Globus Toolkit: Authentication and Credential Translation
|
|
- Edmund Ramsey
- 8 years ago
- Views:
Transcription
1 Globus Toolkit: Authentication and Credential Translation JET Workshop, April 14, 2004 Frank Siebenlist Copyright (c) 2002 University of Chicago and The University of Southern California. All Rights Reserved. This presentation is licensed for use under the terms of the Globus Toolkit Public License. See for the full text of this license.
2 Outline Globus Alliance & Globus Toolkit The Grid problem Globus Security Infrastructure (GSI) Public Key Credentials + Proxy-Certificates SSL, GSSAPI/GSI and Delegation Kx509: Kerberos => PK Pkinit: PK => Kerberos GridLogon: username/password/otp => PK Futures and Conclusion JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 2
3 The Globus Alliance Making Grid computing a reality Argonne, UC, USC/ISI, EPCC, PDC, NCSA Close collaboration with many scientific and commercial Grid application and infrastructure projects Development and promotion of standard Grid protocols to enable interoperability and shared infrastructure Development and promotion of standard Grid software APIs and SDKs to enable portability and code sharing The Globus Toolkit software: Open source software base for building Grid infrastructure and applications JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 3
4 LHC Data Distribution ~PBytes/sec Online System ~100 MBytes/sec 1 TIPS is approximately 25,000 SpecInt95 equivalents Tier 1 There is a bunch crossing every 25 nsecs. There are 100 triggers per second Each triggered event is ~1 MByte in size France Regional Centre ~622 Mbits/sec or Air Freight (deprecated) Germany Regional Centre Tier 0 Offline Processor Farm ~20 TIPS ~100 MBytes/sec Italy Regional Centre CERN Computer Centre FermiLab ~4 TIPS ~622 Mbits/sec ~622 Mbits/sec Tier 2 Caltech ~1 TIPS Tier2 Centre Tier2 Centre Tier2 Centre Tier2 Centre ~1 TIPS ~1 TIPS ~1 TIPS ~1 TIPS Physics data cache Institute Institute ~0.25TIPS Physicist workstations Institute ~1 MBytes/sec Institute Tier 4 Physicists work on analysis channels. Each institute will have ~10 physicists working on one or more channels; data for these channels should be cached by the institute server JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 4
5 Multiple Security Domains Compute Facility Data Source Raw Data Bandwidth Svc Input Data Data Src Svc Compute Facility Svc Output Data Requester Scheduling Svc Bandwidth Svc Each Organization is independent Each Organization has its own AuthN mechanisms Each Organization enforces its own access policy User needs to delegate rights to broker which may need to delegate to services Svc X Result Data Post-Processing Facility QoS/QoP Negotiation and multi-level delegation JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 5
6 Grid Security Infrastructure (GSI) Based on standard PKI technologies SSL protocol for authentication, message protection + GSSAPI-mechanism CAs allow one-way, light-weight trust relationships (not just site-to-site) X.509 Certificates for asserting identity for users, services, hosts, etc. Proxy Certificates GSI extension to X.509 certificates for delegation, single sign-on JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 6
7 Grid Security Infrastructure (GSI) Use GSI as a standard mechanism for bridging disparate security mechanisms Doesn t solve trust problem, but now things talk same protocol and understand each other s identity credentials Basic support for delegation, policy distribution Translate from other mechanisms to/from GSI as needed Convert from GSI identity to local identity for authorization JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 7
8 Grid Identity, Local Policy In current model, all Grid entities assigned a PKI identity. User is mapped to local identities to determine local policy.. Grid Identity Map to local name Local Policy Map to local name Local Policy JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 8
9 Use Delegation to Establish Dynamic Distributed System Compute Center Rights Virtual Organization Compute Center JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 9
10 X.509 Proxy Certificates GSI Extension to X.509 Identity Certificates On RFC track Enables single sign-on Allow user to dynamically assign identity and rights to service Can name services created on the fly and give them rights (i.e. set policy) What is effectively happening is the user is creating their own trust domain of services s trust each other with user acting as the trust root JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 10
