Presentation is loading. Please wait.

Presentation is loading. Please wait.

USCGrid A (Very Quick) Introduction To Authn/Authz

Published byEgbert Eaton Modified over 9 years ago

Similar presentations

Presentation on theme: "USCGrid A (Very Quick) Introduction To Authn/Authz"— Presentation transcript:

1 USCGrid A (Very Quick) Introduction To Authn/Authz http://www.usc.edu/isd/services/uscgrid

2 April 2003USCGrid at Internet22 USCGrid: A (Very Quick) Intro to Authn/Authz  Security – The Bird’s-eye View  Authn  Authz  References

3 April 2003USCGrid at Internet23 USCGrid: A (Very Quick) Intro to Authn/Authz  Security – The Bird’s-eye View  Authn  Authz  References

4 April 2003USCGrid at Internet24  Security – The Bird’s-eye View Everybody wants a secure network. Q: USCGrid: A (Very Quick) Intro to Authn/Authz

5 April 2003USCGrid at Internet25  Security – The Bird’s-eye View Everybody wants a secure network. Nobody wants servers broken into. Q: USCGrid: A (Very Quick) Intro to Authn/Authz

6 April 2003USCGrid at Internet26  Security – The Bird’s-eye View Everybody wants a secure network. Nobody wants servers broken into. How do the NMI components address security? Q: USCGrid: A (Very Quick) Intro to Authn/Authz

7 April 2003USCGrid at Internet27  Security – The Bird’s-eye View There are several aspects to security. A: USCGrid: A (Very Quick) Intro to Authn/Authz

8 April 2003USCGrid at Internet28  Security – The Bird’s-eye View There are several aspects to security. Authentication A: USCGrid: A (Very Quick) Intro to Authn/Authz

9 April 2003USCGrid at Internet29  Security – The Bird’s-eye View There are several aspects to security. Authentication – which concerns itself with verifying identity. A: USCGrid: A (Very Quick) Intro to Authn/Authz

10 April 2003USCGrid at Internet210  Security – The Bird’s-eye View There are several aspects to security. Authentication – which concerns itself with verifying identity. Authorization A: USCGrid: A (Very Quick) Intro to Authn/Authz

11 April 2003USCGrid at Internet211  Security – The Bird’s-eye View There are several aspects to security. Authentication – which concerns itself with verifying identity. Authorization – which determines what an authenticated user (or program) is allowed to do. A: USCGrid: A (Very Quick) Intro to Authn/Authz

12 April 2003USCGrid at Internet212  Security – The Bird’s-eye View There are several aspects to security. Confidentiality A: USCGrid: A (Very Quick) Intro to Authn/Authz

13 April 2003USCGrid at Internet213  Security – The Bird’s-eye View There are several aspects to security. Confidentiality – which ensures that no one except the intended parties can gain access to information. A: USCGrid: A (Very Quick) Intro to Authn/Authz

14 April 2003USCGrid at Internet214  Security – The Bird’s-eye View There are several aspects to security. Confidentiality – which ensures that no one except the intended parties can gain access to information. Data integrity A: USCGrid: A (Very Quick) Intro to Authn/Authz

15 April 2003USCGrid at Internet215  Security – The Bird’s-eye View There are several aspects to security. Confidentiality – which ensures that no one except the intended parties can gain access to information. Data integrity – which guards against tampering. A: USCGrid: A (Very Quick) Intro to Authn/Authz

16 April 2003USCGrid at Internet216  Security – The Bird’s-eye View There are several aspects to security. Auditing A: USCGrid: A (Very Quick) Intro to Authn/Authz

17 April 2003USCGrid at Internet217  Security – The Bird’s-eye View There are several aspects to security. Auditing – which logs information as things happen. A: USCGrid: A (Very Quick) Intro to Authn/Authz

18 April 2003USCGrid at Internet218  Security – The Bird’s-eye View There are several aspects to security. Auditing – which logs information as things happen. Intrusion detection A: USCGrid: A (Very Quick) Intro to Authn/Authz

19 April 2003USCGrid at Internet219  Security – The Bird’s-eye View There are several aspects to security. Auditing – which logs information as things happen. Intrusion detection – which notices break-ins. A: USCGrid: A (Very Quick) Intro to Authn/Authz

20 April 2003USCGrid at Internet220  Security – The Bird’s-eye View There are several aspects to security. We’re only going to look at Authentication – authn in security lingo – and Authorization – authz in security lingo. A: USCGrid: A (Very Quick) Intro to Authn/Authz

21 April 2003USCGrid at Internet221 USCGrid: A (Very Quick) Intro to Authn/Authz  Security – The Bird’s-eye View  Authn  Authz  References

