Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Mechanisms The European DataGrid Project Team

Published byTobias Lucas Cummings Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Mechanisms The European DataGrid Project Team"— Presentation transcript:

1 Security Mechanisms The European DataGrid Project Team http://www.eu-datagrid.org

2 Security Tutorial - n° 2 Overview  User side n Getting a certificate n Becoming a member of the VO  Server side n Authentication / CA n Authorization / VO (with some examples)

3 Security Tutorial - n° 3 Authentication  Authentication (CA Working Group) n Policies & Procedures  mutual trust n Currently the EDG CA group has approved s 15 EDG CAs s 5 CrossGrid CAs n France-CNRS acted as catchall CA to accept sites not covered by accepted CAs n Users identified by their personal certificate CrossGrid Certification Authorities Slovakia Cyprus Poland Greece DataGrid Certification Authorities CERN Czech Republic Canada France CNRS Germany Ireland Netherlands Nordic Countries Portugal Russia Spain United Kingdom US – DOE CrossGrid CAs

4 Security Tutorial - n° 4 Authorization  Authorization (Authorization Working Group) n Based on Virtual Organizations (VO) n Authorizations by experiment n 12 + 1 Virtual Organizations n Each VO has his own manager DataGrid Virtual Organizations WP6 ITEAM TSTG ALICE ATLAS LHCb CMS BABAR D0 EARTHOB GENOMIC MEDICAL IMAGING Guidelines

5 Security Tutorial - n° 5 Authentication Overview  Method to request certificate depending of the CA  A certificate is valid 1 year  Web request n France CNRS n Ireland n Italy n Netherlands n United Kingdom n US DOE  Grid-cert-request n Canada n CERN n Germany n Nordic Countries n Portugal n Russia n Spain  Openssl request n Czech Republic

6 Security Tutorial - n° 6 CNRS Personal Certificate Request  http://igc.services.cnrs.fr/Datagrid-fr/ http://igc.services.cnrs.fr/Datagrid-fr/ n See demo

7 Security Tutorial - n° 7 Certificate Convertion  Convert your certificate from PKCS12 format in PEM format n /opt/edg/bin/pkcs12-extract Or openssl pkcs12 -nocerts \ -in cert.p12 \ -out ~user/.globus/userkey.pem openssl pkcs12 -clcerts -nokeys \ -in cert.p12 \ -out ~user/.globus/usercert.pem

8 Security Tutorial - n° 8 Authorization User registration in an EDG Virtual Organisation  Sign the usage guidelines: https://marianne.in2p3.fr/cgi-bin/datagrid/register/account.pl https://marianne.in2p3.fr/cgi-bin/datagrid/register/account.pl  In case of problem, contact your VO Manager -> You are registered in the VO server and have a user account.

9 Security Tutorial - n° 9 Usage You must have a valid certificate from a trusted CA!  „login”: grid-proxy-init short lifetime certificate: 24 hours Enter PEM pass phrase:...........................+++++....................................+++++  checking the proxy: grid-proxy-info -subject /O=Grid/O=CERN/OU=cern.ch/CN=Akos Frohner/CN=proxy  „logout”: grid-proxy-destroy -> use the grid services

10 Security Tutorial - n° 10 CNRS Host Certificate Request  http://igc.services.cnrs.fr/Datagrid-fr/ http://igc.services.cnrs.fr/Datagrid-fr/ n See demo  You receive by crypted and signed email the host certificate

11 Security Tutorial - n° 11 Configuration on the Server  All RPMs are here: n http://datagrid.in2p3.fr/autobuild/rh6.2/rpmlist/ http://datagrid.in2p3.fr/autobuild/rh6.2/rpmlist/  Certificate and CRL URLs of the CAs:Authentication n http://datagrid.in2p3.fr/autobuild/rh6.2/rpmlist/CE-ca-v1_4_3.html http://datagrid.in2p3.fr/autobuild/rh6.2/rpmlist/CE-ca-v1_4_3.html  Creation of the gridmapfile:Authorization n http://datagrid.in2p3.fr/distribution/datagrid/wp6/RPMS/edg- mkgridmap-1.0.9-2.i386.rpm http://datagrid.in2p3.fr/distribution/datagrid/wp6/RPMS/edg- mkgridmap-1.0.9-2.i386.rpm  Scripts to update gridmapfile and CRLs: Authentication/Authorization n http://datagrid.in2p3.fr/distribution/datagrid/wp6/RPMS/edg-utils- system-1.3.2-1.noarch.rpm http://datagrid.in2p3.fr/distribution/datagrid/wp6/RPMS/edg-utils- system-1.3.2-1.noarch.rpm