11 Proxy Certificates Create F1 CN=Jane Doe X.509 Id certificate X.509 Proxy Delegation CN=Jane Doe/9874 Rights: Can access file F1, S1, X.509 Proxy certificate Use delegated rights to access resources. S1 JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 11
12 Goal is to do this with arbitrary mechanisms Compute Center X.509 AC Rights X.509/SSL X.509 AC SAML Attribute Kerberos/ WS-Security Virtual Organization SAML Attribute Compute Center JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 12
13 Kerberos to GSI Gateway To use Kerberos, a Kerberos-to-GSI gateway translates Kerberos credentials to GSI credentials to allow local Kerberos users to authenticate on the Grid. Kx509/KCA is an implementation of one such gateway. Sslk5/pkinit provide the opposite functionality to gateway incoming Grid credentials to local Kerberos credentials. JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 13
14 Local Identity, Grid Identity, Local Policy KCA Map to local name Kerberos Site Grid Identity Local Policy SSLK5 KRB5 Resources JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 14
15 GridLogon: Credential Wallet/Converter GridLogon (MyProxy) allows users to store GSI credentials and retrieve them With username/password or other credential Integration with One-Time-Password (OTP) Systems Can act as a credential translator from username/password to GSI Used by services that can only handle username and pass phrases to authenticate to Grid s limited by client implementations E.g. web portals Also handle credential renewal for long-running tasks JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 15
16 GridLogon: Passphrase-X.509 Federation GSI Realm Username/password Domain GSI Delegation GridLogon Username & pass phrase GSI Delegation Requestor Web Browser request Web Portal/ Server GSI Grid Resource JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 16
17 One Time Passwords and Restricted Delegation GridLogon User OTP Restricted Delegation Grid Identity Restricted Delegation Restricted Delegation Map to local name Local Policy pkinit KRB5 Resources JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 17
18 Authz Callout GSI Implementation SSL/WS-Security with Proxy s (running Certificates on user s behalf) Access Compute Center Rights CAS or VOMS issuing SAML or X.509 ACs Rights VO Users Local Policy on VO identity or attribute authority Virtual Organization Rights GridLogon KCA JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 18
19 Grid Evolution: Open Grid s Architecture Goals Refactor Globus protocol suite to enable common base and expose key capabilities orientation to virtualize resources and unify resources/services/information Embrace key Web services technologies for standard IDL, leverage commercial efforts Result = standard interfaces & behaviors for distributed system management built on Web services Standardization within Global Grid Forum and OASIS Open source & commercial implementations JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 19
20 OGSA Security s Requestor's Domain Provider's Domain Attribute Trust Authorization Authorization Trust Attribute Audit/ Secure-Logging Privacy Privacy Audit/ Secure-Logging Credential Validation Credential Validation Bridge/ Translation Requestor Application WS-Stub Secure Conversation WS-Stub Provider Application Credential Validation Credential Validation Attribute Authorization Authorization Attribute Trust Trust VO Domain JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 20
21 Conclusion The Globus Toolkit is sophisticated, secure middleware De-facto standard for Grid applications Multiple AuthN-mechanism support Plus translation services Secure Delegation of Rights support through use of proxy-certificate Next generation GT based on Web s Standardized in Global Grid Forum & OASIS Globus Toolkit provides a working, evolving implementation for secure Grid protocols Downloaded 100k+ times already ( JET Workshop 2004 Globus Toolkit: Authentication and Credential Translation 21
Grid Security : Authentication and Authorization
Grid Security : Authentication and Authorization IFIP Workshop 2/7/05 Jong Kim Dept. of Computer Sci. and Eng. Pohang Univ. of Sci. and Tech. (POSTECH) Contents Grid Security Grid Security Challenges Grid
