macaroons and dcache or delegating in a cloudy world
play

Macaroons and dCache or delegating in a cloudy world Patrick - PowerPoint PPT Presentation

Nov 23, 2023 •303 likes •432 views

Macaroons and dCache or delegating in a cloudy world Patrick Fuhrmann Paul Millar Paul Millar On behave of the project team Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 1 Macaroons and dCache | Taipei |

  1. Macaroons and dCache … or delegating in a cloudy world Patrick Fuhrmann Paul Millar Paul Millar On behave of the project team Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 1

  2. Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 2

  3. AAI … but Thi t lk i This talk is about the second 'A': Authorisation . b t th d 'A' A th i ti Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 3

  4. Quick recap: which is which? Credential Authorization Authentication Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 4

  5. Authorisation without authentication? How ? How ? Photo by Alan Cleaver (CC-BY) Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 5

  6. Photon Science portal use ‐ case U Users U User Web DB Authentication LOGIN Brouser dCache Request Download Request Download http WebDAV WebDAV P Portal t l Redirect R di t Request Download q Storage Pool Stream Data Stream Data Stream Data USER Community Specific Service Stack Data Service Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 6

  7. Desired: client downloads directly Users U U User Web DB Authentication LOGIN Brouser Request Download dCache Portal Redirect http p Request Download (How to authorize this request ?) q ( q ) WebDAV Redirect Request Download Storage Pool Stream Data USER Community Specific Service Stack Data Service Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 7

  8. Desired: client downloads directly U Users U User Web DB Authentication LOGIN Brouser dCache Request Download Portal Request Token Supply Token T T Redirect http WebDAV T T Request Download q Redirect Request Download Storage Pool Stream Data USER Community Specific Service Stack Data Service Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 8

  9. What are bearer tokens? Bearer token is something the user presents with a request so the server will authorise it There's no interaction between the server will authorise it. There s no interaction between client and server. Examples of bearer tokens: Examples of bearer tokens: • HTTP BASIC authn, anything stored as a cookies. Counter ‐ examples: Counter ‐ examples: • X.509 credential, • SAML • SAML, • Kerberos. Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 9

  10. Bearer tokens for download authz • Redirection should work without JavaScript , • Simple: embed token in redirection URL. http://webdav.example.org/path/to/file?authz=<TOKEN> htt // bd l / th/t /fil ? th <TOKEN> (There are nicer ways of embedding the token, but the URL is the only thing we can control) • Complete token always sent with the request • Complete token always sent with the request. • What can we do to stop someone stealing this token? • … or make the token useless if they steal it. … or make the token useless if they steal it. Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 10

  11. Introducing Macaroons

Recommend

Whats new since 2016 Tigran Mkrtchyan for dCache Team dCache User Workshop, Ume, Sweden

Whats new since 2016 Tigran Mkrtchyan for dCache Team dCache User Workshop, Ume, Sweden

Whats new since 2016 Tigran Mkrtchyan for dCache Team dCache User Workshop, Ume, Sweden What will be NOT covered with talks Changes in REST API New functionality in dCache-view CEPH HA-dCache Macaroons and OpenID-connect

267 views • 25 slides
dCache dCache seminar at FERMIlab dCache.ORG Patrick Fuhrmann et al. dCache.ORG and slides

dCache dCache seminar at FERMIlab dCache.ORG Patrick Fuhrmann et al. dCache.ORG and slides

dCache dCache seminar at FERMIlab dCache.ORG Patrick Fuhrmann et al. dCache.ORG and slides stolen from nearly everywhere additional funding, support or contributions by d-grid DGI II P. Fuhrmann Sep 26, 2008 dCache seminar, FERMIlab

375 views • 34 slides
dCache Beginners Course Introducing dCache An overview to dCache and how it is deployed in grid

dCache Beginners Course Introducing dCache An overview to dCache and how it is deployed in grid

dCache Beginners Course Introducing dCache An overview to dCache and how it is deployed in grid environments. Karlsruhe Institute of Technology (KIT), Steinbuchcentre for Computing (SCC) KIT University of the State of Baden-Wuerttemberg and

