Presentation is loading. Please wait.

Presentation is loading. Please wait.

The GENIUS Security Services

Published byDaniela Manning Modified over 6 years ago

Similar presentations

Presentation on theme: "The GENIUS Security Services"— Presentation transcript:

1 The GENIUS Security Services
The GENIUS Team

2 Overview Normal Use Specific Dissemination Services
(with some examples) In this tutorial you will learn how the EDG Security mechanisms are being used.

3 Normal use: MyProxy delegation
EDG UI MyProxy Server grid-proxy-init myproxy-init –s <server> myproxy-get-delegation GENIUS Server (EDG UI) WEB Browser The project supports CAs for members of the project and for related projects. For a machine to participate as a Testbed resource all the CAs must be enabled. All CA certificates can be installed without compromising local site security. Site managers has full control over local resources. CAs: there are 3 CAs at CNRS: - CNRS - CNRS – Projects - CNRS – Datagrid-fr (catchall, which is for the ones, who have no CA) The six main VOs are for WP8 (LHC experiments), WP9 (Earth Observation) and WP10 (Biomedical) The Testbed VO is for testing, development and demo purposes. The Tutorial VO is for this audience sitting in the room  Real life example: traveling abroad CA = gov. authority in your country issuing passport VO = gov. authority in the destination country issuing visa the Grid execution Local WS output any grid service Roberto Barbera

4 Security Services The authentication steps shown in the following slides are: user requests a certificate user sends the requests to the CA, which sends back the signed certificate conversion to browser digestable PKCS12 format registration in the EDG LDAP-VO generats a proxy certificate (24 hours lifetime) host/service requests a certificate host/service sends the requests to the CA, which sends back the signed certificate retrival of the trusted CA certificates and their CRLs generating a gridmap file from the LDAP database for authorization and mapping user contacts a service: they exchange their certificates to authenticate each other; the service bases its authorization decision on the gridmap file (... currently)

5 Info on proxy (1) The authentication steps shown in the following slides are: user requests a certificate user sends the requests to the CA, which sends back the signed certificate conversion to browser digestable PKCS12 format registration in the EDG LDAP-VO generats a proxy certificate (24 hours lifetime) host/service requests a certificate host/service sends the requests to the CA, which sends back the signed certificate retrival of the trusted CA certificates and their CRLs generating a gridmap file from the LDAP database for authorization and mapping user contacts a service: they exchange their certificates to authenticate each other; the service bases its authorization decision on the gridmap file (... currently)

6 Info on proxy (2) The authentication steps shown in the following slides are: user requests a certificate user sends the requests to the CA, which sends back the signed certificate conversion to browser digestable PKCS12 format registration in the EDG LDAP-VO generats a proxy certificate (24 hours lifetime) host/service requests a certificate host/service sends the requests to the CA, which sends back the signed certificate retrival of the trusted CA certificates and their CRLs generating a gridmap file from the LDAP database for authorization and mapping user contacts a service: they exchange their certificates to authenticate each other; the service bases its authorization decision on the gridmap file (... currently)

7 Info on MyProxy The authentication steps shown in the following slides are: user requests a certificate user sends the requests to the CA, which sends back the signed certificate conversion to browser digestable PKCS12 format registration in the EDG LDAP-VO generats a proxy certificate (24 hours lifetime) host/service requests a certificate host/service sends the requests to the CA, which sends back the signed certificate retrival of the trusted CA certificates and their CRLs generating a gridmap file from the LDAP database for authorization and mapping user contacts a service: they exchange their certificates to authenticate each other; the service bases its authorization decision on the gridmap file (... currently)

8 Renew MyProxy The authentication steps shown in the following slides are: user requests a certificate user sends the requests to the CA, which sends back the signed certificate conversion to browser digestable PKCS12 format registration in the EDG LDAP-VO generats a proxy certificate (24 hours lifetime) host/service requests a certificate host/service sends the requests to the CA, which sends back the signed certificate retrival of the trusted CA certificates and their CRLs generating a gridmap file from the LDAP database for authorization and mapping user contacts a service: they exchange their certificates to authenticate each other; the service bases its authorization decision on the gridmap file (... currently)

9 Change GENIUS Password
The authentication steps shown in the following slides are: user requests a certificate user sends the requests to the CA, which sends back the signed certificate conversion to browser digestable PKCS12 format registration in the EDG LDAP-VO generats a proxy certificate (24 hours lifetime) host/service requests a certificate host/service sends the requests to the CA, which sends back the signed certificate retrival of the trusted CA certificates and their CRLs generating a gridmap file from the LDAP database for authorization and mapping user contacts a service: they exchange their certificates to authenticate each other; the service bases its authorization decision on the gridmap file (... currently)

