Presentation is loading. Please wait.

Presentation is loading. Please wait.

OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland

Published byLillian Wright Modified over 9 years ago

Similar presentations

Presentation on theme: "OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland"— Presentation transcript:

1 OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland r.sinnott@nesc.gla.ac.uk

2 OGF22 25 th February 2008 Shibboleth Scenario Service provider Shib Frontend 5. Pass authentication info and attributes to authZ function Grid Portal 6. Make final AuthZ decision Grid Application Identity Provider Home Institution W.A.Y.F. Federation User 1. User points browser at Grid resource/portal 2. Shibboleth redirects user to W.A.Y.F. service 3.User selects their home institution 4. Home site authenticates user and pushes attributes to the service provider AuthN LDAP AuthZ ? What sites + attributes to accept (trust)? What attributes to send? Only see/use what allowed to? uid Log-in once and roam

3 OGF22 25 th February 2008 Centralised Shibboleth Scenario Service provider 5. Pass authentication info and attributes to authZ function Grid Portal 6. Make final AuthZ decision Grid Application Identity Provider Home Institution W.A.Y.F. Federation User 1. User points browser at Grid resource/portal 2. Shibboleth redirects user to W.A.Y.F. service 3.User selects their home institution 4. Home site authenticates user and pushes attributes to the service provider AuthN LDAP AuthZ VO wide authZ

4 OGF22 25 th February 2008 VOMS

5 OGF22 25 th February 2008 VOMS

6 OGF22 25 th February 2008 VOTES Virtual Organisations for Trials and Epidemiological Studies 3 year (£2.8M) MRC funded project started October 2005 Plans to develop framework for producing Grid infrastructures to address key components of clinical trial/observational study  Recruitment of potentially eligible participants  Data collection during the study  Study administration and coordination –Involves Glasgow, Oxford, Leicester/Nottingham, Manchester, Imperial »Direct links with UK Biobank, Generation Scotland Scottish Family Health Study

7 OGF22 25 th February 2008 VOTES Distributed Data Framework Service

8 OGF22 25 th February 2008 Existing Demonstration (pushing attributes in SAML)

9 OGF22 25 th February 2008

10 OGF22 25 th February 2008

11 OGF22 25 th February 2008

12 OGF22 25 th February 2008

13 OGF22 25 th February 2008

14 OGF22 25 th February 2008

15 OGF22 25 th February 2008

16 OGF22 25 th February 2008 VOMS’ing

17 OGF22 25 th February 2008 The Scenario (1) A VOTES diabetes service is deployed on a GT4 infrastructure (2) A user runs “voms-proxy-init” to generate a proxy certificate including VOMS credentials (3) and tries to invoke the protected stored procedure (4) The PEP passes the user information (including proxy certificate) to the VOMS PIP (5) VOMS PIP validates the credentials and passes back the VOMS Fully Qualified Attribute Name (FQAN) within the subject attributes. (6) The PEP calls the PERMIS PDP pushing the request information and credentials (7) The PERMIS PDP according to the policy decides if this user with certain attributes is authorized to access the service. (8) If successful the stored procedure is invoked, the federated query run and returned results joined and returned to the end user

18 OGF22 25 th February 2008

19 OGF22 25 th February 2008 Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse Interaction Unuccessful Nurse Interaction => java -classpath./build/stubs/classes/:$CLASSPATH org/globus/clients/DataFederationProxy/SecureGSNurseClient security-configRichard.xml =>java -classpath./build/stubs/classes/:$CLASSPATH org/globus/clients/DataFederationProxy/SecureGSDoctorClient security-configRichard.xml

20 OGF22 25 th February 2008

21 OGF22 25 th February 2008 Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse Interaction Successful Doctor Interaction => java -classpath./build/stubs/classes/:$CLASSPATH org/globus/clients/DataFederationProxy/SecureGSNurseClient security-configRichard.xml =>java -classpath./build/stubs/classes/:$CLASSPATH org/globus/clients/DataFederationProxy/SecureGSDoctorClient security-configRichard.xml

22 OGF22 25 th February 2008 The Scenario with Permis (VPMan) (1) The client attempts to invoke the PERMIS protected Geronimo service. The PEP extracts the users DN and identifies that it needs attributes from a VOMS server (2) The PEP, via a Subject PIP, pulls back the relevant attributes from VOMS server (3)and passes them to the PDP (4) The permis PDP makes the decision (5) and if ok, submit job using via GridSAM to appropriate Grid Resource

Download ppt "OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland"

Similar presentations

Demonstrations at PRAGMA 13 10 demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.

Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.
Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.

ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
AHM 2008, 11 th September 2008 Supporting Security-Oriented Interdisciplinary Research: Crossing the Social, Clinical and Geospatial Domains Prof. Richard.

AHM 2008, 11 th September 2008 Supporting Security-Oriented Interdisciplinary Research: Crossing the Social, Clinical and Geospatial Domains Prof. Richard.
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
Authz work in GGF David Chadwick

Authz work in GGF David Chadwick
Security Approaches and Requirements John Watt NCeSS Conference 2008 - Workshop 3 Data Management through e-Social Science June 18th 2008.

Security Approaches and Requirements John Watt NCeSS Conference Workshop 3 Data Management through e-Social Science June 18th 2008.
EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.

EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.
20 March 2007 VOMS etc - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
The EC PERMIS Project David Chadwick

The EC PERMIS Project David Chadwick
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch

GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch

Similar presentations

Ads by Google