Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federated Identity Management for HEP David Kelsey STFC – RAL Nijmegen workshop 22 June 2012.

Published byAngelica Ray Modified over 9 years ago

Similar presentations

Presentation on theme: "Federated Identity Management for HEP David Kelsey STFC – RAL Nijmegen workshop 22 June 2012."— Presentation transcript:

1 Federated Identity Management for HEP David Kelsey STFC – RAL Nijmegen workshop 22 June 2012

2 WLCG 22 June 2012Kelsey, HEP FIM2 Data processing, storage and analysis for the CERN Large Hadron Collider Experiments Making data equally available to all partners, regardless of their physical location WLCG is made up of more than 140 computing centres in ~ 35 countries several * 100K CPU Cores several * 100 PB Storage ~10K users

3 Endorsement of FIM paper DPK presented the paper to –HEPiX - 26 April 2012 –https://indico.cern.ch/contributionDisplay.py?sessionId=7&co ntribId=20&confId=160737https://indico.cern.ch/contributionDisplay.py?sessionId=7&co ntribId=20&confId=160737 –WLCG Grid Deployment Board – 9 May –https://indico.cern.ch/conferenceDisplay.py?confId=155068https://indico.cern.ch/conferenceDisplay.py?confId=155068 Formally endorsed by WLCG Management Board –Meeting of 5 June 2012 22 June 2012Kelsey, HEP FIM3

4 Federated IdM in HEP X.509 certificates and VOMS ACs for Grid services –Using TERENA Cert Service in some places –Grid also requires Delegation But many other services (not just Grid) –Collaboration tools, wikis, mail lists, webs, agenda pages… Today CERN has to manage thousands of user accounts, many of these are “external” Which federations should we use? –R&E, Moonshot, OpenID, …? Choice should be based on the required level of assurance 22 June 2012Kelsey, HEP FIM4

5 Two proposals for pilot projects for WLCG Browser based: a pilot using a WLCG collaborative Web application where users authenticate via their home-issued federated credential Non-browser based: a service enabling access to WLCG Grid resources using home- issued federated credentials 22 June 2012Kelsey, HEP FIM5

6 Browser-based Not decided yet At CERN or some other site? Traditional federated service –How do we cope with the scaling issues of joining many federations? 22 June 2012Kelsey, HEP FIM6

7 Non-browser Access to WLCG Grid services Hide the use of X.509 certificates from end users Using credential translation techniques –From federated identity credential –To short-lived X.509 certificate (hidden) –For example using the new EMI STS 2 slides from Romain Wartel (CERN) 22 June 2012Kelsey, HEP FIM7

8 Questions? 22 June 2012Kelsey, HEP FIM8

9 22 June 2012Kelsey, HEP FIM9

10 Questions? 22 June 2012Kelsey, HEP FIM10

Download ppt "Federated Identity Management for HEP David Kelsey STFC – RAL Nijmegen workshop 22 June 2012."

Similar presentations

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
Particle physics – the computing challenge CERN Large Hadron Collider –2007 –the worlds most powerful particle accelerator –10 petabytes (10 million billion.

Particle physics – the computing challenge CERN Large Hadron Collider –2007 –the worlds most powerful particle accelerator –10 petabytes (10 million billion.
The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK

The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Federated Identity Management for Research Communities: FIM 4 R CSC, Helsinki 2 nd October 2013 Bob Jones, CERN.

Federated Identity Management for Research Communities: FIM 4 R CSC, Helsinki 2 nd October 2013 Bob Jones, CERN.
Hungrid A Possible Distributed Computing Platform for Hungarian Fusion Research Szabolcs Hernáth MTA KFKI RMKI EFDA RP Workshop.

Hungrid A Possible Distributed Computing Platform for Hungarian Fusion Research Szabolcs Hernáth MTA KFKI RMKI EFDA RP Workshop.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.

WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
HEPiX IPv6 Working Group David Kelsey (STFC-RAL, UK) 4 May 2011 HEPiX, GSI, Darmstadt david.kelsey at stfc.ac.uk.

HEPiX IPv6 Working Group David Kelsey (STFC-RAL, UK) 4 May 2011 HEPiX, GSI, Darmstadt david.kelsey at stfc.ac.uk.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
GridPP Steve Lloyd, Chair of the GridPP Collaboration Board.

GridPP Steve Lloyd, Chair of the GridPP Collaboration Board.
HEPiX Catania 19 th April 2002 Alan Silverman HEPiX Large Cluster SIG Report Alan Silverman 19 th April 2002 HEPiX 2002, Catania.

HEPiX Catania 19 th April 2002 Alan Silverman HEPiX Large Cluster SIG Report Alan Silverman 19 th April 2002 HEPiX 2002, Catania.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.

BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)

Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Similar presentations

Ads by Google