More information2 Transport-level and Message-level Security
Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective The Globus Security Team 1 Version 4 updated September 12, 2005 Abstract This document provides an overview of the Grid Security
More informationTRUST RELATIONSHIPS AND SINGLE SIGN-ON IN GRID BASED DATA WAREHOUSES
TRUST RELATIONSHIPS AND SINGLE SIGN-ON IN GRID BASED DATA WAREHOUSES Xiaoyu Li a and Maree Pather b a Department of Information Technology, Nelson Mandela Metropolitan University b Department of Applied
More informationConcepts and Architecture of the Grid. Summary of Grid 2, Chapter 4
Concepts and Architecture of the Grid Summary of Grid 2, Chapter 4 Concepts of Grid Mantra: Coordinated resource sharing and problem solving in dynamic, multi-institutional virtual organizations Allows
More informationSecure Federated Light-weight Web Portals for FusionGrid
Secure Federated Light-weight Web Portals for FusionGrid By: D. Aswath, M. Thompson, M. Goode, X. Lee, N. Y. Kim Presented by: Dipti Aswath GCE Workshop 2006 Second International Workshop on Grid Computing
More informationGrid Computing Research
Grid Computing Research Ian Foster Mathematics and Computer Science Division Argonne National Laboratory and Department of Computer Science The University of Chicago Overview Grid computing & its importance
More informationManaging Credentials with
Managing Credentials with MyProxy Jim Basney National Center for Supercomputing Applications University of Illinois jbasney@ncsa.uiuc.edu http://myproxy.ncsa.uiuc.edu/ What is MyProxy? A service for managing
More informationGSI Credential Management with MyProxy
GSI Credential Management with MyProxy GGF8 Production Grid Management RG Workshop June 26, 2003 Jim Basney jbasney@ncsa.uiuc.edu http://myproxy.ncsa.uiuc.edu/ MyProxy Online repository of encrypted GSI
More informationUsing the MyProxy Online Credential Repository
Using the MyProxy Online Credential Repository Jim Basney National Center for Supercomputing Applications University of Illinois jbasney@ncsa.uiuc.edu What is MyProxy? Independent Globus Toolkit add-on
More informationUsing Kerberos for Web Authentication. Wesley Craig University of Michigan
Using Kerberos for Web Authentication Wesley Craig University of Michigan Outline Basic Auth WebSSO SASL & HTTP Kerberos & TLS SPNEGO PKI, PKI, PKI For each technology, a brief over view, drawbacks, and
More informationGrid Computing & the Open Grid Services Architecture. Ian Foster Argonne National Laboratory University of Chicago Globus Project
Grid Computing & the Open Grid Services Architecture Ian Foster Argonne National Laboratory University of Chicago Globus Project Open Group Grid Conference, Boston, July 21, 2003 2 Is the Grid a) A collaboration
More informationAbstract. 1. Introduction. Ohio State University Columbus, OH 43210 {langella,oster,hastings,kurc,saltz}@bmi.osu.edu
Dorian: Grid Service Infrastructure for Identity Management and Federation Stephen Langella 1, Scott Oster 1, Shannon Hastings 1, Frank Siebenlist 2, Tahsin Kurc 1, Joel Saltz 1 1 Department of Biomedical
More informationGrid Delegation Protocol
UK Workshop on Grid Security Experiences, Oxford 8th and 9th July 2004 Grid Delegation Protocol Mehran Ahsant a, Jim Basney b and Olle Mulmo a a Center for Parallel Computers,Royal Institute of Technology,
More informationScaling TeraGrid Access: A Testbed for Identity Management and Attribute-based Authorization
TERAGRID 2007 CONFERENCE, MADISON, WI 1 Scaling TeraGrid Access: A Testbed for Identity Management and Attribute-based Authorization Von Welch, Ian Foster, Tom Scavo, Frank Siebenlist, Charlie Catlett,
More informationWebLogic Server 7.0 Single Sign-On: An Overview
WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of
More informationShibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu
Shibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu International Center for Advanced Internet Research Outline Security Mechanisms Access Control Schemes
More informationOGSA Security Roadmap
July, 2002 Draft 1.3 - Revised 7/19/2002 OGSA Security Roadmap Global Grid Forum Specification Roadmap towards a Secure OGSA Frank Siebenlist 1, Von Welch 2, Steven Tuecke 1, Ian Foster 1,2 Nataraj Nagaratnam
More informationGridFTP: A Data Transfer Protocol for the Grid
GridFTP: A Data Transfer Protocol for the Grid Grid Forum Data Working Group on GridFTP Bill Allcock, Lee Liming, Steven Tuecke ANL Ann Chervenak USC/ISI Introduction In Grid environments,
