easing access to grids using identity federations
play

Easing access to Grids using identity federations Daniel Kouil T - PowerPoint PPT Presentation

Oct 31, 2023 •44 likes •154 views

Easing access to Grids using identity federations Daniel Kouil T erena NREN & Grid Workshop 2008, Dublin PKI & Grids what we learnt The Grid authentication mechanism A lot of achievements Promising principles ...

  1. Easing access to Grids using identity federations Daniel Kouřil T erena NREN & Grid Workshop 2008, Dublin

  2. PKI & Grids – what we learnt  The Grid authentication mechanism  A lot of achievements  Promising principles  ... but a lot of details to cope with  Revocation checks, private key management, ...  Security reduced in deployment  Easier way of certificate management?

  3. Shibboleth-based Federations  Linking services and user management systems  standardized protocols  home institution keeps the most current data  services trust clients‘ institutions  eduid.cz in Czech Republic  SAML assertions  Attributes for AuthZ  suitable for large infrastructures  Primarily for web-based applications

  4. Common Access Toolkit for Federations  Project supported by CESNET FD and Masaryk University  Support for federation concepts in non- web world  Collaborative environments  PKI and „federated“ certificates  transporting IdP‘s assertions  Framework & user tools  OS integration

  5. Transparent PKI at Masaryk University  University computer hall & faculty facilities  Automatical generation of certificates  Standard Windows authN  Kerberos  Translating mechanism from Kerberos to X.509  The same identity, only different format  Enlarging the SSO area  Accessing services without explicit authentication

  6. Credential Translation WIN AD MyProxy CA Windows PC KRB5 X.509

  7. Federated CA  on-line CA running as SP  federation-based identity vetting  GridShib CA, SWITCH SLCS CA  CESNET CA – multiple instances (one to be accredited by IGTF)  certificates contain users attributes  X.509 extension (value or reference)  key & certificate management done by browser

  8. Management of certificates using CAT  browser-based solution not ideal  No overview of certificates, etc.  GUI desired  Network Identity Manager (NIM)  Widely used by Krb5 community  extensible by plugins  Obtaining certificates  explicit logging into federation  transparently

  9. NIM Plugins  plugin to manage „federated“ certificates  embedded browser to obtain certificate  MS CertStore  Authentication explicit or transparent  Depending on particular CA policy  Plugin to manage proxy certificates also available  Can access CertStore or MyProxy repository

  10. NIM plugin

  11. Conclusion  Transparent PKI to improve/retain security  Focusing on non-web world  Tools to obtain and manage certificates  From both local and federated CAs

Recommend

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest / Hungary Agenda Education & Research Identity Federations SAML Terminology Overview of SAML auth call flow WebRTC Identity model

1.09k views • 52 slides
Introduction to Identity Federations Brook Schofield eduGAIN Task Leader, GN3 Project &

Introduction to Identity Federations Brook Schofield eduGAIN Task Leader, GN3 Project &

Introduction to Identity Federations Brook Schofield eduGAIN Task Leader, GN3 Project & Project Development Officer, TERENA schofield@terena.org 15 October 2012 Building Federated Identity Policy, GN3 Symposium, Vienna, Austria Innovation

157 views • 12 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
Integrating non web-based services with identity federations Jens Khler, Michael Simon,

Integrating non web-based services with identity federations Jens Khler, Michael Simon,

bw IDM Integrating non web-based services with identity federations Jens Khler, Michael Simon, Sebastian Labitzke, Tobias Dussa, Martin Nubaumer bw IDM The bwIDM project Services of the state of Baden-Wrttemberg placed at

560 views • 11 slides
The Collaboration Game Niels van Dijk, Technical Product Manager SURFnet Topics - Identity

The Collaboration Game Niels van Dijk, Technical Product Manager SURFnet Topics - Identity

The Collaboration Game Niels van Dijk, Technical Product Manager SURFnet Topics - Identity federations 2010 - The Collaboration Game - A distributed landscape - Enter Domestication - The future of Domestication Identity federations 101

434 views • 39 slides
Identity internetworking with eduGAIN Diego R. Lopez - RedIRIS Confederations Federate

Identity internetworking with eduGAIN Diego R. Lopez - RedIRIS Confederations Federate

Connect. Communicate. Collaborate Identity internetworking with eduGAIN Diego R. Lopez - RedIRIS Confederations Federate Federations Connect. Communicate. Collaborate Same federating principles applied to federations themselves Own

510 views • 22 slides
Easing the Pain of Astronomical Database Access Disclaimer: I usually present this software to

Easing the Pain of Astronomical Database Access Disclaimer: I usually present this software to

Easing the Pain of Astronomical Database Access Disclaimer: I usually present this software to non VO-savvy people What is VODb? A desktop application that aims to simplify the process of querying astronomical databases A little history

414 views • 38 slides
PKI in federations - approach to non-web services Milan Sova, CESNET EuroCAMP, Dubrovnik, 2007

PKI in federations - approach to non-web services Milan Sova, CESNET EuroCAMP, Dubrovnik, 2007

Everything you never wanted to know about PKI in federations - approach to non-web services Milan Sova, CESNET EuroCAMP, Dubrovnik, 2007 SAMLized applications HTTPS web browser What about email access network access

141 views • 11 slides
Kantara F2F Berlin Closing Session Summary slides from: Business Cases for Trusted Federations

Kantara F2F Berlin Closing Session Summary slides from: Business Cases for Trusted Federations

Kantara F2F Berlin Closing Session Summary slides from: Business Cases for Trusted Federations Trust Framework Meta Model Telecommunications Identity Open Source Support Initiative Privacy Framework eGovernment Board of Trustees BCTF

