Federated access to Grid resources
|
|
- Lindsey Jenkins
- 8 years ago
- Views:
Transcription
1 Federated access to Grid resources Keith Hazelton Internet2 Middleware Architecture Comm. for Ed. APAN, Singapore, 19-July-06
2 Topics Grid authentication and authorization: The scaling problem Federations Governance/risk management solutions PKI + SAML Technical solutions 2
3 Coming manageability crisis in Grids in R&E User management & resource management: from minor annoyance to major obstacle to growth In Australia, APAC is issuing <200 PKI certificates per year Expecting that to quickly grow to 2,500 per year annually as Grid usage expands, 5X their capacity One example among countless others 3
4 Addressing two sides of the manageability crisis Governance and trust/risk management Federations: sectoral, national, regional, global: IGTF; M.Williams at APAN: IPsphere.org Reliance on campus identity and access management infrastructures VOs layered over these organizational bases Technical management tools Supporting an appropriate division of problem space between SAML and PKI Others: managing roles and privileges... 4
5 Feds & X-feds in trust/risk mgmt. Federations as a big tent under which fed. member organizations and partners can negotiate additional community of interest policies and deals Federations as parties that negotiate Interfederation X-Fed agreements In US: R&E: InCommon; Fed. govt: E-Auth D. Lopez on edugain in Europe: Federation of Federations (confederation) 5
6 InCommon Federation Mission Create and support a common framework for trustworthy shared management of access to online resources in support of education and research in the United States. How? A community-based common trust fabric sufficient to enable participants to make appropriate decisions about access control information provided to them by other participants. 6
7 US E-Authentication Mission Public trust in the security of information exchanged over the Internet plays a vital role in the E-Gov transformation. E-Authentication makes that trust possible. How? Set the standards for the identity proofing of individuals and businesses, based on risk of online services used. The initiative will focus on meeting the authentication business needs of the E-Gov initiatives, building the necessary infrastructure to support common, unified processes and systems. 7
8 X-Federation: FPKI to E-Authentication Federal Common Policy CA Citizen and Commerce Class Policy CA E-Authentication Level 4 Level 3 Level 2 High MediumHW MediumHW-CBP Medium Medium-CBP Basic Rudimentary Federal Bridge CA Level 1 E-Authentication Governance CAs and InCommon member CSPs 2005 Cybertrust. All rights reserved.
9 The technical piece, GridShib: SAML plus PKI an emerging win SAML: OASIS Std.: Security Assertion Markup Language 9
10 Multi-federation PIDP 10
11 GridShib Background GridShib Tom Barton, David Champion, Tim Freeman, Kate Keahey, Tom Scavo, Frank Siebenlist, Von Welch NSF NMI project to allow the use of Shibboleth-issued attributes for authorization in NMI Grids built on the Globus Toolkit MyProxy Jim Basney, Bill Baker, Patrick Duda, Von Welch Current support from NCSA Core project, TeraGrid Tom Barton, Jim Basney, Tim Freeman, Tom Scavo, Frank Siebenlist, Von Welch, Rachana Ananthakrishnan, Bill Baker, Monte Goode, and Kate Keahey. Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, Gridshib, and MyProxy. In 5th Annual PKI R&D Workshop (To appear), April
12 New to MyProxy On-line CA functionality Create short-lived certificates in response to user authentication Short-Lived Certificate Service Thanks to LBNL Number of authentication mechanisms supported Webiso pubcookie tokens PAM, OTP, Kerberos Funded by Grids Center 12
13 Prototype CA as SAML SP Shibboleth-protected MyProxy on-line CA Issues short-lived credentials to anyone who can authenticate via InQueue e.g. OpenIdP Uses Java Web Start to get certificate from the web to the desktop Installs in the right place for GT to use Try it out: 13
14 Prototype CA as SAML SP Shibboleth-protected MyProxy on-line CA What does it mean for the Grid scaling problem? No need to wait for universal end-entity PKI deployment gives path to exchange attributes info, too, via Shibboleth/SAML protocols 14
