Presentation is loading. Please wait.

Presentation is loading. Please wait.

10-May-01D.P.Kelsey, Security Workshop Summary1 DataGrid Security Workshop 29/30 March 2001 SUMMARY David Kelsey CLRC/RAL, UK

Published byToby Barton Modified over 9 years ago

Similar presentations

Presentation on theme: "10-May-01D.P.Kelsey, Security Workshop Summary1 DataGrid Security Workshop 29/30 March 2001 SUMMARY David Kelsey CLRC/RAL, UK"— Presentation transcript:

1 10-May-01D.P.Kelsey, Security Workshop Summary1 DataGrid Security Workshop 29/30 March 2001 SUMMARY David Kelsey CLRC/RAL, UK d.p.kelsey@rl.ac.uk

2 10-May-01D.P.Kelsey, Security Workshop Summary2 Agenda – Day 1 Middleware Requirements –WP1M RudaCESnet –WP2B SegalCERN –WP3S FisherRAL –WP4L ConsCERN –WP5J GordonRAL Discussion and conclusions on middleware –M9 and longer term WP6: Testbed Certificate AuthoritiesD Kelsey/RAL –including efforts to agree on CA CP/CPS –plans for Testbed0/M9

3 10-May-01D.P.Kelsey, Security Workshop Summary3 Agenda – Day 2 (am) Experiment/Application requirements –WP8 - LHCbEric van HerwijnenCERN –WP8 - Alice, Atlas, CMSIngo AugustinCERN –WP9 - Earth ObservationNo input –WP10 - BiologyVincent BretonIN2P3 Site/Network Requirements Denise HeagertyCERN Work of the AAAARCH research group in the IRTF and possible emerging co-operation between GGF and IETF/IRTFCees deLaatUtrecht, NL Ideas for M9 authorisation –Tools from INFNFrancesco GiacominiINFN –Ideas for map filesAndrew McNabManchester

4 10-May-01D.P.Kelsey, Security Workshop Summary4 Agenda – Day 2 (pm) Discussion of Authorisation possibilities –For M9 –Longer term (CAS etc) Other M9 requirements –Audit? –Incident tracking? Plans for continuation of this work Summary and conclusions

5 10-May-01D.P.Kelsey, Security Workshop Summary5 Summary – Day 1 (M9) Authentication - GSI seems OK Some authorisation required –GIIS – will require MDS V3 – but not critical –Grid mapfile probably OK No requirement for groups? (probably yes) Tools to maintain and manage this –Job (re) submission – renew authorisation MyProxy may be useful List of appropriate clusters for WP1 WAN access to SE only by ReplicaManager –But users need more (e.g. remote database updates) Audit and Incident management?

6 10-May-01D.P.Kelsey, Security Workshop Summary6 Summary – Day 1 – long term Longer term Security very important – can we trust it? –Can we afford it? Warn PMB? Retain local control Authorisation the big problem to solve –Revocation of authorisation Policies – language? Accounting Audit Firewalls (& NAT?) DOS Incident monitoring, tracking etc.

7 10-May-01D.P.Kelsey, Security Workshop Summary7 WP8/9/10 requirements Single sign-on Authorisation, quotas, accounting –By role, by group Policies Encryption for WP10 Light-weight access for WP10 Web servlets for LHCb Long lived credentials

8 10-May-01D.P.Kelsey, Security Workshop Summary8 Site security requirements Denise’s slide: How to agree a common security policy across site boundaries? –national laws may differ, e.g privacy Are firewalls feasible at high data rates? –do we need common configurations across sites? How to detect intrusions? How to respond to incidents across sites? –blocking access, tracing break-ins, a GRID-CSIRT? What issues are raised by a grid-wide SSO? How do we protect access to resources? What are the time scales and priorities? –Are there already security issues for the Testbed?

9 10-May-01D.P.Kelsey, Security Workshop Summary9 AAAArch See Cees de Laat slides AAA Architecture

10 10-May-01D.P.Kelsey, Security Workshop Summary10 Tools for Grid Mapfile INFN –Users and Groups in LDAP –Tool to aid grid mapfile maintenance Gridmapdir patch to Globus (A McNab/Manchester) –Maps to generic accounts Babar001, babar002, atlas001 etc Leased (and expired?)

11 10-May-01D.P.Kelsey, Security Workshop Summary11 Future plans WP6 Security concerns –Responsibility of Site managers, Security mgrs –CA – next meeting CERN 5 th June –Authentication, Authorisation –User/Group registration –Many management issues New Security task force –Coordinate activities in middleware WP’s –Identify missing resources –Architectural design (with ATF) –Propose meeting at CERN on 6 th June

Download ppt "10-May-01D.P.Kelsey, Security Workshop Summary1 DataGrid Security Workshop 29/30 March 2001 SUMMARY David Kelsey CLRC/RAL, UK"

Similar presentations

24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK

24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.

WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK

22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - Manchester HEP - 29/30 March 2001 gridmapdir patch Overview of the problem Constraints from local systems Outline of how it works How to.

Andrew McNab - Manchester HEP - 29/30 March 2001 gridmapdir patch Overview of the problem Constraints from local systems Outline of how it works How to.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK

5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK
WP4 Gridification Subsystem overlap Globus & existing systems LCAS and AAA in WP4 for Gridification Task: David Groep

WP4 Gridification Subsystem overlap Globus & existing systems LCAS and AAA in WP4 for Gridification Task: David Groep
DGC Paris 4.03.02 Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
GGF Toronto 19.02.02 Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.

GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
2001.04.02 / David GroepSummary of Security Workshop - DataGRID WP4 workshop1 DataGrid Security WS Summary Targets: Identify requirements from WP's Define.

/ David GroepSummary of Security Workshop - DataGRID WP4 workshop1 DataGrid Security WS Summary Targets: Identify requirements from WP's Define.
Security Mechanisms The European DataGrid Project Team

Security Mechanisms The European DataGrid Project Team
Status of Globus activities within INFN (update) Massimo Sgaravatto INFN Padova for the INFN Globus group

Status of Globus activities within INFN (update) Massimo Sgaravatto INFN Padova for the INFN Globus group
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file www.gridpp.ac.uk grid “ping”

Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
5 November 2001F Harris GridPP Edinburgh 1 WP8 status for validating Testbed1 and middleware F Harris(LHCb/Oxford)

5 November 2001F Harris GridPP Edinburgh 1 WP8 status for validating Testbed1 and middleware F Harris(LHCb/Oxford)
Andrew McNab - Manchester HEP - 5 July 2001 WP6/Testbed Status Status by partner –CNRS, Czech R., INFN, NIKHEF, NorduGrid, LIP, Russia, UK Security Integration.

Andrew McNab - Manchester HEP - 5 July 2001 WP6/Testbed Status Status by partner –CNRS, Czech R., INFN, NIKHEF, NorduGrid, LIP, Russia, UK Security Integration.

Similar presentations

Ads by Google