322 views • 17 slides
Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti andrea.ceccanti@cnaf.infn.it EOSC-Hub AAI Tech Talk Europe, Earth, June 15th 2018 INDIGO Identity and Access Management service Flexible authentication support (SAML,

430 views • 24 slides
Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET Identity & Access Management Community of Practice Panelists: Corey Scholefield Vera Merkusheva Isabel Wong Sabrina da Silva 2 Conference

622 views • 19 slides
Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients & partners Conclusion Identity management System Requester Users admin Approver Application Application Provisioning system Identity A

826 views • 45 slides
Lets get a federated identity Do you have access to your email? Youll need a valid email

Lets get a federated identity Do you have access to your email? Youll need a valid email

Lets get a federated identity Do you have access to your email? Youll need a valid email address Intro to Federated Identity Do you have an account from Protect Network or Twitter You can skip ahead! EuroCAMP Training for

104 views • 7 slides
Making energy access through mini-grids affordable: The role of governments and international

Making energy access through mini-grids affordable: The role of governments and international

Making energy access through mini-grids affordable: The role of governments and international climate finance African Mini-grids Community of Practice Meeting 7 16 April 2020 LEDS GP Finance Working Group The LEDS GP Finance Working Group

273 views • 13 slides
Marcin Lawenda Pozna Supercomputing and Networking Center 4th TERENA NRENs and Grids Workshop,

Marcin Lawenda Pozna Supercomputing and Networking Center 4th TERENA NRENs and Grids Workshop,

Marcin Lawenda Pozna Supercomputing and Networking Center 4th TERENA NRENs and Grids Workshop, Amsterdam, Dec. 6-7, 2006 Why Vlabs Why labs ? VERY VERY limited limited limited access access access VERY VERY limited access Main

345 views • 21 slides
A Method for Remote Initial Vetting of Identity with PKI

A Method for Remote Initial Vetting of Identity with PKI

A Method for Remote Initial Vetting of Identity with PKI Credential International Symposium on Grids & Clouds 2017 9 March 2017 Academia Sinica, Taipei, Taiwan

689 views • 17 slides
radare Easing binary analysis for fun and profit Overview IO with plugins Basic file

radare Easing binary analysis for fun and profit Overview IO with plugins Basic file

radare Easing binary analysis for fun and profit Overview IO with plugins Basic file input/output access wrapped with plugins: Posix IO W32 IO Remote TCP IO EWF (Encase disk images) Debugger Haret ... Hexadecimal

695 views • 12 slides
Identity and Access Management IAM Lifecycle Committee Jan. 12, 2015 | Monday | 10:30 a.m.-12

Identity and Access Management IAM Lifecycle Committee Jan. 12, 2015 | Monday | 10:30 a.m.-12

Identity and Access Management IAM Lifecycle Committee Jan. 12, 2015 | Monday | 10:30 a.m.-12 p.m. | 561 Smith Center Agenda Short Program Status Update User Name Progress Discussion Topics: Sponsored people tool will be

613 views • 22 slides
Identity & Access Management IAM Lifecycle Committee Feb. 29, 2016 Monday 10:00-11:30 a.m.

Identity & Access Management IAM Lifecycle Committee Feb. 29, 2016 Monday 10:00-11:30 a.m.

Identity & Access Management IAM Lifecycle Committee Feb. 29, 2016 Monday 10:00-11:30 a.m. 561 Smith Center Agenda Introductions Meeting Purposes and Intended Outcomes Status Update Discussion: SSN Remediation Plans

219 views • 21 slides
Using Identity and Agency to Frame Access and Equity Robert Q. Berry, III, Ph.D. University of

Using Identity and Agency to Frame Access and Equity Robert Q. Berry, III, Ph.D. University of

Using Identity and Agency to Frame Access and Equity Robert Q. Berry, III, Ph.D. University of Virginia robertberry@virginia.edu @robertqberry #blackkidsdomath 2 Essential Elements of School Mathematics Program Access and Equity

523 views • 41 slides
PEOPLE.UTC.EDU The Problem with People IDENTITY AND ACCESS MANAGEMENT CHALLENGES Age

PEOPLE.UTC.EDU The Problem with People IDENTITY AND ACCESS MANAGEMENT CHALLENGES Age

PEOPLE.UTC.EDU The Problem with People IDENTITY AND ACCESS MANAGEMENT CHALLENGES Age Appearance Accuracy PEOPLE eGuide no longer supported Data Source eDirectory Updated by events and by user PROPOSAL Continue to

270 views • 10 slides
Data protection law a new challenge for International Sports Federations GDPR and what

Data protection law a new challenge for International Sports Federations GDPR and what

Data protection law a new challenge for International Sports Federations GDPR and what International Sports Federations must know Bangkok, 20 April 2018 Franois Carrard, Dr . iur ., Attorney-at-law www.kellerhals-carrard.ch AGENDA 1.

440 views • 19 slides
Private Digital Identity on Blockchain Tom Hamer, Kerry Taylor, Kee Siong Ng, Alwen Tiu The

Private Digital Identity on Blockchain Tom Hamer, Kerry Taylor, Kee Siong Ng, Alwen Tiu The

Private Digital Identity on Blockchain Tom Hamer, Kerry Taylor, Kee Siong Ng, Alwen Tiu The Global Identity Crisis In order to access critical services such as finance and social security, people need to have an identity 1.5 billion

857 views • 24 slides
CVMFS for Data Federations Derek Weitzel University of Nebraska - Lincoln Problem with Data

CVMFS for Data Federations Derek Weitzel University of Nebraska - Lincoln Problem with Data

CVMFS for Data Federations Derek Weitzel University of Nebraska - Lincoln Problem with Data Federations Users must know the exact filenames for each job. They have to use special tools they are unfamiliar with in order to use it (such

408 views • 18 slides

More recommend