15 Other Grid - SAML/Shibboleth integration projects JISC (funding body for IT in R&E in UK) funding many integration efforts ShibGrid SHEBANG Nat l e-science Centre, Glasgow, BRIDGES/ ESP-Grid, DyVOSE, GLASS, VOTES MAMS in Australia: Erik Vullings et al. Meta Access Management System SWITCH (Swiss R&E Net) integrating Shibboleth & glite 15
16 Q & A hazelton@wisc.edu 16
Scaling TeraGrid Access: A Testbed for Identity Management and Attribute-based Authorization
TERAGRID 2007 CONFERENCE, MADISON, WI 1 Scaling TeraGrid Access: A Testbed for Identity Management and Attribute-based Authorization Von Welch, Ian Foster, Tom Scavo, Frank Siebenlist, Charlie Catlett,
More informationAuthorization Strategies for Virtualized Environments in Grid Computing Systems
Authorization Strategies for Virtualized Environments in Grid Computing Systems Xinming Ou Anna Squicciarini Sebastien Goasguen Elisa Bertino Purdue University Abstract The development of adequate security
More informationManaging Credentials with
Managing Credentials with MyProxy Jim Basney National Center for Supercomputing Applications University of Illinois jbasney@ncsa.uiuc.edu http://myproxy.ncsa.uiuc.edu/ What is MyProxy? A service for managing
More information2 Transport-level and Message-level Security
Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective The Globus Security Team 1 Version 4 updated September 12, 2005 Abstract This document provides an overview of the Grid Security
More informationLIGO Identity Management: Questions I Wish We Would Have Asked
LIGO Identity Management: Questions I Wish We Would Have Asked Scott Koranda for LIGO LIGO and University of Wisconsin-Milwaukee September 6, 2012 LIGO-XXXXXXXX-v1 1 / 39 We had a mess Late in 2007 and
More informationCILogon: A Federated X.509 Certification Authority for CyberInfrastructure Logon
CILogon: A Federated X.509 Certification Authority for CyberInfrastructure Logon Jim Basney jbasney@illinois.edu Terry Fleury tfleury@illinois.edu National Center for Supercomputing Applications University
More informationIdentity and Access Management for Federated Resource Sharing: Shibboleth Stories
Identity and Access Management for Federated Resource Sharing: Shibboleth Stories http://arch.doit.wisc.edu/keith/apan/ apanshib-060122-01.ppt Keith Hazelton (hazelton@doit.wisc.edu) Sr. IT Architect,
More informationA Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR
A Shibboleth View of Federated Identity Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR Short Section Title Agenda Assumptions and Trends Identity Management and Shibboleth Shibboleth
More informationSINGLE SIGN-ON AND AUTHORIZATION FOR DYNAMIC VIRTUAL ORGANIZATIONS
58 SINGLE SIGN-ON AND AUTHORIZATION FOR DYNAMIC VIRTUAL ORGANIZATIONS R.O. Sinnott 1, O. Ajayi 1, A.J. Stell 1, J. Watt 1, J. Jiang 1, J. Koetsier 2 National e-science Centre 1 University of Glasgow, Glasgow,
More informationSecure Federated Authentication and Authorisation to GRID Portal Applications using SAML and XACML Erik Vullings and James Dalziel
Secure Federated Authentication and Authorisation to GRID Portal Applications using SAML and XACML Erik Vullings and James Dalziel MELCOE, Macquarie University, Sydney, NSW 2109, Australia E-mail: {erik.vullings,
More informationA Federated Authorization and Authentication Infrastructure for Unified Single Sign On
A Federated Authorization and Authentication Infrastructure for Unified Single Sign On Sascha Neinert Computing Centre University of Stuttgart Allmandring 30a 70550 Stuttgart sascha.neinert@rus.uni-stuttgart.de
More informationGlobus Toolkit: Authentication and Credential Translation
Globus Toolkit: Authentication and Credential Translation JET Workshop, April 14, 2004 Frank Siebenlist franks@mcs.anl.gov http://www.globus.org/ Copyright (c) 2002 University of Chicago and The University
More informationFederated Identity & Access Mgmt for Higher Education
Federated Identity & Access Mgmt for Higher Education Dr. Erik Vullings Program Manager Macquarie University s s E-Learning E Centre of Excellence (MELCOE) Erik.Vullings@melcoe.mq.edu.au 1/23/2006 1 Backing
More informationCILogon: A federated X.509 certification authority for cyberinfrastructure logon
CONCURRENCY AND COMPUTATION: PRACTICE AND EXPERIENCE Published online 4 April 2014 in Wiley Online Library (wileyonlinelibrary.com)..3265 SPECIAL ISSUE PAPER CILogon: A federated X.509 certification authority