More informationIGI Portal architecture and interaction with a CA- online
IGI Portal architecture and interaction with a CA- online Abstract In the framework of the Italian Grid Infrastructure, we are designing a web portal for the grid and cloud services provisioning. In following
More informationAn Oracle White Paper Dec 2013. Oracle Access Management Security Token Service
An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
More informationGRIP:Creating Interoperability between Grids
GRIP:Creating Interoperability between Grids Philipp Wieder, Dietmar Erwin, Roger Menday Research Centre Jülich EuroGrid Workshop Cracow, October 29, 2003 Contents Motivation Software Base at a Glance
More informationIVOA Single Sign-On security
IVOA Single Sign-On security Guy Rixon Presentation to ACCIS meeting Caltech, February 2007 Grid of secured services VOSpace App-server Restricted archive IVOA SSO, ACCIS meeting, February 2007 2 Client-server
More informationChapter 12 GRID SECURITY ARCHITECTURE: Requirements,fundamentals, standards, and models
Author manuscript, published in Security in Distributed, Grid, Mobile, and Pervasive Computing, Auerbach Publications, pp. 255-288, April, 2007 https://www.nics.uma.es Security in Distributed, Grid, and
More informationArchitecture of Enterprise Applications III Single Sign-On
Architecture of Enterprise Applications III Single Sign-On Haopeng Chen REliable, INtelligent and Scalable Systems Group (REINS) Shanghai Jiao Tong University Shanghai, China e-mail: chen-hp@sjtu.edu.cn
More informationGRID COMPUTING Techniques and Applications BARRY WILKINSON
GRID COMPUTING Techniques and Applications BARRY WILKINSON Contents Preface About the Author CHAPTER 1 INTRODUCTION TO GRID COMPUTING 1 1.1 Grid Computing Concept 1 1.2 History of Distributed Computing
More informationThe GISELA Science Gateway
The GISELA Science Gateway Roberto Barbera (roberto.barbera@ct.infn.it) University of Catania and INFN - Italy TICAL 2012 Lima, 3 July 2012 Introduction and driving considerations The Catania Science Gateway
More informationCertificates in a Nutshell. Jens Jensen, STFC Leader of EUDAT AAI TF
Certificates in a Nutshell Jens Jensen, STFC Leader of EUDAT AAI TF In a nutshell... Mature, Robust, Ubiquitous Have been around for decades Interoperable supported by every OS, every language Used everywhere
More informationBiometric Single Sign-on using SAML
Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan CISSP Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand the importance of Single Sign-On
More informationBringing Federated Identity to Grid Computing. Dave Dykstra dwd@fnal.gov CISRC16 April 6, 2016
Bringing Federated Identity to Grid Computing Dave Dykstra dwd@fnal.gov CISRC16 April 6, 2016 Outline Introduction & motivation Background Grid security & job management InCommon, CILogon, and SAML ECP
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationThe Role of Identity Enabled Web Services in Cloud Computing
The Role of Identity Enabled Web Services in Cloud Computing April 20, 2009 Patrick Harding CTO Agenda Web Services and the Cloud Identity Enabled Web Services Some Use Cases and Case Studies Questions
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationNetworkingPS Federated Identity Solution Solutions Overview
NetworkingPS Federated Identity Solution Solutions Overview OVERVIEW As the global marketplace continues to expand, new and innovating ways of conducting business are becoming a necessity in order for
More informationSoftware Requirement Specification Web Services Security
Software Requirement Specification Web Services Security Federation Manager 7.5 Version 0.3 (Draft) Please send comments to: dev@opensso.dev.java.net This document is subject to the following license:
More informationHow to Determine the Proxy Extension of a Grid Trust
Grid security infrastructure based on Globus Toolkit Valentin Vidić vvidic@irb.hr Center for Informatics and Computing Ruder Bošković Institute Bijenička cesta 54, Zagreb, Croatia January 2006 Abstract
More informationBlending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access
Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:
More informationThe CMS analysis chain in a distributed environment
The CMS analysis chain in a distributed environment on behalf of the CMS collaboration DESY, Zeuthen,, Germany 22 nd 27 th May, 2005 1 The CMS experiment 2 The CMS Computing Model (1) The CMS collaboration
More informationIVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0
International Virtual Observatory Alliance IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 IVOA Proposed Recommendation 20151029 Working group http://www.ivoa.net/twiki/bin/view/ivoa/ivoagridandwebservices
More informationAuthorization Strategies for Virtualized Environments in Grid Computing Systems
Authorization Strategies for Virtualized Environments in Grid Computing Systems Xinming Ou Anna Squicciarini Sebastien Goasguen Elisa Bertino Purdue University Abstract The development of adequate security
More informationFederated access to Grid resources http://tinyurl.com/loubf
Federated access to Grid resources http://tinyurl.com/loubf Keith Hazelton (hazelton@wisc.edu) Internet2 Middleware Architecture Comm. for Ed. APAN, Singapore, 19-July-06 Topics http://tinyurl.com/loubf
More informationAn Online Credential Repository for the Grid: MyProxy
An Online Credential Repository for the Grid: MyProxy Jason Novotny Lawrence Berkeley Laboratory JDNovotny@lbl.gov Steven Tuecke Mathematics and Computer Science Division Argonne National Laboratory tuecke@mcs.anl.gov
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationProtected Trust Directory Sync Guide
Protected Trust Directory Sync Guide Protected Trust Directory Sync Guide 2 Overview Protected Trust Directory Sync enables your organization to synchronize the users and distribution lists in Active Directory
More informationSAML:The Cross-Domain SSO Use Case
SAML:The Cross-Domain SSO Use Case Chris Ceppi Oblix Corporate Engineer Ed Kaminski OBLIX Federal Business Manager 410-349-1828 ekaminski@oblix.com Mike Blackin Principal Systems Engineer Oblix, Inc. 202-588-7397
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationPKI for Electronic Commerce
PKI for Electronic Commerce DASCOM 3004 Mission Street Santa Cruz, CA 95060 USA +1-408-460-3600 1/26/98-1 PKI and IntraVerse Agenda Motivation for PKI How PKI (and DCE) can provide Authentication Authorization
More informationSingle Sign On In A CORBA-Based
Single Sign On In A CORBA-Based Based Distributed System Igor Balabine IONA Security Architect Outline A standards-based framework approach to the Enterprise application security Security framework example:
More informationAustralian Synchrotron, Storage Gateway
Australian Synchrotron, Storage Gateway User Help Manual Version 1.2 Storage Gateway User Help Manual 2 REVISION HISTORY Date Version Description Author 2 May 2008 1.0 Document creation Chris Myers 13
More informationCloud Computing. Lecture 5 Grid Security 2014-2015
Cloud Computing Lecture 5 Grid Security 2014-2015 Up until now Introduction. Definition of Cloud Computing. Grid Computing: Schedulers Globus Toolkit Summary Grid Security TLS WS-Security Proxy certificates
More informationSingle Sign On for UNICORE command line clients
Single Sign On for UNICORE command line clients Krzysztof Benedyczak ICM, Warsaw University Current status of UNICORE access Legacy certificates still fully supported nice on home workstation, especially
More informationINTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN
INTEGRATION GUIDE IDENTIKEY Federation Server for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO
More informationNIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman
NIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman The Slow Convergence of PKI and Kerberos At Connectathon 1995 Dan Nessett of Sun Microsystems was quoted saying Kerberos will
More informationDistributed Identity Management Model for Digital Ecosystems
International Conference on Emerging Security Information, Systems and Technologies Distributed Identity Management Model for Digital Ecosystems Hristo Koshutanski Computer Science Department University
More informationGSI with OpenSSL. Vincenzo Ciaschini. Prague, 4-7/11/08. www.eu-egee.org. EGEE and glite are registered trademarks. egee EGEE-II INFSO-RI-031688
GSI with OpenSSL Vincenzo Ciaschini EGEE-3 All-Hands Prague, 4-7/11/08 www.eu-egee.org egee EGEE and glite are registered trademarks Layout GSI/SSL Differences and Issues VOMS without Globus GSI/SSL Differences
More informationBuilding Secure Applications. James Tedrick
Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS
More informationSecurity solutions Executive brief. Understand the varieties and business value of single sign-on.
