Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF."— Presentation transcript:

1 INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF

2 Enabling Grids for E-sciencE INFSO-RI-508833 JRA3 EU Review Input DavidG December 7 th 2005 2 EUGridPMA Authentication Federation Federation consists of many independent CAs –Common minimum requirements –Defined and ‘strong’ acceptance process –“reasonable” trust level, as required by relying parties –no ‘hierarchical top’ to make formal guarantees Membership –34 Identity providers (national and regional CAs) –6 Relying parties (large projects like EGEE, DEISA, SEE-GRID, OSG, LCG) and TERENA CA 1 CA 2 CA 3 CA n charter guidelines acceptance process acceptance process relying party 1 relying party n

3 Enabling Grids for E-sciencE INFSO-RI-508833 JRA3 EU Review Input DavidG December 7 th 2005 3 The EUGridPMA Virtually complete coverage of Europe, accreditation for EGEE, DEISA, SEE-GRID, LCG, OSG,.. Actively fostered and by supported by JRA3 Green:countries and regions covered by a national CA in the EUGridPMA

4 Enabling Grids for E-sciencE INFSO-RI-508833 JRA3 EU Review Input DavidG December 7 th 2005 4 Policy Evaluation Framework Policy evaluation based on Authentication Profiles –Authorities demonstrate compliance with these guidelines –Peer-review process within the federation to (re-) evaluate members both on entry and periodically –Codified in the Accreditation Guidelines policy since 2004 –Demonstrated in practice in ~10 new accreditations since Benefits –Reduces effort on the relying parties  single document to review and assess, applicable to all providers –Reduce cost on the identity providers  no audit statement needed by certified accountants  but participation in the federation does come with a price Ultimate decision always remains with the administrative owners (relying parties)

5 Enabling Grids for E-sciencE INFSO-RI-508833 JRA3 EU Review Input DavidG December 7 th 2005 5 Authentication Profiles Three main Authentication Profiles (the requirement sets) common not only for Europe, but also for the Asia Pacific & Americas Certification authorities with secured infrastructure –Highly trusted by all current grid projects –Leverages national structures effectively Short-lived credential services –Leverage existing local site mechanisms –New profile to be pioneered in the Americas, but far from stable and has not yet been exposed to many relying parties Experimental Service –Jumpstart new national and regional CAs via a pilot service –Successful model in the Asia Pacific region

6 Enabling Grids for E-sciencE INFSO-RI-508833 JRA3 EU Review Input DavidG December 7 th 2005 6 Extending Trust: the IGTF common, global best practices for trust establishment better manageability and response of the PMAs TAGPMA APGridPMA

7 Enabling Grids for E-sciencE INFSO-RI-508833 JRA3 EU Review Input DavidG December 7 th 2005 7 IGTF Structure Each PMA can accredited authorities according to any of the valid authentication profiles (classic secured PKI, short-lived credential services, experimental) Common standards Coordinated naming (every name within the IGTF is unique) Common accreditation process Three chairs collectively represent the IGTF (formal IGTF chair rotates yearly) First IGTF Chair is from Europe …

8 Enabling Grids for E-sciencE INFSO-RI-508833 JRA3 EU Review Input DavidG December 7 th 2005 8 IGTF, GGF and TACAR The IGTF, GGF (the CAOPS-WG) and TERENA work together to establish the global trust fabric

9 Enabling Grids for E-sciencE INFSO-RI-508833 JRA3 EU Review Input DavidG December 7 th 2005 9 Towards common AAI in Europe A Common Authentication and Authorization Infrastructure described in the e-IRG Authorization Roadmap section collaboration with developments like eduroam™ via TERENA forae the single sign-on vision the authentication bridges, the authorization framework, on-demand user attribute discovery, all work towards this goal On a wireless mobile network while visiting abroad, then decide to lookup the data from the latest experiment your colleague in your Virtual Organization did, and run a simulation to look alternate scenarios, all that with just using your credentials (password, smartcard) only once!

10 Enabling Grids for E-sciencE INFSO-RI-508833 JRA3 EU Review Input DavidG December 7 th 2005 10 SAC slides to follow

11 Enabling Grids for E-sciencE INFSO-RI-508833 JRA3 EU Review Input DavidG December 7 th 2005 11 Site Access Control ingredients global issues service business logic site access control User policies VO policies Establishing Trusted Third Parties Key storage MyProxy System account creation workernode to headnode communications Access control to individual files Router port filtering DDoS protection Identities & Certificates Site policy actions & policy decisions virtualization & system accounts connectivity provisioning logging auditing

12 Enabling Grids for E-sciencE INFSO-RI-508833 JRA3 EU Review Input DavidG December 7 th 2005 12 Virtualization and System Accounts JRA3 ingredients: LCAS, LCMAPS, glexec Aim is the fully interoperable job submission chain: GT4, Condor C / BLAHP, GT Work Space Service Components part of the gLite 1.5 release

Download ppt "INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF."

Similar presentations

EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Security (JRA3) Åke Edlund, JRA3 Manager, KTH David Groep, EUGridPMA chair, NIKHEF EGEE 1.

INFSO-RI Enabling Grids for E-sciencE Security (JRA3) Åke Edlund, JRA3 Manager, KTH David Groep, EUGridPMA chair, NIKHEF EGEE 1.
David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.

David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Portals and Authentication Issues and Solution Directions from a CA and IGTF Perspective David.

INFSO-RI Enabling Grids for E-sciencE Portals and Authentication Issues and Solution Directions from a CA and IGTF Perspective David.
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.

Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
David Groep EUGridPMA The International Grid Trust Federation enabling an interoperable global trust fabric also supported by EGI.eu EGI-InSPIRE RI-261323,

David Groep EUGridPMA The International Grid Trust Federation enabling an interoperable global trust fabric also supported by EGI.eu EGI-InSPIRE RI ,
\ 2008-11-13Grid Security and Authentication1. David Groep Physics Data Processing group Nikhef.

\ Grid Security and Authentication1. David Groep Physics Data Processing group Nikhef.
The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin

The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.

WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
Grid Trust Fabric TNC 2006, Catania 16 May 2006 David Kelsey CCLRC/RAL, UK

Grid Trust Fabric TNC 2006, Catania 16 May 2006 David Kelsey CCLRC/RAL, UK
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org The US Federation Miron Livny Computer Sciences Department University of Wisconsin – Madison.

INFSO-RI Enabling Grids for E-sciencE The US Federation Miron Livny Computer Sciences Department University of Wisconsin – Madison.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

Similar presentations

Ads by Google