More informationE-Infrastructure Security: An Investigation of Authentication Levels of Assurance (LoAs)
E-Infrastructure Security: An Investigation of Authentication Levels of Assurance (LoAs) Prepared for OGF19 the LoA BOF session; Written by Ning Zhang, the University of Manchester, Manchester, UK, nzhang@cs.man.ac.uk;
More informationIssues in federated identity management
Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh 1 Contents Federated identity management overview Open issues for federations 2 Introduction Federated identity
More informationShibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu
Shibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu International Center for Advanced Internet Research Outline Security Mechanisms Access Control Schemes
More informationIGI Portal architecture and interaction with a CA- online
IGI Portal architecture and interaction with a CA- online Abstract In the framework of the Italian Grid Infrastructure, we are designing a web portal for the grid and cloud services provisioning. In following
More informationTitle: A Client Middleware for Token-Based Unified Single Sign On to edugain
Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de
More informationAAA for IMOS: Australian Access Federation & related components
AAA for IMOS: Australian Access Federation & related components James Dalziel Professor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) Macquarie University james@melcoe.mq.edu.au
More informationEXG S Network - Requirements and Solutions
Enhancing the Earth System Grid Security Infrastructure through Single Sign-On and Autoprovisioning F. Siebenlist Argonne National Laboratory Argonne, IL, USA franks@mcs.anl.gov R. Ananthakrishnan Argonne
More informationUsing the MyProxy Online Credential Repository
Using the MyProxy Online Credential Repository Jim Basney National Center for Supercomputing Applications University of Illinois jbasney@ncsa.uiuc.edu What is MyProxy? Independent Globus Toolkit add-on
More informationFederated Login to TeraGrid
Federated Login to Jim Basney jbasney@illinois.edu Terry Fleury tfleury@illinois.edu National Center for Supercomputing Applications University of Illinois 1205 West Clark Street Urbana, Illinois 61801
More informationMasdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae
Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation
More informationLicia Florio Project Development Officer licia@terena.org www.terena.org Identity Federations in Europe
APAN Conference Honolulu, Hawaii 24 January 2008 Licia Florio Project Development Officer licia@terena.org www.terena.org Identity Federations in Europe Outline Networking Organisations in Europe Requirements
More informationGrid Delegation Protocol
UK Workshop on Grid Security Experiences, Oxford 8th and 9th July 2004 Grid Delegation Protocol Mehran Ahsant a, Jim Basney b and Olle Mulmo a a Center for Parallel Computers,Royal Institute of Technology,
More informationGrid Security : Authentication and Authorization
Grid Security : Authentication and Authorization IFIP Workshop 2/7/05 Jong Kim Dept. of Computer Sci. and Eng. Pohang Univ. of Sci. and Tech. (POSTECH) Contents Grid Security Grid Security Challenges Grid
More informationTRUST RELATIONSHIPS AND SINGLE SIGN-ON IN GRID BASED DATA WAREHOUSES
TRUST RELATIONSHIPS AND SINGLE SIGN-ON IN GRID BASED DATA WAREHOUSES Xiaoyu Li a and Maree Pather b a Department of Information Technology, Nelson Mandela Metropolitan University b Department of Applied
More informationAn Analysis of the Benefits and Risks to LIGO When Participating in Identity. Federations
An Analysis of the Benefits and Risks to LIGO When Participating in Identity 1 Federations Jim Basney, Scott Koranda, Von Welch 2 3 4 1 LIGO document number LIGO G1100964 v2 2 Senior research scientist
More informationThe UK Access Management Federation
Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager Joint Information Systems Committee 19/10/2006 Slide 1 Federations within the UK: Unique Issues The need
More informationAbstract. 1. Introduction. Ohio State University Columbus, OH 43210 {langella,oster,hastings,kurc,saltz}@bmi.osu.edu
