credential mapping in grids
play

Credential Mapping in Grids Esteban Talavera Gonzlez Center for - PowerPoint PPT Presentation

Jul 15, 2023 •116 likes •569 views

Overview Background Our solution Conclusions Credential Mapping in Grids Esteban Talavera Gonzlez Center for Parallel Computers (PDC) Royal Institute of Technology (KTH) Stockholm March 16, 2007 Esteban Talavera Gonzlez Credential

  1. Overview Background Our solution Conclusions Credential Mapping in Grids Esteban Talavera González Center for Parallel Computers (PDC) Royal Institute of Technology (KTH) Stockholm – March 16, 2007 Esteban Talavera González Credential Mapping in Grids 1

  2. Overview Background Our solution Conclusions Outline Overview 1 Background 2 Authentication mechanisms Web services Our solution 3 Previous Work Kerberos = ⇒ X.509/SAML conversion X.509 = ⇒ Kerberos conversion Conclusions 4 Contributions Future Work Esteban Talavera González Credential Mapping in Grids 2

  3. Overview Background Our solution Conclusions Outline Overview 1 Background 2 Authentication mechanisms Web services Our solution 3 Previous Work Kerberos = ⇒ X.509/SAML conversion X.509 = ⇒ Kerberos conversion Conclusions 4 Contributions Future Work Esteban Talavera González Credential Mapping in Grids 2

  4. Overview Background Our solution Conclusions Outline Overview 1 Background 2 Authentication mechanisms Web services Our solution 3 Previous Work Kerberos = ⇒ X.509/SAML conversion X.509 = ⇒ Kerberos conversion Conclusions 4 Contributions Future Work Esteban Talavera González Credential Mapping in Grids 2

  5. Overview Background Our solution Conclusions Outline Overview 1 Background 2 Authentication mechanisms Web services Our solution 3 Previous Work Kerberos = ⇒ X.509/SAML conversion X.509 = ⇒ Kerberos conversion Conclusions 4 Contributions Future Work Esteban Talavera González Credential Mapping in Grids 2

  6. Overview Background Our solution Conclusions Outline Overview 1 Background 2 Authentication mechanisms Web services Our solution 3 Previous Work Kerberos = ⇒ X.509/SAML conversion X.509 = ⇒ Kerberos conversion Conclusions 4 Contributions Future Work Esteban Talavera González Credential Mapping in Grids 3

  7. Overview Background Our solution Conclusions Security Credentials Authentication vs. Authorization A piece of information used to prove the identity of a subject (i.e. Authentication ) There are many different ones, from passwords to certificates Must be trusted by the party the entity is authenticating to Once the subject is authenticated, he will or will not be authorized to perform a desired action depending on his identity and the security policy Esteban Talavera González Credential Mapping in Grids 4

  8. Overview Background Our solution Conclusions Grid security In Grids clients and resources from different security domains interact with each other Each domain is governed by its own administration and security policy Service requests may cross domains where different security models are used Authentication is needed before using a resource, located locally or remotely It is difficult to know which resources will be requested beforehand, and therefore which credentials will be needed, too Esteban Talavera González Credential Mapping in Grids 5

  9. Overview Background Our solution Conclusions Problem Statement The client’s credential could be invalid at the resource’s domain in terms of: Format : Different security mechanisms used in each side, recipient cannot understand the credential Trust : Pre-established trust relationship between credential issuer and recipient is needed to validate it If authentication is not successful, the client’s application could be aborted or stopped before finishing its job Goal: Translating security credentials from a format comprehensible in the requester domain into an understandable format in the relying domain. The resulting credential needs also to be trusted by the recipient Esteban Talavera González Credential Mapping in Grids 6

  10. Overview Background Authentication mechanisms Our solution Web services Conclusions Outline Overview 1 Background 2 Authentication mechanisms Web services Our solution 3 Previous Work Kerberos = ⇒ X.509/SAML conversion X.509 = ⇒ Kerberos conversion Conclusions 4 Contributions Future Work Esteban Talavera González Credential Mapping in Grids 7

