Presentation is loading. Please wait.

Presentation is loading. Please wait.

EGEE is a project funded by the European Union CA overview and requirements Ognjen Prnjat, Nikos Vogiatzis GRNET EGEE-SEE regional kick-off, April 7-8.

Published byRobyn Gardner Modified over 8 years ago

Similar presentations

Presentation on theme: "EGEE is a project funded by the European Union CA overview and requirements Ognjen Prnjat, Nikos Vogiatzis GRNET EGEE-SEE regional kick-off, April 7-8."— Presentation transcript:

1 EGEE is a project funded by the European Union CA overview and requirements Ognjen Prnjat, Nikos Vogiatzis GRNET EGEE-SEE regional kick-off, April 7-8 th, 2004

2 Athens, 7-8 th April - 2 Objectives of this session Establish understanding of the CA operation Agree on strategy in EGEE-SEE

3 Athens, 7-8 th April - 3 Outline Basic PKI/CA overview EGEE security

4 Athens, 7-8 th April - 4 Grid security requirements Secure communication (authenticated and perhaps confidential) between Grid elements. Security support across organizational boundaries, thus prohibiting a centrally-managed security system. “Single sign-on" for users of the Grid, including delegation of credentials for computations that involve multiple resources and/or sites.

5 Athens, 7-8 th April - 5 Globus security Globus / Globus Security Infrastructure use PKI and certificates PKI (CAs and Certificates) SSL/ TLS Proxies and Delegation PKI for credentials Proxies and delegation (GSI extensions) for secure single sign-on PKI: Public Key Infrastructure, SSL: Secure Socket Layer TLS: Transport Level Security SSL for authentication and message protection

6 Athens, 7-8 th April - 6 Certificates A X.509 certificate binds a public key to a name It includes a name and a public key signed by a trusted party (I\issuer) By checking the signature, one can determine that a public key belongs to a given user Name Issuer Public Key Signature Koumantaros Kostas 56, Mesogion Av. Athens, GR BD 04-03-1977 Male 175cm, 65Kg Brown Eyes Hellenic State Seal

7 Athens, 7-8 th April - 7 Certification Authorities (CAs) A small set of trusted entities known as Certificate Authorities (CAs) are established to sign certificates CA is an entity that exists only to sign user certificates The CA signs it’s own certificate which is distributed in a trusted manner The public key from the CA certificate can then be used to verify other certificates CA certificate itself must be trusted!! Name: CA Issuer: CA CA’s Public Key CA’s Signature

8 Athens, 7-8 th April - 8 CA verification Different approaches: Root certification Cross certification Bridge/hub cross-certification EGEE approach: PMA “club” of CA managers

9 Athens, 7-8 th April - 9 GRID CAs - PMA The European Grid Authentication Policy Management Authority for e-Science Authentication for distributed resource access through the Grid Security Infrastructure (GSI) Goal: establish a common authentication infrastructure trusted by all EU DataGrid parties Later joined by more partners (LCG project, others around the world) GridPMA.org initiative was started in 2002 http://www.eugridpma.org/

10 Athens, 7-8 th April - 10 EGEE security PMA checks if candidate CA conforms to a set of Minimum Requirements before it can join the club Cyprus, HellasGrid and Israel CA part of PMA Up to other EGEE-SEE CAs join the PMA club and run CA services for local Grid users Details on the site: http://www.eugridpma.org/ Catch-all CA (for SEE-GRID): HellasGrid

11 Athens, 7-8 th April - 11 Action points Identify existing CAs and future CA plans

Download ppt "EGEE is a project funded by the European Union CA overview and requirements Ognjen Prnjat, Nikos Vogiatzis GRNET EGEE-SEE regional kick-off, April 7-8."

Similar presentations

Introduction of Grid Security

Introduction of Grid Security
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:

Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:
Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
DGC Paris 4.03.02 Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
Security NeSC Training Team International Summer School for Grid Computing, Vico Equense, 10 - 22.6.2005.

Security NeSC Training Team International Summer School for Grid Computing, Vico Equense,
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.

INFSO-RI Enabling Grids for E-sciencE Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.
Grid Security Overview The Globus Project™ Copyright (c) 2002 University of Chicago and The University of Southern California. All.

Grid Security Overview The Globus Project™ Copyright (c) 2002 University of Chicago and The University of Southern California. All.

Similar presentations

Ads by Google