Dorian: Grid Service Infrastructure for Identity Management and Federation Stephen Langella 1, Scott Oster 1, Shannon Hastings 1, Frank Siebenlist 2, Tahsin Kurc 1, Joel Saltz 1 1 Department of Biomedical
More informationTRUST AND IDENTITY EXCHANGE TALK
TRUST AND IDENTITY EXCHANGE TALK Ken Klingenstein, Internet2 2015 Internet2 Trust and Identity Why It Matters An Identity Layer for the Internet Benefits for the Rest of the Stack What It Is Technologies
More informationFederated Security: Design and Implementation
Submitted to NWeSP 05 (http://nwesp.org) 1 Federated Security: Lightweight Security Infrastructure for Object Repositories and Web Services Marek Hatala, Timmy Eap and Ashok Shah School of Interactive
More informationOverview of DFN`s Certificate Services - Regular, Grid and short-lived -
Overview of DFN`s Certificate Services - Regular, Grid and short-lived - Marcus Pattloch (DFN-Verein) DESY Computing Seminar 13. July 2009, Hamburg Overview Certificates what are they good for (and what
More informationInternet2 middleware initiative: past, present and future
Internet2 middleware initiative: past, present and future Heather Boyles, Internet2 heather@internet2.edu APAN Meeting 22 January 2006 Akihabara, Tokyo, Japan Credit: thanks to Ken Klingenstein and the
More informationThree Case Studies InCommon Certificate Service
Three Case Studies InCommon Certificate Service IAM Online July 8, 2015-2 pm EDT Jim Basney, National Center for Supercomputing Applications (and XSEDE) Christopher Bongaarts, University of Minnesota Kevin
More informationBringing Federated Identity to Grid Computing. Dave Dykstra dwd@fnal.gov CISRC16 April 6, 2016
Bringing Federated Identity to Grid Computing Dave Dykstra dwd@fnal.gov CISRC16 April 6, 2016 Outline Introduction & motivation Background Grid security & job management InCommon, CILogon, and SAML ECP
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationSD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier
ש בולת SD Departmental Meeting November 28 th, 2006 Ale de Vries Product Manager ScienceDirect Elsevier Shi... whát? : Shibboleth ש בולת [...] "stream, torrent". It derives from a story in the Hebrew Bible,
More informationIVOA Single Sign-On security
IVOA Single Sign-On security Guy Rixon Presentation to ACCIS meeting Caltech, February 2007 Grid of secured services VOSpace App-server Restricted archive IVOA SSO, ACCIS meeting, February 2007 2 Client-server
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Lethbridge 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources
More informationStandards and Guidelines for. Information Technology. Infrastructure, Architecture, and Ongoing Operations
Standards and Guidelines for Information Technology Infrastructure, Architecture, and Ongoing Operations This document describes applicable standards and guidelines for the university's policy on Information
More informationMulti-mechanism Single Sign-On in Grids (CESNET Technical Report)
Multi-mechanism Single Sign-On in Grids (CESNET Technical Report) Daniel Kouřil, Luděk Matyska, and Michal Procházka CESNET z.s.p.o., Zikova 4, 160 00 Praha 6, Masaryk University, Botanická 68a, 602 00
More informationInteragency Advisory Board Meeting Agenda, July 28, 2010
Interagency Advisory Board Meeting Agenda, July 28, 2010 1. Opening Remarks 2. Research Collaboration in the Cloud: How NCI and Research Partners Are Improving Business Processes using Digital Identities
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES 1. Federation Participant Information 1.1 The InCommon Participant Operational Practices information below is for: InCommon Participant organization
More informationThe AAF and Shibboleth. eresearch Australasia 2007. Prof. James Dalziel james@melcoe.mq.edu.au. Neil Witheridge nwitheridge@melcoe.mq.edu.
The AAF and Shibboleth Prof. James Dalziel james@melcoe.mq.edu.au Neil Witheridge nwitheridge@melcoe.mq.edu.au Dr. Aizhong Lin alin@melcoe.mq.edu.au Macquarie E-Learning E Centre of Excellence (MELCOE)
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: RESEARCH RESEARCH LTD. 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources
More informationFederal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)
Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ) Version 1.0 January 18, 2011 Table of Contents 1. INTRODUCTION... 3 1.1 BACKGROUND... 3 1.2 OBJECTIVE AND AUDIENCE...