  11. Overview Background Authentication mechanisms Our solution Web services Conclusions Authentication Mechanisms The security credentials that will be taken into account for mapping are: Kerberos tickets : Widely used for authentication and authorization of users in intra-domain networks X.509 certificates : Well known credential, mostly used for inter-domain authentication (e.g. on the Internet) SAML assertions : Emerging standard providing XML-based credentials Esteban Talavera González Credential Mapping in Grids 8

  12. Overview Background Authentication mechanisms Our solution Web services Conclusions Kerberos Based on symmetric cryptography (shared keys): The same key is used for encryption and decryption Clients , identified by Principal and Realm name (e.g. esteban@KTH.SE ), want to access to Services provided by one or more Application Servers (hosts) These operations are supervised by the Authentication Server (AS) and one Ticket Granting Server (TGS) Secret keys are shared between the AS and the TGS, the AS and the clients, and between the TGS and every server in the realm ( master keys ) Esteban Talavera González Credential Mapping in Grids 9

  13. Overview Background Authentication mechanisms Our solution Web services Conclusions Kerberos operation Application Server ���������� ���������� ���������� ���������� (serv) KEYtgs−serv KEYtgs−serv ���������� ���������� ���������� ���������� TGS ���������� ���������� KEYas−tgs ���������� ���������� ���������� ���������� ���������� ���������� Login ���������� ���������� KDC (user+passwd) ���������� ���������� ���������� ���������� Client ���������� ���������� 1 ���������� ���������� ���������� ���������� AS ���������� ���������� User KEYas−tgs ���������� ���������� ���������� ���������� ���������� ���������� 1) The user authenticates locally with the user name and password Esteban Talavera González Credential Mapping in Grids 10

  14. Overview Background Authentication mechanisms Our solution Web services Conclusions Kerberos operation Application Server ���������� ���������� ���������� ���������� (serv) KEYtgs−serv ���������� ���������� KEYtgs−serv ���������� ���������� TGS ���������� ���������� KEYas−tgs ���������� ���������� ���������� ���������� ���������� ���������� Login ���������� ���������� KDC (user+passwd) ���������� ���������� ���������� ���������� Client Request TGT ���������� ���������� 1 ���������� ���������� 2 ���������� ���������� AS ���������� ���������� User + TGT: KEYas−tgs [KEYclient−tgs] ���������� ���������� passwd ���������� ���������� [KEYclient−tgs, clientID,...] KEYas−tgs ���������� ���������� 2) The client requests a Ticket Granting Ticket (TGT), presenting the password as credential to the Authentication Server (AS) Esteban Talavera González Credential Mapping in Grids 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Shibboleth Interoperability - Short-Lived Credential Service (SLCS) Valry Tschopp, SWITCH

Shibboleth Interoperability - Short-Lived Credential Service (SLCS) Valry Tschopp, SWITCH

Enabling Grids for E-sciencE - II Shibboleth Interoperability - Short-Lived Credential Service (SLCS) Valry Tschopp, SWITCH JRA1 All Hands Meeting, Abingdon, 9 Nov 2006 www.eu-egee.org INFSO-RI-031688 Presentation Outline Enabling Grids

452 views • 12 slides
A"Study"of"Credential"Integration"Model"

A"Study"of"Credential"Integration"Model"

A"Study"of"Credential"Integration"Model" in"Academic"Research"Federation" Supporting"a"Wide"Variety"of"Services International,Symposium,Grids,&,Clouds,2018 20 th

282 views • 16 slides
A New Parallel Asynchronous Cellular Genetic Algorithm for Mapping in Grids Frdric Pinel,

A New Parallel Asynchronous Cellular Genetic Algorithm for Mapping in Grids Frdric Pinel,

A New Parallel Asynchronous Cellular Genetic Algorithm for Mapping in Grids Frdric Pinel, Bernab Dorronsoro, Pascal Bouvry NIDISC 2010 Outline Contribution Problem description Algorithms Results Future work