12 Security Tutorial - n° 12 Summary  Authentification n http://marianne.in2p3.fr/datagrid/ca/ca-table-ca.html http://marianne.in2p3.fr/datagrid/ca/ca-table-ca.html n http://marianne.in2p3.fr/datagrid/ca/ca-help.html http://marianne.in2p3.fr/datagrid/ca/ca-help.html n http://igc.services.cnrs.fr/Datagrid-fr/ http://igc.services.cnrs.fr/Datagrid-fr/  Authorization n https://marianne.in2p3.fr/cgi-bin/datagrid/register/account.pl https://marianne.in2p3.fr/cgi-bin/datagrid/register/account.pl n http://marianne.in2p3.fr/datagrid/vo/vo-table.html http://marianne.in2p3.fr/datagrid/vo/vo-table.html

13 Security Tutorial - n° 13 Further Information Grid  EDG CAs: http://marianne.in2p3.fr/datagrid/cahttp://marianne.in2p3.fr/datagrid/ca  Globus Security: http://www.globus.org/security/http://www.globus.org/security/  EDG WP2: http://grid-data-management.web.cern.ch/grid-data- management/security/http://grid-data-management.web.cern.ch/grid-data- management/security/  EDG D7.5: http://edms.cern.ch/document/340234http://edms.cern.ch/document/340234 Background  GGF Security: http://www.gridforum.org/security/http://www.gridforum.org/security/  GSS-API: http://www.faqs.org/faqs/kerberos-faq/general/section- 84.htmlhttp://www.faqs.org/faqs/kerberos-faq/general/section- 84.html  IETF PKIX charter: http://www.ietf.org/html.charters/pkix- charter.htmlhttp://www.ietf.org/html.charters/pkix- charter.html  PKCS: http://www.rsasecurity.com/rsalabs/pkcs/index.htmlhttp://www.rsasecurity.com/rsalabs/pkcs/index.html

Download ppt "Security Mechanisms The European DataGrid Project Team"

Similar presentations

INFN CA1 active since July 1998 manager: –Roberto Cecchini types of certificates released: –personal –server –object signing.

INFN CA1 active since July manager: –Roberto Cecchini types of certificates released: –personal –server –object signing.
Programme: 145 sessions & social events

Programme: 145 sessions & social events
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK

22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
User Certificate Application Guide Mason Hsiung. Visit start to request your user certificatehttp://ca.grid.sinica.edu.tw.

User Certificate Application Guide Mason Hsiung. Visit start to request your user certificatehttp://ca.grid.sinica.edu.tw.
GSI – Grid Security Infrastructure and the EU DataGrid Authentication Infrastructure For the EDG CACG: David Groep.

GSI – Grid Security Infrastructure and the EU DataGrid Authentication Infrastructure For the EDG CACG: David Groep.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
DGC Paris 4.03.02 Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
Summer School Certificates Diego Romano & Gilda Team.

Summer School Certificates Diego Romano & Gilda Team.
AustrianGrid, LCG & more Reinhard Bischof HPC-Seminar April 8 th 2005.

AustrianGrid, LCG & more Reinhard Bischof HPC-Seminar April 8 th 2005.
Security Mechanisms The European DataGrid Project Team

Security Mechanisms The European DataGrid Project Team
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file www.gridpp.ac.uk grid “ping”

Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.

13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
9-May-02D.P.Kelsey, Security Plans, GridPP41 Security: Plans 9 May 2002 GridPP4 meeting, Manchester David Kelsey CLRC/RAL, UK

9-May-02D.P.Kelsey, Security Plans, GridPP41 Security: Plans 9 May 2002 GridPP4 meeting, Manchester David Kelsey CLRC/RAL, UK
5th EELA TUTORIAL - USERS www.eu-eela.org E-infrastructure shared between Europe and Latin America Authentication and Authorization in gLite Alexandre.

5th EELA TUTORIAL - USERS E-infrastructure shared between Europe and Latin America Authentication and Authorization in gLite Alexandre.
DOE Grids New subordinate CP/CPS v2.3 New subordinate CP/CPS v2.3 New name DOEGrids.org New name DOEGrids.org Old name DOESciencegrid.org Old name DOESciencegrid.org.

DOE Grids New subordinate CP/CPS v2.3 New subordinate CP/CPS v2.3 New name DOEGrids.org New name DOEGrids.org Old name DOESciencegrid.org Old name DOESciencegrid.org.
August 13, 2003Eric Hjort Getting Started with Grid Computing in STAR Eric Hjort, LBNL STAR Collaboration Meeting August 13, 2003.

August 13, 2003Eric Hjort Getting Started with Grid Computing in STAR Eric Hjort, LBNL STAR Collaboration Meeting August 13, 2003.

Similar presentations

Ads by Google