297 views • 12 slides
The Tivoli Storage Manager in the Large Hardron Patrick Collider Grid world Fuhrmann for the

The Tivoli Storage Manager in the Large Hardron Patrick Collider Grid world Fuhrmann for the

dCache.ORG dCache.ORG The Tivoli Storage Manager in the Large Hardron Patrick Collider Grid world Fuhrmann for the dCache people TSM Symposium, Oxford Sep 27, 2005 Patrick Fuhrmann dCache.ORG dCache.ORG LCG Tier Center Mechanism Tier

573 views • 20 slides
dCache in Use at DESY dCache in Use DESY DV/IT 5.7.2010 Overview grid gridFTP, (gsi)dcap,

dCache in Use at DESY dCache in Use DESY DV/IT 5.7.2010 Overview grid gridFTP, (gsi)dcap,

Andreas Haupt, Birgit Lewendel dCache in Use at DESY dCache in Use DESY DV/IT 5.7.2010 Overview grid gridFTP, (gsi)dcap, SRM dcache-se-desy dcache-se-cms dcache-se-atlas lcg-se1 lcg-se0 Calice, CFEL, GKSS, ILC, Olympus, Petra3,

417 views • 7 slides
dCache for Photon Science Outline: Overview and Resources Photon dCache Monitoring Birgit

dCache for Photon Science Outline: Overview and Resources Photon dCache Monitoring Birgit

dCache for Photon Science Outline: Overview and Resources Photon dCache Monitoring Birgit Lewendel for the dCache operations team Summary DESY IT 6th dCache Workshop dCache at DESY DESY National Analysis Facility Zeuthen 0.7 PB CTA

100 views • 7 slides
dCache NFSv4.1 Tigran Mkrtchyan Zeuthen, 13.04.12 dCache NFSv4.1 | Tigran Mkrtchyan | 4/13/12 |

dCache NFSv4.1 Tigran Mkrtchyan Zeuthen, 13.04.12 dCache NFSv4.1 | Tigran Mkrtchyan | 4/13/12 |

dCache NFSv4.1 Tigran Mkrtchyan Zeuthen, 13.04.12 dCache NFSv4.1 | Tigran Mkrtchyan | 4/13/12 | Page 1 Outline NFSv41 basics NFSv4.1 concepts PNFS Id mapping Industry standard dCache implementation dCache NFSv4.1 |

1.14k views • 46 slides
dCache - delegated storage solutions Tigran Mkrtchyan for dCache Team ISGC 2016, Taiwan dCache

dCache - delegated storage solutions Tigran Mkrtchyan for dCache Team ISGC 2016, Taiwan dCache

dCache - delegated storage solutions Tigran Mkrtchyan for dCache Team ISGC 2016, Taiwan dCache on one slide JVM JVM JVM Message passing layer Door(s) Pool Manager Name Space Pools (clients entry point) Door Pools (requests scheduler)

254 views • 21 slides
CMS Subgroups in dCache 2.2 CMS T3 requirements for dCache We manage a CMS T3 cluster financed

CMS Subgroups in dCache 2.2 CMS T3 requirements for dCache We manage a CMS T3 cluster financed

CMS Subgroups in dCache 2.2 CMS T3 requirements for dCache We manage a CMS T3 cluster financed by 3 Swiss Institutes: PSI , UniZ , ETHZ ; during 2013 we will run 700TB net based on 2*NetApp E5400 + 4*Sun X4500 + 5*Sun X4540 ; Our user

210 views • 10 slides
Effjcient Message Serialization for Inter-Service Communication in dCache Evaluating a Replacement

Effjcient Message Serialization for Inter-Service Communication in dCache Evaluating a Replacement