566 views • 17 slides
SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk, Director Dora Apodaca, Credential Analyst Evelyn Martinez, Office Coordinator Leah Sosnowski, Credential Analyst Meredith West, Credential Analyst

573 views • 14 slides
MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk, Director Dora Apodaca, Credential Analyst Evelyn Martinez, Office Coordinator Leah Sosnowski, Credential Analyst Meredith West, Credential Analyst

502 views • 14 slides
Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential

Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential

Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential Evaluation Shelby L. Cearley Texas Tech University Office of Graduate & International Admissions Todays Session Agenda A brief roadmap

372 views • 5 slides
Credential Assessment Mapping Privilege Escalation at Scale Matt Weeks @scriptjunkie1 Adversary

Credential Assessment Mapping Privilege Escalation at Scale Matt Weeks @scriptjunkie1 Adversary

Credential Assessment Mapping Privilege Escalation at Scale Matt Weeks @scriptjunkie1 Adversary access (# boxes owned) 10000 1000 100 10 1 Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Adversary access (#

721 views • 45 slides
CREDENTIAL, ADJUNCT AND OVERLOAD PROCESS-ACADEMIC AFFAIRS REQUIREMENTS May 29 th , 2020

CREDENTIAL, ADJUNCT AND OVERLOAD PROCESS-ACADEMIC AFFAIRS REQUIREMENTS May 29 th , 2020

CREDENTIAL, ADJUNCT AND OVERLOAD PROCESS-ACADEMIC AFFAIRS REQUIREMENTS May 29 th , 2020 CREDENTIAL PROCESS May 29 th , 2020 CREDENTIAL STEPS 1. Original Transcripts sent to CAFA (Dr. Taylors Office: Curriculum, Assessment and Faculty

470 views • 16 slides
PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A

PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A

RSA LABS PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A credential management service that allows individuals and employees to securely and seamlessly access any app from any device. 2 RHAPSODY

239 views • 9 slides
UPM DAY 1: SMART GRIDS TABLE 1: TECHNOLOGICAL CHALLENGES RELATED WITH SMART GRIDS DEVELOPMENT

UPM DAY 1: SMART GRIDS TABLE 1: TECHNOLOGICAL CHALLENGES RELATED WITH SMART GRIDS DEVELOPMENT

Guillermo del Campo UPM DAY 1: SMART GRIDS TABLE 1: TECHNOLOGICAL CHALLENGES RELATED WITH SMART GRIDS DEVELOPMENT INTERNATIONAL SUMMER SCHOOL SMART GRIDS AND SMART CITIES Barcelona, 6-8 June 2017 Context Dramatic growth of energy

618 views • 16 slides
The C Credential D Doc octor or i is In s In: : Ask sk Your Your C Col olleague ues

The C Credential D Doc octor or i is In s In: : Ask sk Your Your C Col olleague ues

The C Credential D Doc octor or i is In s In: : Ask sk Your Your C Col olleague ues TAICEP 30 April 2020 2 To Todays Pre resent nters rs Shereen Mir- Shelby Cearley Barbara Glave Bettina Smegi Jabbar Senior

409 views • 37 slides
The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

7/17/2019 The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education Society of Actuaries What it is A credential for those in actuarial support roles Exams because that is what we do Code of

328 views • 6 slides
The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education Society of Actuaries What it is A credential for those in actuarial support roles Exams because that is what we do Code of Conduct

304 views • 5 slides
TEXTURE MAPPING 1 OUTLINE Introduce Mapping Methods Texture Mapping Environment

TEXTURE MAPPING 1 OUTLINE Introduce Mapping Methods Texture Mapping Environment

TEXTURE MAPPING 1 OUTLINE Introduce Mapping Methods Texture Mapping Environment Mapping Bump Mapping Basic mapping strategies Forward vs backward mapping Point sampling vs area averaging Introduce

775 views • 25 slides
Registration and Credential Repository (RCR) Review Matthew Boron, RPh PMB, CTEP, NCI February

Registration and Credential Repository (RCR) Review Matthew Boron, RPh PMB, CTEP, NCI February

