Presentation is loading. Please wait.

Presentation is loading. Please wait.

Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.

Published byPaxton Fearn Modified over 9 years ago

Similar presentations

Presentation on theme: "Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013."— Presentation transcript:

1 Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013

2 Background Like RADIUS, but for “higher level” services RadSec Carrying SAML assertions Standards based (IETF) – RADIUS, EAP,-TTLS, GSSAPI Federated: user, SP, IdP, AA Targeting glueware like ssh, MyProxy, Technology project (code, not federations)

3 Current Status In theory, anything using GSS (and SASL (and SSPI)) – Some things need minor fixes Get started with Ubuntu/Debian ISO – “Hello, World” for Moonshot – RPMs available, broadening OS support (Win, OSX) – Needs client and server libs Project led by JANET Development by Painless Security – www.painless-security.com www.painless-security.com IETF ABFAB-WG www.project-moonshot.org

4 UK Pilot Started 2 April 2013. Kick off meeting Mon 8th 37 partners, 5 non-UK, most starting now Documentation being written 18 months, three phases (1, 2, and 3)

5 Pilot Common Areas 0. Grid resources (via certificates in medium term) 1.“HPC” (ssh) – everyone 2.OpenStack – Kent, Sussex 3.iRODS – STFC, UCL (maybe) 4.CIFS (maybe) – UCL 5.Federated desktops (ie acct mgmt) 6.Ticket systems/support (Cambridge) 7.Clouds and cloudbursting (Kingston) 8.Scalability and performance (JANET) 9.Trust routers (initially JANET will run one) 10.Grid COI (STFC+JANET)

6 Moonshot Integration

7 Examples of tested scenarios OpenSSH client  OpenSSH server (GSS) OpenLDAP client  OpenLDAP server (SASL) OpenLDAP client (GSS)  Windows Active Directory (SSPI) Firefox  Apache (GSS) Internet Explorer  IIS (SSPI) Adium  Jabberd (SASL) Console authentication using PAM/GSS on Linux and SSPI on Windows

8 Moonshot & MyProxy Moonshot supported via SASL – No code changes or recompiling needed – Only matter of configuration (server/client) Both CA and repository mode supported – Users can obtain new credentials or retrieve stored ones X.509 credentials can be obtained using federated identity: myproxy-logon –l steve@realm –s server -n

9 Moonshot & NFSv4 Distributed file system – Several implementations available – Security implemented using GSS-API Significant changes to client and server done – “hidden” dependency on Kerberos Pilot deployment oriented on grid users – Authentication using X.509 (IGTF) – Gridified file system

Download ppt "Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013."

Similar presentations

EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
© 2006 Open Grid Forum Federated Identity in the Cloud OGF 32, Salt Lake City.

© 2006 Open Grid Forum Federated Identity in the Cloud OGF 32, Salt Lake City.
MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.

ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.
Project Moonshot February 2012. Background Project Moonshot 2.

Project Moonshot February Background Project Moonshot 2.
John Chapman, Janet Fall 2012 Internet 2 Member Meeting 3 October 2012 Trust me, I’m an engineer: Engineering trust using a Trust Router infrastructure.

John Chapman, Janet Fall 2012 Internet 2 Member Meeting 3 October 2012 Trust me, I’m an engineer: Engineering trust using a Trust Router infrastructure.
August 2013 Introduction to Moonshot. Why Moonshot? Within education, there are a number of specialised federations: – UK federation - Access to web-based.

August 2013 Introduction to Moonshot. Why Moonshot? Within education, there are a number of specialised federations: – UK federation - Access to web-based.
Contrail and Federated Identity Management

Contrail and Federated Identity Management
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.

© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.
ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.

ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Similar presentations

Ads by Google