Presentation is loading. Please wait.

Presentation is loading. Please wait.

EGEE is a project funded by the European Union under contract IST-2003-508833 Common Security Components Olle Mulmo JRA3 JRA1 all-hands meeting, June 29.

Published byDonald Todd Modified over 8 years ago

Similar presentations

Presentation on theme: "EGEE is a project funded by the European Union under contract IST-2003-508833 Common Security Components Olle Mulmo JRA3 JRA1 all-hands meeting, June 29."— Presentation transcript:

1 EGEE is a project funded by the European Union under contract IST-2003-508833 Common Security Components Olle Mulmo JRA3 JRA1 all-hands meeting, June 29 2004 www.eu-egee.org

2 , - 2 Our goal: it’s all about policy enforcement Graphics from Globus Alliance & GGF OGSA-WG

3 , - 3 Software development at JRA3 Planning -Requirements Development -Project estimates -Project plan High Level Design -Architectural design Stage 1,..,N -Detailed design -Construction -Release JRA1 SCM.. Time elapsed: days to week(s)

4 , - 4 Software development at JRA3 DeliverableDescription Requirement specificationsDocument describing the identified requirements for the deliverable. The success of the task will be measured against this. Iterated with JRA1. Handled by Change Control… Project estimatesSetting the scope for the project. Resources needed – people and time. Will be revised after each phase in the project. (QA, see JRA1 and JRA3 QA plan, and metrics) Architecture designHigh-level specification, the plan to build the right solution to the problem. Detailed designDetailed-level design, the plan to build the right solution in the right way. Staged Delivery PlanDefining the order in which the software will be constructed. Maximizing JRA1 value (e.g. choose the most important modules first if possible), minimizing risk. Construction and release(See developers guidelines from JRA2)

5 , - 5... but HOW? Libraries?  All functionality must be integrated in the service implementation Handlers / Filters?  Orthogonality (wrap/unwrap)  Extensibility (delegation, mutual authZ) Languages? Priorities still somewhat unclear  Want JRA1 “customers” - all not identified yet VOLUNTEERS?

6 , - 6 SOAP over HTTPS Why?A transport-level security solution to enable authenticity, integrity, and confidentiality to SOAP- based interactions. How?ProxyCert-aware TLS implementation, plugged into a SOAP engine. J: Axis handler, reuse EDG java-sec + CoG C: gSOAP plugin from IT (license?)

7 , - 7 Message Level Security Why?Allows for WS-I compliance, enables endpoint trust, and in some cases, eliminates the need for delegation How?Make use of existing implementations that aim at WS-I compliance. J: Refit Globus WS-Sec handlers with more recent WSS4J implementation from Apache C: ???

8 , - 8 Delegation portType Why?Disentangle authentication from delegation, making it an optional feature, reducing overhead and enabling use of “normal” HTTPS. How?J: Axis handler, client+server C: Apache filter (GridPP), client plugin

9 , - 9 AuthZ framework Why?To allow for combination of policies from multiple sources, and to enforce them How?J: framework + Axis handler wrapper C: framework + globus authz callout wrapper

10 , - 10 Workload Management, “LCAS” Why?Enables a CE to make complex decisions based on job management specific domain knowledge How?Evolve/wrap current implementation as AuthZ framework module(s), work closely with IT+CZ cluster.

11 , - 11 Mutual AuthZ Why?Insert soon-to-appear real-world requirement here How?Infosys? VOMS in server certs? getCreds() portType?

12 , - 12 Key Management for Biomed Why?Biomed has strong requirement on runtime access to (encrypted data) stores How?Standalone add-on service for key management that may reuse DM infrastructure. Work with NA4 affiliated experts to gather knowledge and detailed requirements. (No software product promised!!!)

13 , - 13 Auditing Why? How?Coding conventions, use existing log functionality. No special service at this point in time.

Download ppt "EGEE is a project funded by the European Union under contract IST-2003-508833 Common Security Components Olle Mulmo JRA3 JRA1 all-hands meeting, June 29."

Similar presentations

VO Support and directions in OMII-UK Steven Newhouse, Director.

VO Support and directions in OMII-UK Steven Newhouse, Director.
Mobile Application Architecture Initiative Steve Wheat Chief IT Architect.

Mobile Application Architecture Initiative Steve Wheat Chief IT Architect.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Security (JRA3) Åke Edlund, JRA3 Manager, KTH David Groep, EUGridPMA chair, NIKHEF EGEE 1.

INFSO-RI Enabling Grids for E-sciencE Security (JRA3) Åke Edlund, JRA3 Manager, KTH David Groep, EUGridPMA chair, NIKHEF EGEE 1.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
Course Instructor: Aisha Azeem

Course Instructor: Aisha Azeem
1 Object-Oriented Software Engineering CIS 375 Bruce R. Maxim UM-Dearborn.

1 Object-Oriented Software Engineering CIS 375 Bruce R. Maxim UM-Dearborn.
Globus 4 Guy Warner NeSC Training.

Globus 4 Guy Warner NeSC Training.
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.

EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Thirteenth Lecture Hour 8:30 – 9:20 am, Sunday, September 16 Software Management Disciplines Process Automation (from Part III, Chapter 12 of Royce’ book)

Thirteenth Lecture Hour 8:30 – 9:20 am, Sunday, September 16 Software Management Disciplines Process Automation (from Part III, Chapter 12 of Royce’ book)
1 Dr. Markus Hillenbrand, ICSY Lab, University of Kaiserslautern, Germany A Generic Database Web Service for the Venice Service Grid Michael Koch, Markus.

1 Dr. Markus Hillenbrand, ICSY Lab, University of Kaiserslautern, Germany A Generic Database Web Service for the Venice Service Grid Michael Koch, Markus.
Introducing Axis2 Eran Chinthaka. Agenda  Introduction and Motivation  The “big picture”  Key Features of Axis2 High Performance XML Processing Model.

Introducing Axis2 Eran Chinthaka. Agenda  Introduction and Motivation  The “big picture”  Key Features of Axis2 High Performance XML Processing Model.
CS 5150 1 CS 5150 Software Engineering Lecture 3 Software Processes 2.

CS CS 5150 Software Engineering Lecture 3 Software Processes 2.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.

INFSO-RI Enabling Grids for E-sciencE Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.
Software Engineering Management Lecture 1 The Software Process.

Software Engineering Management Lecture 1 The Software Process.
The GridSite Security System Andrew McNab and Shiv Kaushal University of Manchester.

The GridSite Security System Andrew McNab and Shiv Kaushal University of Manchester.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.

Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.

Similar presentations

Ads by Google