More informationIdentity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees
Identity Management and Shibboleth h at MSU Jim Green Manager, Identity Management Michigan State t University it Academic Technology Services Identity Management Definition: Identity management is the
More informationThe case for federation
The case for federation Josh Howlett JANET(UK) SIRIKT 2009 Overview 1. What is federated identity? 2. Case study: the UK federation. 3. The future of federated identity. What is federated identity? At
More informationSingle Sign-On: Reviewing the Field
Outline Michael Grundmann Erhard Pointl Johannes Kepler University Linz January 16, 2009 Outline 1 Why Single Sign-On? 2 3 Criteria Categorization 4 Overview shibboleth 5 Outline Why Single Sign-On? Why
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationUpdate on Identity Management Initiatives: What Are Institutions, Agencies and Federations Doing?
Update on Identity Management Initiatives: What Are Institutions, Agencies and Federations Doing? Ann West, Michigan Technology University Jackie Charonis, Stanford University Nancy Krogh, University of
More informationUser and Machine Authentication and Authorization Infrastructure for Distributed Wireless Sensor Network Testbeds
J. Sens. Actuator Netw. 2013, 2, 109-121; doi:10.3390/jsan2010109 Article OPEN ACCESS Journal of Sensor and Actuator Networks ISSN 2224-2708 www.mdpi.com/journal/jsan User and Machine Authentication and
More informationPoS(ISGC 2012)019. The CONTRAIL approach to Cloud Federations. Massimo Coppola, Patrizio Dazzi. Aliaksandr Lazouski, Fabio Martinelli, Paolo Mori
Massimo Coppola, Patrizio Dazzi Istituto di Scienza e Tecnologie dell Informazione Consiglio Nazionale delle Ricerche Pisa, Italy Aliaksandr Lazouski, Fabio Martinelli, Paolo Mori Istituto di Informatica
More informationThe rise, slowly, of a middleware infrastructure. Ken Klingenstein Director, Internet2 Middleware and Security
The rise, slowly, of a middleware infrastructure Ken Klingenstein Director, Internet2 Middleware and Security Topics The model and the plan Enterprises Federations Virtual organizations What s happening
More informationInformation Technology Services
Information Technology Services The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University
More informationglobus online Globus Online for Research Data Management Rachana Ananthakrishnan Great Plains Network Annual Meeting 2013
globus online Globus Online for Research Data Management Rachana Ananthakrishnan Great Plains Network Annual Meeting 2013 We started with technology proven in many large-scale grids GridFTP GRAM MyProxy
More informationGEC4. Miami, Florida
GENI Security Architecture GEC4 Stephen Schwab, Alefiya Hussain Miami, Florida 1 Outline Overview of Security Architecture Draft Work in progress Observations About Candidate Technologies Considerations
More informationScience Gateway Security Recommendations
Science Gateway Security Recommendations Jim Basney jbasney@illinois.edu Von Welch vwelch@indiana.edu This material is based upon work supported by the National Science Foundation under grant numbers 1127210
More informationIdentity, Credential, and Access Management. Open Solutions for Open Government
Federal CIO Council Information Security and Identity Management Committee Identity, Credential, and Access Management www.idmanagement.gov Open Solutions for Open Government Judith Spencer Co-Chair, ICAM
More informationDistributed Web Security for Science Gateways
Distributed Web Security for Science Gateways Jim Basney University of Illinois jbasney@illinois.edu Rion Dooley University of Texas dooley@tacc.utexas.edu Jeff Gaynor University of Illinois gaynor@illinois.edu
More informationNew InCommon Working Groups
New InCommon Working Groups IAM Online August 13, 2014 Steve Carmody, Brown University Paul Caskey, University of Texas System Janemarie Duh, Lafayette College Keith Hazelton, University of Wisconsin Madison
More informationFederal Identity, Credential, and Access Management Trust Framework Solutions. Relying Party Guidance For Accepting Externally-Issued Credentials
Federal Identity, Credential, and Access Management Trust Framework Solutions Relying Party Guidance For Accepting Externally-Issued Credentials Version 1.1.0 Questions? Contact the FICAM TFS Program Manager
