a job on a grid they should be able to prove that: They are who they are claming to be They are allowed to perform the task they are trying to However, it is not really feasible to give personalized authorization credentials to each user In a grid environment, VOs tend to be extremely large and change frequently Sites need to know the users because of the need to prepare local accounts and eventually apply authorization policies It is not scalable to manage them by hand

4 … and it looks like this…
We can have both different levels and different roles Organize users into groups and grant them roles Also add other general-purpose attributes

5 …or like this Client and server mutually authenticate themselves and establish a secure communication channel; The client sends the request to the server The server checks the correctness of the request and sends back the requited info (signed by itself) The client checks the validity of the info received Steps 1-4 are repeated for every server the client needs to contact The client creates a proxy certificate with an extension (non critical) containing all the info received from the contacted VOMS Server – the server is essentially a front end to a RMDB where all info about the user is kept

6 The problem VOMS was developed in 2002
Current grid web-services standards: WS-Trust (March 2007) WS-Federation (December 2006)

7 What do the standards require
(Security Token Service) An STS is a generic service that issues/exchanges security tokens using a common model and set of messages. As such, any web service, itself, be an STS simply by supporting the [WS-Trust] specification. One possible function of an STS is to provide digital identities – an Identity Provider (IP). This is a special type of security token service that, at a minimum, performs authentication and can make identity (or origin) claims in issued security tokens. In many cases IP and STS services are interchangeable.

8 The result

9 However… Getting the source code of a VOMS implementation turned out to be a NP-hard problem

10 Conclusions and future work
It is reasonable and possible to build a VOMS so that it’s compliant with the standards It will just require including the necessary security servers (which can conveniently be on the same machine as the VOMS server) Actually implement the standardized VOMS

11 Questions

Download ppt "The New Virtual Organization Membership Service (VOMS)"

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
The VOMS Attribute Authority and its relation with Shibboleth Presenter: Vincenzo Ciaschini 8 th TF-EMC2 Meeting Firenze, March 2007.

The VOMS Attribute Authority and its relation with Shibboleth Presenter: Vincenzo Ciaschini 8 th TF-EMC2 Meeting Firenze, March 2007.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.

EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.
20 March 2007 VOMS etc - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) VOMS Installation and configuration Bouchra

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) VOMS Installation and configuration Bouchra
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

Similar presentations

Ads by Google