Effjcient Message Serialization for Inter-Service Communication in dCache Evaluating a Replacement for Java Serialization in dCache Lea Morschel for dCache Team, November 7 2019 About dCache A distributed petabyte-scale storage system for

713 views • 42 slides
dCache: Powerful Storage Made Easy Paul l Milla illar (on behalf of the dCache.org team)

dCache: Powerful Storage Made Easy Paul l Milla illar (on behalf of the dCache.org team)

dCache: Powerful Storage Made Easy Paul l Milla illar (on behalf of the dCache.org team) dCache dCache is powerful storage system, providing what people need, now. We're also pushing the envelope of what storage systems can do.

1.04k views • 25 slides
dCache dCache in the in the NDGF Distributed Tier 1 NDGF Distributed Tier 1 Gerd Behrmann

dCache dCache in the in the NDGF Distributed Tier 1 NDGF Distributed Tier 1 Gerd Behrmann

dCache dCache in the in the NDGF Distributed Tier 1 NDGF Distributed Tier 1 Gerd Behrmann Second dCache Workshop Hamburg, 18 th of January 2007 NORDUnet A/S NORDUnet A/S The Nordic Regional Research and Educational Network (RREN)

520 views • 18 slides
dCache, selected topics (LCG MB) Patrick Fuhrmann dCache.ORG additional funding, support or

dCache, selected topics (LCG MB) Patrick Fuhrmann dCache.ORG additional funding, support or

dCache.ORG dCache, selected topics (LCG MB) Patrick Fuhrmann dCache.ORG additional funding, support or contributions by d-grid DGI II Phone Meeting 4.8.2009 LCG MB Patrick Fuhrmann Content Chimera and the Pnfs to Chimera Migration

176 views • 15 slides
Functional Encryptions and Cloudy Applications Function on a Cloudy Day Giuseppe Persiano

Functional Encryptions and Cloudy Applications Function on a Cloudy Day Giuseppe Persiano

Functional Encryptions and Cloudy Applications Function on a Cloudy Day Giuseppe Persiano Dipartimento di Informatica Universit` a di Salerno giuper@dia.unisa.it Crypto for 2020 January, 23 2013 Tenerife, Spain Giuseppe Persiano (UNISA)

1.35k views • 95 slides
Integra(on of Billing (Accoun(ng) Plots ( dCache 2.1+) Albert L.

Integra(on of Billing (Accoun(ng) Plots ( dCache 2.1+) Albert L.

Integra(on of Billing (Accoun(ng) Plots ( dCache 2.1+) Albert L. Rossi Fermi Na(onal Accelerator Laboratory Accoun(ng ( dCache Book , Chpt. 24) For dCache

401 views • 10 slides
ASL Cloudy RTA L. Strow Cloudy Radiative Transfer for AIRS Overview RTA Codes Comparisons to

ASL Cloudy RTA L. Strow Cloudy Radiative Transfer for AIRS Overview RTA Codes Comparisons to

ASL Cloudy RTA L. Strow Cloudy Radiative Transfer for AIRS Overview RTA Codes Comparisons to CM2 (GFDL) and ECMWF Closure with L2 Clouds ECMWF Comparisons L. Larrabee Strow 1 , Sergio DeSouza-Machado 1 , H. H. Cirrus Aumann 2 , Yi Huang 3

528 views • 36 slides
US CMS Tier 1 dCache Timur Perelmutov, Fermilab dCache Workshop, DESY, January 19, 2007 1

US CMS Tier 1 dCache Timur Perelmutov, Fermilab dCache Workshop, DESY, January 19, 2007 1

US CMS Tier 1 dCache Timur Perelmutov, Fermilab dCache Workshop, DESY, January 19, 2007 1 Stage Area Stage Area -11 nodes-10TB Pools for staging files from tapes managed by dCache File Hopping Pool-to-Pool copy to read pools