More informationThe GLASS Project: Supporting Secure Shibboleth-based Single Sign-On to Campus Resources
The GLASS Project: Supporting Secure Shibboleth-based Single Sign-On to Campus Resources J. Watt, R.O. Sinnott, J. Jiang National e-science Centre, University of Glasgow j.watt@nesc.gla.ac.uk Abstract
More informationGT 6.0 GSI C Security: Key Concepts
GT 6.0 GSI C Security: Key Concepts GT 6.0 GSI C Security: Key Concepts Overview GSI uses public key cryptography (also known as asymmetric cryptography) as the basis for its functionality. Many of the
More informationGRID COMPUTING Techniques and Applications BARRY WILKINSON
GRID COMPUTING Techniques and Applications BARRY WILKINSON Contents Preface About the Author CHAPTER 1 INTRODUCTION TO GRID COMPUTING 1 1.1 Grid Computing Concept 1 1.2 History of Distributed Computing
More informationDelegation for On-boarding Federation Across Storage Clouds
Delegation for On-boarding Federation Across Storage Clouds Elliot K. Kolodner 1, Alexandra Shulman-Peleg 1, Gil Vernik 1, Ciro Formisano 2, and Massimo Villari 3 1 IBM Haifa Research Lab, Israel 2 Engineering
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: McGill University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationStandards for Identity & Authentication. Catherine J. Tilton 17 September 2014
Standards for Identity & Authentication Catherine J. Tilton 17 September 2014 Purpose of these standards Wide deployment of authentication technologies that may be used in a global context is heavily dependent
More informationshibboleth@nersc.gov Steve Chan sychan@lbl.gov
shibboleth@nersc.gov Steve Chan sychan@lbl.gov Intro What? What is Shib? What has been Shib-Enabled? Why? What problem is solved? Why should I care? Who? Where? Who is using it? What is Shibboleth? Gratuitous
More informationSecure Federated Light-weight Web Portals for FusionGrid
Secure Federated Light-weight Web Portals for FusionGrid By: D. Aswath, M. Thompson, M. Goode, X. Lee, N. Y. Kim Presented by: Dipti Aswath GCE Workshop 2006 Second International Workshop on Grid Computing
More informationGSI Credential Management with MyProxy
GSI Credential Management with MyProxy GGF8 Production Grid Management RG Workshop June 26, 2003 Jim Basney jbasney@ncsa.uiuc.edu http://myproxy.ncsa.uiuc.edu/ MyProxy Online repository of encrypted GSI
More informationConcepts and Architecture of the Grid. Summary of Grid 2, Chapter 4
Concepts and Architecture of the Grid Summary of Grid 2, Chapter 4 Concepts of Grid Mantra: Coordinated resource sharing and problem solving in dynamic, multi-institutional virtual organizations Allows
More informationEMI Storage meets EMI security
EMI Storage meets EMI security Component/ Middleware glite (LFC,FTS,DPM,GFAL) ARC UNICORE StoRM dcache Staff With kind contributions by Oliver Keeble, Jean- Philippe Baud Jon Kerr Nilsen Ralph Müller-
More informationDAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture
DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture Sascha Neinert Marseille, 06.02.2008, Sascha Neinert, 06.02.2008 Seite 1 Overview Project Goals Partners Network
More informationRich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association. SAFE-BioPharma Association
Navigating the Identity Landscape Rich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association SAFE-BioPharma Association Overview An overview of US and EU government
More informationCloud Computing with Nimbus
Cloud Computing with Nimbus February 2009 Kate Keahey (keahey@mcs.anl.gov) University of Chicago Argonne National Laboratory Cloud Computing elasticity computing on demand capital expense operational expense
More informationFederated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications
Federated Identity Management and Shibboleth Noreen Hogan Asst. Director Enterprise Admin. Applications Federated Identity Management Management of digital identity/credentials (username/password) Access
More informationABFAB and OpenStack(in the Cloud)
ABFAB and OpenStack(in the Cloud) David W Chadwick University of Kent 1 Authentication in OpenStack Keystone User Trust Relationship Swift/Glance etc. 2 Federated Authnwith External IdPs External IdP User
More informationThe saga of WebFTS and Federated Identity