Registration and Credential Repository (RCR) Review Matthew Boron, RPh PMB, CTEP, NCI February 25, 2020 Goals and Objectives Describe why the Registration and Credential Repository was implemented Explain requirements and how to access

562 views • 45 slides
Image Warping Image Mapping Image Mapping - Examples Forward Mapping Forward Mapping -

Image Warping Image Mapping Image Mapping - Examples Forward Mapping Forward Mapping -

Image Warping Image Mapping Image Mapping - Examples Forward Mapping Forward Mapping - Disadvantages Example Forward Mapping Original Rotated Zoom In Backward Mapping The Problem: (u,v) are not integers! "# Nearest Neighbor

715 views • 49 slides
/-J Los Alamos NATIONA L LABOR ATOR Y ---- EH.1941 ---- Los Alamos National Laboratory, an

/-J Los Alamos NATIONA L LABOR ATOR Y ---- EH.1941 ---- Los Alamos National Laboratory, an

0 s\ \ '6 LA-UR- 0 <=\ - Approved for public release; distribution is unlimited. Title: Kerberized Network File System for Clusters Author(s): Ian Burns Christoph er Hoffman Paige Ashlynn Intended for: Electronic/World-wide Web Academi c

459 views • 17 slides
Kerberos and Health Checks and Bare Metal, Oh My! Updates to OpenStack Sahara in Newton Updates

Kerberos and Health Checks and Bare Metal, Oh My! Updates to OpenStack Sahara in Newton Updates

Kerberos and Health Checks and Bare Metal, Oh My! Updates to OpenStack Sahara in Newton Updates to OpenStack Sahara in Newton Vitaly Gridnev, Sahara PTL (Mirantis) Elise Gafford, Sahara Core (Red Hat) Nikita Konovalov, Sahara Core (Mirantis)

632 views • 39 slides
A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol developed at MIT as part of Project Athena. Is a shared-secret, trusted third party authentication system. Uses encryption to provide

280 views • 8 slides
Cross-Realm Kerberos Authentication A study into implementations and compatibility Esan Wit Mick

Cross-Realm Kerberos Authentication A study into implementations and compatibility Esan Wit Mick

Introduction Background Approach and Results Conclusion Cross-Realm Kerberos Authentication A study into implementations and compatibility Esan Wit Mick Pouw Supervisor: Michiel Leenaars A System and Network Engineering RP University of

558 views • 20 slides
The Handle Turns Itself... Adventures In Account Management Toby Blake Craig Strachan School of

The Handle Turns Itself... Adventures In Account Management Toby Blake Craig Strachan School of

The Handle Turns Itself... Adventures In Account Management Toby Blake Craig Strachan School of Informatics University of Edinburgh The Good Old Days UID text file or similar /etc/passwd Username Make it up or ask the user Today LDAP

345 views • 18 slides
Cayuse 424 Training 1. Entering Applications in Cayuse 424 2. Open Discussion/Questions Cayuse

Cayuse 424 Training 1. Entering Applications in Cayuse 424 2. Open Discussion/Questions Cayuse

Cayuse 424 Training 1. Entering Applications in Cayuse 424 2. Open Discussion/Questions Cayuse 424 Entering Application Updated: July 25, 2018 Training Outline Overview of Cayuse 424 Cayuse 424 Hands-on Lab Professional Profiles

331 views • 9 slides
Identity Federation for Virtual Organizations: GridShib and MyProxy APAN Middleware Workshop

Identity Federation for Virtual Organizations: GridShib and MyProxy APAN Middleware Workshop

Identity Federation for Virtual Organizations: GridShib and MyProxy APAN Middleware Workshop Jan 22nd, 2006 Toyko, Japan Von Welch vwelch@ncsa.uiuc.edu Outline GridShib MyProxy Future plans: Shibboleth/MyProxy/GridShib

473 views • 28 slides
+ Scyld

+ Scyld

+ Scyld Cloud Workstation Shailesh Shenoy

486 views • 13 slides

More recommend