407 views • 13 slides
The ! !dCache ! !labs 7 th !International !dCache !Workshop Patrick !Fuhrmann Welcome !to !7 th

The ! !dCache ! !labs 7 th !International !dCache !Workshop Patrick !Fuhrmann Welcome !to !7 th

The ! !dCache ! !labs 7 th !International !dCache !Workshop Patrick !Fuhrmann Welcome !to !7 th !International !dCache !Workshop !| !HTW !Berlin, !Berlin !| !Patrick !Fuhrmann !| !27 !May !2013 !| !1 Content CMS Disk / Tape separation

551 views • 27 slides
Authorization credentials for controlled sharing in NDN: Experiments with codecaps and macaroons

Authorization credentials for controlled sharing in NDN: Experiments with codecaps and macaroons

Authorization credentials for controlled sharing in NDN: Experiments with codecaps and macaroons in NDN.JS NDNCOMM 2014 Pedro de-las-Heras-Quir os, Eva M. Castro-Barbero &lt;pedro.delasheras@urjc.es&gt; Information Technology and

597 views • 30 slides
Chimera and NFS 4.1 in dCache dCache.ORG Patrick Fuhrmann Tigran Mkrtchyan presented by Peter

Chimera and NFS 4.1 in dCache dCache.ORG Patrick Fuhrmann Tigran Mkrtchyan presented by Peter

Chimera and NFS 4.1 in dCache dCache.ORG Patrick Fuhrmann Tigran Mkrtchyan presented by Peter van der Reest, DESY at HEPiX, Fall 2007 dCache.ORG Fuhrmann, Mkrtchyan, v.d.Reest HEPiX, Fall 2007 Nov 6, 2007 Content Motivation dCache.ORG

621 views • 16 slides
SRM Dmitry Litvintsev 7th international dCache workshop, May 27-29,2013 dCache Team Dmitry

SRM Dmitry Litvintsev 7th international dCache workshop, May 27-29,2013 dCache Team Dmitry

SRM Dmitry Litvintsev 7th international dCache workshop, May 27-29,2013 dCache Team Dmitry Litvintsev Wednesday, May 29, 13 Plan SRM, a reminder SRM parameters SRM troubleshooting dCache Team 2 Dmitry Litvintsev

827 views • 34 slides
dCache Storage Resource Manager introduction Timur Perelmutov For the dCache team Edinburgh,

dCache Storage Resource Manager introduction Timur Perelmutov For the dCache team Edinburgh,

dCache Storage Resource Manager introduction Timur Perelmutov For the dCache team Edinburgh, November 2007 Nov 13-14, 2007, Edinburgh SRM 2.2 Workshop 1 Project Topology : The Team Head of dCache.ORG Head of Development FNAL : Timur

281 views • 11 slides
7th International dCache Workshop Berlin Bits and Pieces 2013 Christian Bernardt (at DESY)

7th International dCache Workshop Berlin Bits and Pieces 2013 Christian Bernardt (at DESY)

7th International dCache Workshop Berlin Bits and Pieces 2013 Christian Bernardt (at DESY) Berlin, 28.05.2013 dCache Team dCache Team Chris&amp;an Bernardt Content New webpage IPv6 (OS, JVM, dCache) No PinManager for Tier 2

503 views • 33 slides
BNL dCache Status and Plan dCache Workshop: January 18-19, 2007 dCache Workshop: January 18-19,

BNL dCache Status and Plan dCache Workshop: January 18-19, 2007 dCache Workshop: January 18-19,

BNL dCache Status and Plan dCache Workshop: January 18-19, 2007 dCache Workshop: January 18-19, 2007 Carlos Gamboa, Zhenping (Jane) Liu, Ofer Rind, Carlos Gamboa, Zhenping (Jane) Liu, Ofer Rind, Jason Smith &amp; Yingzi (Iris) Wu &amp;

294 views • 15 slides

More recommend