The saga of WebFTS and Federated Identity Andrey Kiryanov IT/SDC 15/12/2014 The Reason: 2 What is a Federated Identity? It is the means of linking a person's electronic identity and attributes, stored
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and
More informationSGAS: An OGSA-Based Accounting System for Allocation Enforcement across HPC Centers
CENTER FOR ARALLEL COMUTERS SGAS: An OGSA-Based Accounting System for Allocation Enforcement across HC Centers Thomas Sandholm, eter Gardfjall, Lennart Johnsson, Erik Elmroth, Olle Mulmo DEARTMENT OF COMUTING
More informationOffice of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM)
Department of Energy Identity, Credential, and Access Management (ICAM) Cyber Security Training Conference Tuesday, May 18, 2010 1 Announcement LACS Birds-of-a-Feather Session Logistics Wednesday, May
More informationHow Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data
2014 Fifth International Conference on Computing for Geospatial Research and Application How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data Andreas Matheus University of
More informationGAARDS. Stephen Langella Stephen.Langella@osumc.edu. Globus World 2010 http://www.cagrid.org. Ekagra
GAARDS Stephen Langella Stephen.Langella@osumc.edu Globus World 2010 http://www.cagrid.org Outline GAARDS Overview Deployment Overview Ongoing and Future Work Overview of GAARDS Provides an enterprise
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Canadian Access Federation: Trust Assertion Document (TAD) Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes
More informationIntegrating Multi-Factor Authentication into Your Campus Identity Management System
Integrating Multi-Factor Authentication into Your Campus Identity Management System Mike Grady, Unicon David Walker, Internet2 (both associated with the Internet2 Scalable Privacy Project) Agenda Multi-Context
More informationIdentity and Access Management for LIGO: International Challenges
Identity and Access Management for LIGO: International Challenges Scott Koranda for LIGO and CTSC University of Wisconsin-Milwaukee November 14, 2012 LIGO-XXXXXXXX-v1 1 / 26 LIGO Science Mission LIGO,
More informationFederation Are We Ready? Alec Cartwright Authentication Common Capability Design Authority
Federation Are We Ready? Alec Cartwright Authentication Common Capability Design Authority copyright of British Telecommunications plc 2006 Abstract As a large organisation with many partners BT has been
More informationCertificates in a Nutshell. Jens Jensen, STFC Leader of EUDAT AAI TF
Certificates in a Nutshell Jens Jensen, STFC Leader of EUDAT AAI TF In a nutshell... Mature, Robust, Ubiquitous Have been around for decades Interoperable supported by every OS, every language Used everywhere
More informationCan We Reconstruct How Identity is Managed on the Internet?
Can We Reconstruct How Identity is Managed on the Internet? Merritt Maxim February 29, 2012 Session ID: STAR 202 Session Classification: Intermediate Session abstract Session Learning Objectives: Understand
More informationMulti-Factor Authentication, Assurance, and the Multi-Context Broker
Multi-Factor Authentication, Assurance, and the Multi-Context Broker IAM Online April 30, 2014 Keith Wessel, University of Illinois, Urbana-Champaign David Langenberg, University of Chicago David Walker,
More informationIncident Response Policy
Federated 2010 Security Incident Response Policy 1819 South Neil Street, Suite D Champaign, IL 61820-7271 trishak [Type the company name] 217.333.8475 1/1/2011 www.cic.net 1819 So u th Neil Str ee t, Suit
More informationVon Welch February 3, 2012
Globus Online Security Review Von Welch February 3, 2012 1 Introduction This document represents a cybersecurity risk assessment of the Globus Online File Transfer service and associated Website service.
More informationEMI Security Architecture
EUROPEAN MIDDLEWARE INITIATIVE EMI Security Architecture http://openaire.cern.ch/record/5959 10.5281/ZENODO.5959 April 2013 EMI is partially funded by the European Commission under Grant Agreement RI-261611
More informationServer based signature service. Overview
1(11) Server based signature service Overview Based on federated identity Swedish e-identification infrastructure 2(11) Table of contents 1 INTRODUCTION... 3 2 FUNCTIONAL... 4 3 SIGN SUPPORT SERVICE...
More information