Security solutions Executive brief Understand the varieties and business value of single sign-on. August 2005 2 Contents 2 Executive overview 2 SSO delivers multiple business benefits 3 IBM helps companies
More informationTF-AACE. Deliverable B.2. Deliverable B2 - The Authentication Component =============================================
TF-AACE Deliverable B.2 Define the components and protocols to guarantee a harmonized operation of A&A systems Deliverable B2 - The Authentication Component =============================================
More informationAAA for IMOS: Australian Access Federation & related components
AAA for IMOS: Australian Access Federation & related components James Dalziel Professor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) Macquarie University james@melcoe.mq.edu.au
More informationAn Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/
An Integrated CyberSecurity Approach for HEP Grids Workshop Report http://hpcrd.lbl.gov/hepcybersecurity/ 1. Introduction The CMS and ATLAS experiments at the Large Hadron Collider (LHC) being built at
More informationConcepts and Architecture of Grid Computing. Advanced Topics Spring 2008 Prof. Robert van Engelen
Concepts and Architecture of Grid Computing Advanced Topics Spring 2008 Prof. Robert van Engelen Overview Grid users: who are they? Concept of the Grid Challenges for the Grid Evolution of Grid systems
More informationNetwork Testing and Performance Using SeRIF
Network Testing and Performance Using SeRIF Charles J. Antonelli David Richter Olga Kornievskaia Nathan Gallaher Center for Information Technology Integration University of Michigan Work supported by U-M
More informationSharePoint 2013 Logical Architecture
SharePoint 2013 Logical Architecture This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationBiometric Single Sign-on using SAML Architecture & Design Strategies
Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan Java Technology Architect Sun Microsystems Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand
More informationKERBEROS ROAD MAP SAM HARTMAN MIT KERBEROS CONSORTIUM APRIL 7, 2008
KERBEROS ROAD MAP SAM HARTMAN MIT KERBEROS CONSORTIUM APRIL 7, 2008 1 GOALS OF ROAD MAP Priority discussions so far have focused on meeting short or medium term needs. We also need to establish a road
More informationWeb Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.
Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On
More informationGT 6.0 GSI C Security: Key Concepts
GT 6.0 GSI C Security: Key Concepts GT 6.0 GSI C Security: Key Concepts Overview GSI uses public key cryptography (also known as asymmetric cryptography) as the basis for its functionality. Many of the
More informationLIGO Identity Management: Questions I Wish We Would Have Asked
LIGO Identity Management: Questions I Wish We Would Have Asked Scott Koranda for LIGO LIGO and University of Wisconsin-Milwaukee September 6, 2012 LIGO-XXXXXXXX-v1 1 / 39 We had a mess Late in 2007 and
More informationSAML 2.0 SSO Deployment with Okta
SAML 2.0 SSO Deployment with Okta Simplify Network Authentication by Using Thunder ADC as an Authentication Proxy DEPLOYMENT GUIDE Table of Contents Overview...3 The A10 Networks SAML 2.0 SSO Deployment
More informationSentinet for BizTalk Server SENTINET
Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and APIs Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication
More informationMobile Security. Policies, Standards, Frameworks, Guidelines
Mobile Security Policies, Standards, Frameworks, Guidelines Guidelines for Managing and Securing Mobile Devices in the Enterprise (SP 800-124 Rev. 1) http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf
More informationJuniper Networks Secure Access Kerberos Constrained Delegation
Juniper Networks Secure Access Kerberos Constrained Delegation Release 6.4 CONTENT 1. BACKGROUND...3 2. SETTING UP CONSTRAINED DELEGATION...5 2.1 ACTIVE DIRECTORY CONFIGURATION...5 2.1.1 Create a Kerberos
More informationTHE CCLRC DATA PORTAL
THE CCLRC DATA PORTAL Glen Drinkwater, Shoaib Sufi CCLRC Daresbury Laboratory, Daresbury, Warrington, Cheshire, WA4 4AD, UK. E-mail: g.j.drinkwater@dl.ac.uk, s.a.sufi@dl.ac.uk Abstract: The project aims
More informationGloifer Toolkit 1.1 Tutorial - A Review Of
Security for Grid Services Von Welch 1 Frank Siebenlist 2 Ian Foster 1,2 John Bresnahan 2 Karl Czajkowski 3 Jarek Gawor 2 Carl Kesselman 3 Sam Meder 1 Laura Pearlman 3 Steven Tuecke 2 1 University of Chicago,
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Lethbridge 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources
More informationSecurity Architecture for Open Collaborative Environment
Security Architecture for Open Collaborative Environment Yuri Demchenko¹, Leon Gommans¹, Cees de Laat¹, Bas Oudenaarde¹, Andrew Tokmakoff², Martin Snijders², Rene van Buuren² ¹ Universiteit van Amsterdam,
More informationSentinet for Windows Azure SENTINET
Sentinet for Windows Azure SENTINET Sentinet for Windows Azure 1 Contents Introduction... 2 Customer Benefits... 2 Deployment Topologies... 3 Isolated Deployment Model... 3 Collocated Deployment Model...