10 Remove your proxy and Logout
The authentication steps shown in the following slides are: user requests a certificate user sends the requests to the CA, which sends back the signed certificate conversion to browser digestable PKCS12 format registration in the EDG LDAP-VO generats a proxy certificate (24 hours lifetime) host/service requests a certificate host/service sends the requests to the CA, which sends back the signed certificate retrival of the trusted CA certificates and their CRLs generating a gridmap file from the LDAP database for authorization and mapping user contacts a service: they exchange their certificates to authenticate each other; the service bases its authorization decision on the gridmap file (... currently)

11 Dissemination Security Services
The authentication steps shown in the following slides are: user requests a certificate user sends the requests to the CA, which sends back the signed certificate conversion to browser digestable PKCS12 format registration in the EDG LDAP-VO generats a proxy certificate (24 hours lifetime) host/service requests a certificate host/service sends the requests to the CA, which sends back the signed certificate retrival of the trusted CA certificates and their CRLs generating a gridmap file from the LDAP database for authorization and mapping user contacts a service: they exchange their certificates to authenticate each other; the service bases its authorization decision on the gridmap file (... currently)

12 Upload Your Certificate
The authentication steps shown in the following slides are: user requests a certificate user sends the requests to the CA, which sends back the signed certificate conversion to browser digestable PKCS12 format registration in the EDG LDAP-VO generats a proxy certificate (24 hours lifetime) host/service requests a certificate host/service sends the requests to the CA, which sends back the signed certificate retrival of the trusted CA certificates and their CRLs generating a gridmap file from the LDAP database for authorization and mapping user contacts a service: they exchange their certificates to authenticate each other; the service bases its authorization decision on the gridmap file (... currently)

13 Create Your MyProxy The authentication steps shown in the following slides are: user requests a certificate user sends the requests to the CA, which sends back the signed certificate conversion to browser digestable PKCS12 format registration in the EDG LDAP-VO generats a proxy certificate (24 hours lifetime) host/service requests a certificate host/service sends the requests to the CA, which sends back the signed certificate retrival of the trusted CA certificates and their CRLs generating a gridmap file from the LDAP database for authorization and mapping user contacts a service: they exchange their certificates to authenticate each other; the service bases its authorization decision on the gridmap file (... currently)

Download ppt "The GENIUS Security Services"

Similar presentations

CHEP 2000, 10.02.2000Roberto Barbera NA3, NA4, and NA5 activities Milano, 19.03.2004 Università di Catania and INFN Catania - Italy ALICE Collaboration.

CHEP 2000, Roberto Barbera NA3, NA4, and NA5 activities Milano, Università di Catania and INFN Catania - Italy ALICE Collaboration.
CHEP 2000, 10.02.2000Roberto Barbera Roberto Barbera (*) GENIUS: a Web Portal for the GRID Meeting Grid.it, Bologna, 14.02.2003 (*) work in collaboration.

CHEP 2000, Roberto Barbera Roberto Barbera (*) GENIUS: a Web Portal for the GRID Meeting Grid.it, Bologna, (*) work in collaboration.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
MyProxy Guy Warner NeSC Training.

MyProxy Guy Warner NeSC Training.
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK

22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Summer School Certificates Diego Romano & Gilda Team.

Summer School Certificates Diego Romano & Gilda Team.
Security Mechanisms The European DataGrid Project Team

Security Mechanisms The European DataGrid Project Team
National Computational Science National Center for Supercomputing Applications National Computational Science MyProxy: An Online Credential Repository.

National Computational Science National Center for Supercomputing Applications National Computational Science MyProxy: An Online Credential Repository.
Riccardo Bruno INFN.CT Sevilla, 10-14 Sep 2007 The GENIUS Grid portal.

Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.
Ákos FROHNER – DataGrid Security Requirements- 2002-04-09 - n° 1 Security Group D7.5 Document and Open Issues

Ákos FROHNER – DataGrid Security Requirements n° 1 Security Group D7.5 Document and Open Issues
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Sofia, 22 March 2007 Security, Authentication and Authorisation Mike Mineter Training, Outreach.

INFSO-RI Enabling Grids for E-sciencE Sofia, 22 March 2007 Security, Authentication and Authorisation Mike Mineter Training, Outreach.
Induction: Additional features of GENIUS 18 May 2004 - 1 Some additional features of GENIUS EGEE is funded by the European Union under contract IST-2003-508833.

Induction: Additional features of GENIUS 18 May Some additional features of GENIUS EGEE is funded by the European Union under contract IST
EDG Security European DataGrid Project Security Coordination Group

EDG Security European DataGrid Project Security Coordination Group

Similar presentations

Ads by Google