22 April 2003USCGrid at Internet222  Authn Authn concerns itself with verifying identity. It’s the soldier’s challenge – and his comrade’s response. Q: USCGrid: A (Very Quick) Intro to Authn/Authz

23 April 2003USCGrid at Internet223  Authn Authn concerns itself with verifying identity. It’s the soldier’s challenge – and his comrade’s response. How does NMI handle authn? Q: USCGrid: A (Very Quick) Intro to Authn/Authz

24 April 2003USCGrid at Internet224  Authn There are a couple of different mechanisms used by NMI for authn. A: USCGrid: A (Very Quick) Intro to Authn/Authz

25 April 2003USCGrid at Internet225  Authn There are a couple of different mechanisms used by NMI for authn. Public Key Infrastructure (PKI) technology is used by the Globus Toolkit. A: USCGrid: A (Very Quick) Intro to Authn/Authz

26 April 2003USCGrid at Internet226  Authn There are a couple of different mechanisms used by NMI for authn. Public Key Infrastructure (PKI) technology is used by the Globus Toolkit. However, this segment will instead look at PubCookie, a component that uses passwords. A: USCGrid: A (Very Quick) Intro to Authn/Authz

27 April 2003USCGrid at Internet227 USCGrid: A (Very Quick) Intro to Authn/Authz  Security – The Bird’s-eye View  Authn  Authz  References

28 April 2003USCGrid at Internet228  Authz Authz determines what an authenticated user (or program) is allowed to do. Q: USCGrid: A (Very Quick) Intro to Authn/Authz

29 April 2003USCGrid at Internet229  Authz Authz determines what an authenticated user (or program) is allowed to do. How does NMI handle authz? Q: USCGrid: A (Very Quick) Intro to Authn/Authz

30 April 2003USCGrid at Internet230  Authz There are a couple of different mechanisms used by NMI for authz. A: USCGrid: A (Very Quick) Intro to Authn/Authz

31 April 2003USCGrid at Internet231  Authz There are a couple of different mechanisms used by NMI for authz. However, this segment will look at Shibboleth, a component that can grant authorization without knowing the identity of the person requesting authorization. A: USCGrid: A (Very Quick) Intro to Authn/Authz

32 April 2003USCGrid at Internet232 USCGrid: A (Very Quick) Intro to Authn/Authz  Security – The Bird’s-eye View  Authn  Authz  References

33 April 2003USCGrid at Internet233 USCGrid: A (Very Quick) Intro to Authn/Authz  References Kerberos: A Network Authentication System. Brian Tung. Addison-Wesley. 1999. SSH: The Secure Shell: The Definitive Guide. Daniel J. Barret & Richard E. Silverman. O’Reilly & Associates. 2001.

34 April 2003USCGrid at Internet234 USCGrid: A (Very Quick) Intro to Authn/Authz  References Practical Unix & Internet Security. Simson Garfinkel & Gene Spafford. O’Reilly & Associates. 1996. Shibboleth Project. http://shibboleth.internet2.edu http://shibboleth.internet2.edu PubCookie. http://www.washington.edu/pubcookie http://www.washington.edu/pubcookie

Download ppt "USCGrid A (Very Quick) Introduction To Authn/Authz"

Similar presentations

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.

Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
USCGrid KX.509& Enterprise Security Shelley Henderson Project Manager, Grid Software USC Information.

USCGrid KX.509& Enterprise Security Shelley Henderson Project Manager, Grid Software USC Information.
Using Kerberos the fundamentals. Computer/Network Security needs: Authentication Who is requesting access Authorization What user is allowed to do Auditing.

Using Kerberos the fundamentals. Computer/Network Security needs: Authentication Who is requesting access Authorization What user is allowed to do Auditing.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
Chapter 1 – Introduction

Chapter 1 – Introduction
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
USCGrid KX.509& Enterprise Security

USCGrid KX.509& Enterprise Security
GGF15 Workshop MyProxy Integration with PubCookie Marty Humphrey*, Jim Jokl*, and Jim Basney** *Department of Computer Science, University of Virginia,

GGF15 Workshop MyProxy Integration with PubCookie Marty Humphrey*, Jim Jokl*, and Jim Basney** *Department of Computer Science, University of Virginia,
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
SSH: An Internet Protocol By Anja Kastl IS 373 - World Wide Web Standards.

SSH: An Internet Protocol By Anja Kastl IS World Wide Web Standards.
Kerberos Authentication for Multi-organization Cross-Realm Kerberos Authentication User sent request to local Authentication Server Local AS shares cross-realm.

Kerberos Authentication for Multi-organization Cross-Realm Kerberos Authentication User sent request to local Authentication Server Local AS shares cross-realm.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Similar presentations

Ads by Google