More informationThe Role of Federation in Identity Management
The Role of Federation in Identity Management August 19, 2008 Andrew Latham Solutions Architect Identity Management 1 The Role of Federation in Identity Management Agenda Federation Backgrounder Federation
More informationThis chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationEMI Storage meets EMI security
EMI Storage meets EMI security Component/ Middleware glite (LFC,FTS,DPM,GFAL) ARC UNICORE StoRM dcache Staff With kind contributions by Oliver Keeble, Jean- Philippe Baud Jon Kerr Nilsen Ralph Müller-
More informationTitle: A Client Middleware for Token-Based Unified Single Sign On to edugain
Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de
More informationMiddleware- Driven Mobile Applications
Middleware- Driven Mobile Applications A motwin White Paper When Launching New Mobile Services, Middleware Offers the Fastest, Most Flexible Development Path for Sophisticated Apps 1 Executive Summary
More informationDelegation for On-boarding Federation Across Storage Clouds
Delegation for On-boarding Federation Across Storage Clouds Elliot K. Kolodner 1, Alexandra Shulman-Peleg 1, Gil Vernik 1, Ciro Formisano 2, and Massimo Villari 3 1 IBM Haifa Research Lab, Israel 2 Engineering
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationSecure Identity in Cloud Computing
Secure Identity in Cloud Computing Michelle Carter The Aerospace Corporation March 20, 2013 The Aerospace Corporation 2013 All trademarks, service marks, and trade names are the property of their respective
More informationHow to Implement Enterprise SAML SSO
How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and
More information<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008
Oracle Security Developer Tools (OSDT) August 2008 Items Introduction OSDT 10g Architecture Business Benefits Oracle Products Currently Using OSDT 10g OSDT 10g APIs Description OSDT
More informationTECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management
TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management Table of Contents Executive Summary 1 SECTION 1: CHALLENGE 2 The Need for
More informationOn Enabling Hydrodynamics Data Analysis of Analytical Ultracentrifugation Experiments
On Enabling Hydrodynamics Data Analysis of Analytical Ultracentrifugation Experiments 18. June 2013 Morris Reidel, Shahbaz Memon, et al. Outline Background Ultrascan Application Ultrascan Software Components
More informationResearch and Implementation of Single Sign-On Mechanism for ASP Pattern *
Research and Implementation of Single Sign-On Mechanism for ASP Pattern * Bo Li, Sheng Ge, Tian-yu Wo, and Dian-fu Ma Computer Institute, BeiHang University, PO Box 9-32 Beijing 100083 Abstract Software
More informationService Virtualization: Managing Change in a Service-Oriented Architecture
Service Virtualization: Managing Change in a Service-Oriented Architecture Abstract Load balancers, name servers (for example, Domain Name System [DNS]), and stock brokerage services are examples of virtual
More informationCosign Multi-Factor Specification 20 March 2006 Draft 6 Wesley Craig & Johanna Craig cosign@umich.edu
Cosign Multi-Factor Specification 20 March 2006 Draft 6 Wesley Craig & Johanna Craig cosign@umich.edu Introduction Replication No changes are required for the the daemon's replication protocol. When a
More informationFederation Proxy for Cross Domain Identity Federation
Proxy for Cross Domain Identity Makoto Hatakeyama NEC Corporation, Common Platform Software Res. Lab. 1753, Shimonumabe, Nakahara-Ku, Kawasaki, Kanagawa 211-8666, Japan +81-44-431-7663 m-hatake@ax.jp.nec.com
More informationDocuSign Single Sign On Implementation Guide Published: March 17, 2016
DocuSign Single Sign On Implementation Guide Published: March 17, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents
More informationHow to Extend your Identity Management Systems to use OAuth
How to Extend your Identity Management Systems to use OAuth THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to extend your Identity Management Systems to use OAuth OAuth Overview The basic model of
More informationDirect Issuance of Proxy Certificate on P-GRADE Grid Portal Without Using MyProxy
Direct Issuance of Proxy Certificate on P-GRADE Grid Portal Without Using MyProxy by Ng Kang Siong (ksng@mimos.my) Galoh Rashidah Haron (rashidah@mimos.my) MIMOS Berhad, Malaysia www.eu-egee.org EGEE and
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationWeb Applications Access Control Single Sign On
Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,
More information