Presentation is loading. Please wait.

Presentation is loading. Please wait.

24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK

Published bySeth Lamb Modified over 11 years ago

Similar presentations

Presentation on theme: "24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK"— Presentation transcript:

1 24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK d.p.kelsey@rl.ac.uk

2 24-May-01D.P.Kelsey, GridPP WG E: Security2 Introduction - Security Essential low-level component for any GRID –also need to inter-operate with other GRIDs General Requirements –Authentication (and single sign-on) –Authorisation –Auditing –Incident discovery and tracking (hacking!) Accounting and Quotas - related, but not this WG WG E is Security Development –not Operations (that comes under WG G)

3 24-May-01D.P.Kelsey, GridPP WG E: Security3 Authentication Based on X.509 certificates and Globus GSI Implementation by DataGrid WP6 CA sub-group –10 national Certificate Authorities in action Andrew S. et al run the UK Testbed CA at RAL Moving away from use of Globus certs –By M9 only EDG Putting effort into CP and CPS –We must be able to trust each other! –GGF working on this topic Yet to include US CA(s)

4 24-May-01D.P.Kelsey, GridPP WG E: Security4 Authorisation The big problem! Requirements –Groups, Roles, Privileges … Used in resource allocation and quotas –Link Global and Local security policies –But give Local managers full control Solution for EDG M9/Testbed 1 –Use Globus GRID mapfile –Authorisation all LOCAL, I.e. UNIX gid, uid based –Tool from Andrew McNab to map to generic leased accounts –Tool from INFN to extract group structures from LDAP directories

5 24-May-01D.P.Kelsey, GridPP WG E: Security5 Future directions Globus Community Authorisation Server (CAS) –User authenticates against CAS using X.509 cert –CAS gives back a community certificate –User presents the community cert to end server –This is mapped onto local security domain Activity in IETF, GGF, … on PMI –Privilege Management Infrastructure Capability vs Access Control We need to investigate –Local access to Global security ( a new service) –How to specify policy

6 24-May-01D.P.Kelsey, GridPP WG E: Security6 Deliverables/Resources

7 24-May-01D.P.Kelsey, GridPP WG E: Security7 Task 1 General comment –Still early days - deliverables rather general! Task 1: Gather Requirements (0.2 FTE) –Document initial requirements (year 1) middleware & applications –ongoing requirements through tasks 4 & 8 Deliverables –Year 1 - Produce a document

8 24-May-01D.P.Kelsey, GridPP WG E: Security8 Task 2 Survey and Track Technology (0.5 FTE) –survey/track developments in GGF, IETF, Globus and elsewhere and make recommendations Deliverables –Year 1: Recommend useful standards and implementations –Years 2/3: Track and make recommendations

9 24-May-01D.P.Kelsey, GridPP WG E: Security9 Task 3 Design, implement and test (1.6 FTE) –short-term and long-term solutions for authentication, authorisation, auditing and other security services Deliverables –Year 1: Implement and test short-term solutions –Years 2/3: Long-term solutions –Years 2/3: work with other projects and GGF to define common policies and practices

10 24-May-01D.P.Kelsey, GridPP WG E: Security10 Task 4 Integrate with Other WG/Grids (0.7 FTE) –work with other work groups and projects to ensure common solutions Deliverables –Year 1: Define and establish links –Year 1: Use these links share info, tools etc –Years 2/3: Continue as before with new links as required

11 24-May-01D.P.Kelsey, GridPP WG E: Security11 Task 5 Architecture (0.25 FTE) –work with other WGs and projects to define the architecture of the security services and their relation to other Grid components Deliverables –Year 1: Define an initial architecture –Years 2/3: Review and refine

12 24-May-01D.P.Kelsey, GridPP WG E: Security12 Task 6 Security Development (0.75 FTE) –develop tools and services as required, both short and long term Deliverables –Year 1: Provide tools and services for early prototype –Years 2/3: Refine and develop new tools and services as required

13 24-May-01D.P.Kelsey, GridPP WG E: Security13 Task 7 Management of WG E (0.25 FTE) –project planning and management –includes WG meetings, documentation etc. Deliverables –Year 1: Management –Years 2/3: More management!

14 24-May-01D.P.Kelsey, GridPP WG E: Security14 Task 8 DataGrid Security (0.5 FTE) –participation and leadership of EDG Security Coordination –not specified in EU contract Deliverables –Year 1: Leadership of DataGrid security group(s) –Years 2/3: Ongoing leadership

15 24-May-01D.P.Kelsey, GridPP WG E: Security15 Task 9 DataGrid Security Development (0.75 FTE) –to complement Task 6 –development of tools and services for EDG –these will also be useful for GridPP and others Deliverables –Year 1: development work for EDG –Years 2/3: ongoing development

16 24-May-01D.P.Kelsey, GridPP WG E: Security16 Task 10 Production phase (1.0 FTE) –additional effort to complement other tasks during years 2 and 3 Deliverables –Years 2/3: work in areas to be defined by end of Year 1

17 24-May-01D.P.Kelsey, GridPP WG E: Security17 Summary of effort (FTE)01/0202/0303/04 TOT Design, Develop, 0.61.91.94.4 Test Manage, Survey, 0.50.80.82.1 Link to others TOTALS1.12.72.76.5

18 24-May-01D.P.Kelsey, GridPP WG E: Security18 Links to other Grid projects Security must interoperate! GridPP - WG K CERN –WG K also bidding for effort to work on PKI, PMI and security monitoring DataGrid GGF, GriPhyN, PPDG... CLRC e-Science Centre Others...

19 24-May-01D.P.Kelsey, GridPP WG E: Security19 Future plans DataGrid Security is my top priority right now –Security into architecture (ATF) –operational issues via WP6 –Kick start a Security Task Force to coordinate activities in other WPs meet at CERN on 6th June We need GridPP effort asap! Start to define more detailed Year 1 plans –and identify a security team –Defence (work together): Network + Security

Download ppt "24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK"

Similar presentations

Conference xxx - August 2003 Fabrizio Gagliardi EDG Project Leader and EGEE designated Project Director Position paper Delivery of industrial-strength.

Conference xxx - August 2003 Fabrizio Gagliardi EDG Project Leader and EGEE designated Project Director Position paper Delivery of industrial-strength.
Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.

Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.
WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.

WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Fabric and Storage Management GridPP Fabric and Storage Management GridPP 24/24 May 2001.

Fabric and Storage Management GridPP Fabric and Storage Management GridPP 24/24 May 2001.
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
GridPP Presentation to PPARC Grid Steering Committee 26 July 2001 Steve Lloyd Tony Doyle John Gordon.

GridPP Presentation to PPARC Grid Steering Committee 26 July 2001 Steve Lloyd Tony Doyle John Gordon.
Tony Doyle GridPP2 Proposal, BT Meeting, Imperial, 23 July 2003.

Tony Doyle GridPP2 Proposal, BT Meeting, Imperial, 23 July 2003.
18 April 2002 e-Science Architectural Roadmap Open Meeting 1 Support for the UK e-Science Roadmap David Boyd UK Grid Support Centre CLRC e-Science Centre.

18 April 2002 e-Science Architectural Roadmap Open Meeting 1 Support for the UK e-Science Roadmap David Boyd UK Grid Support Centre CLRC e-Science Centre.
4 December 2002 Grid Resource Access Workshop, NeSC 1 Managing Access to Resources on the Grid David Boyd CLRC e-Science Centre

4 December 2002 Grid Resource Access Workshop, NeSC 1 Managing Access to Resources on the Grid David Boyd CLRC e-Science Centre
VO Support and directions in OMII-UK Steven Newhouse, Director.

VO Support and directions in OMII-UK Steven Newhouse, Director.
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.

Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK

22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Author - Title- Date - n° 1 Partner Logo Authentication John Gordon GridPP 2 nd May 2002.

Author - Title- Date - n° 1 Partner Logo Authentication John Gordon GridPP 2 nd May 2002.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK

11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK
Net Security1 Chapter 8 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew Yang.

Net Security1 Chapter 8 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew Yang.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.2 Tree-Based Group Diffie Hellman Protocol Acknowledgment:

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.2 Tree-Based Group Diffie Hellman Protocol Acknowledgment:

Similar presentations

Ads by Google