identity management in the european grid infrastructure
play

Identity management in the European Grid Infrastructure Established - PowerPoint PPT Presentation

Sep 23, 2023 •158 likes •452 views

EGI InSPIRE Identity management in the European Grid Infrastructure Established solutions, new needs, open questions Gergely Sipos Technical Outreach Manager EGI.eu, Amsterdam gergely.sipos@egi.eu Identity Management for research and

  1. EGI ‐ InSPIRE Identity management in the European Grid Infrastructure Established solutions, new needs, open questions Gergely Sipos Technical Outreach Manager EGI.eu, Amsterdam gergely.sipos@egi.eu Identity Management for research and collaboration Workshop 1 Utrecht, 6-7, September 2012 9/6/2012 www.egi.eu www.egi.eu EGI ‐ InSPIRE RI ‐ 261323 EGI ‐ InSPIRE RI ‐ 261323 http://www.terena.org/activities/vamp/ws1/

  2. Outline • European Grid Infrastructure - intro • AAI in the ‘grid middleware’ – X509 variants • FIM in EGI – NGIs’ readiness – Bridging solutions – Pilots, production systems – FIM and the EGI Federated Cloud • Conclusions 2 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  3. The EGI Ecosystem VRC: Virtual Research Community VO: Virtual Organisation TRANSfoRm Policies + Funding User Community Requirements + Services + EGI ‐ InSPIRE Feedback Support Requirements + Resource & service Feedback Providers Policies + Requirements Technology Providers European EGI.eu foundation Funding Commission Grid middleware National Grid software National Research Infrastructures Strategic SW + Councils (NGIs) ~45 Feedback Support Cloud provider software Public Funding Bodies 3 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  4. EGI’s Strategic Focus http://go.egi.eu/EGI2020 • Operational Infrastructure – Operate a European wide infrastructure – Offer its use to other research infrastructures – Build a federated cloud environment • Virtual Research Environments (VREs) – Support the development, integration & operation of community/project/domain specific services • Community & Coordination – Community building through events – Community networking through the NGIs 4 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  5. Installed capacity (Apr ‘12) Metric Value (yearly increase) Sites 326 (+3%) Nb. of CPU cores 270,800 (+31%) Disk (PB) 139 PB (+31%) Tape (PB) 134 PB (+50%) 5 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  6. Capacity usage (May 2011-April 2012) First runs of Metric Value (yearly increase) the Large Hidron CPU time Total (Billion HEP ‐ SPEC 06 hours) 10.5 (+52.91%) Collider Total (million) 492.5 (+46.42% ) Computing jobs Average job/day (million) 1.35 High ‐ Energy Physics 93.60% Astronomy and Astrophysics 2.25% % of total Life Sciences 1.30% consumed Various disciplines 1.23% CPU time Remaining disciplines 1.62% 6 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  7. Software Provisioning • EGI Technology Roadmap External Technology EMI, IGE, SAGA (cluster grids) Providers EDGI (desktop grids) Software Requirements Operations Deployed Criteria Criteria Staged Production Software Definition Verification Rollout SU Provisioning Infrastructure 30/05/2012 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  8. AAI in the ‘grid middleware-based EGI’ Grid = federated resources exposed for controlled sharing via middleware services Nb. of users ~20.000 in total – X.509 personal certificates Tens of thousands • From IGTF CAs • From Terena Certificate Service (Federated request) – Limited certificates Thousands • Restricted in lifetime and/or infrastructure coverage • E.g. GILDA CA (http://gilda.ct.infn.it/certification-authority) • E.g. Swiss Short Lived Credential Service (SLCS) Hundreds – Robot certificates (<100 robot) • Identify applications (often portals) instead of users • Growing popularity and availability https://wiki.egi.eu/wiki/Robot_certificates https://wiki.egi.eu/wiki/EGI_robot_certificate_users 8 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  9. AAI Challenges • EGI requirements for a generic AAI: – Geographical coverage, science discipline coverage, scalability, robustness, simplicity, sustainability, compatibility with VRE & EGI operations services • X.509 meets all, but one: Simplicity How can X.509 based infrastructures simplified for users? – MyProxy, online CAs, Terena CAs, robot certificates,... and ...federated identity management 9 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  10. Solutions - issues Solution to simplify access Problem with the solution MyProxy • Certificate management issues remain Terena CAs • (Most of the) certificate management issues remain • Limited coverage (geographycal & discipline) Robot certificates • Auth & logging responsibilities move to portals • Users become invisible to the infrastructure • For certain types of applications only Short lived credential services • Limited geographical coverage (SWITCH SLCS, IGI Online CA) • Is Federated Identity Management a better alternative? • User communities say YES (FIM workshops & paper) • Are the NGIs ready for adopting FIM? EGI Virtual Team project: Assess the readiness of the NGIs in adopting FIM mechanisms: https://wiki.egi.eu/wiki/VT_Federated_Identity_Providers_Assessment 10 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  11. FIM assessment - EGI Virtual Team project The Identity Federations of the • Participants from Czech, French, Italian, Irish, Swiss NRENs are similarly exclusive NGIs + EGI.eu • Defined, then filled a survey: Are personal e ‐ science Are the Grid institutions Are the institutions of Are there other relevant certificates from Terena of the NGI in national the potential users of ‘federated identity’ Certificate Service (TCS) TCS federation? your NGI eligible for based authentication available in the NGI? certificates from TCS? services available in the NGI? Ireland No N.A. N.A. Exploring possibilities of a (but server certificates are) SLCS CA Czech Rep. Yes All major but one (ongoing) Partly No France No N.A. N.A. No Switzerland No N.A. N.A. SLCS (IGTF accredited) Italy Yes Most Partly Preparing a MICS CA https://wiki.egi.eu/wiki/VT_Federated_Identity_Providers_Assessment 11 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  12. Possibilities for FIM integration with EGI 1.Middleware services ‘speak’ FIM (accept SAML assertions) • External technology providers! EMI & IGE plans are under development – EMI MJRA1.12 (Common Security Architecture Assessment) • Accounting systems must be also adapted (SAML  certificate DN) 2.FIM-X509 bridging – Mapping SAML idenity to X509 Various solutions, routine useage: 1. GridCertLib & SLCS (Swiss portals) 2. Online CA (portal for the Italian Grid Infrastructure) 3. Catania Science Gateway framework (various science gateways) 12 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  13. GridCertLib & SLCS VOMS SLCS SLCS certificate + GridCertLib SAML assertion grid proxy from FIM login (Java library) (with VOMS) ~11 days Some web portal Fix VO, for example WS ‐ PGRADE unique user ID Contact: Sergio Maffioletti (sergio.maffioletti@gc3.uzh.ch) – GridCertLib Zoltán Farkas (zoltan.farkas@sztaki.mta.hu) – WS ‐ PGRADE 13 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  14. Online CA for the IGI Portal Alternative: Plan: Certificate into IGTF accreditation the browser Browser Web user page CA backend CA bridge MICS certificate (13 months) IGI pop ‐ up MyProxy window Portal IGI IDEM Federation VOMS (Italian) Fix VO, Contact: unique user ID Marco Bencivenni (marco.bencivenni@cnaf.infn.it) 14 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  15. Catania Science Gateway framework eToken server Robot VOMS certificate SLCS certificate SAML assertion + Portal from FIM login grid proxy (with VOMS) Fix VO, Fix user ID User tracking & logging Contact: Roberto Barbera (roberto.barbera@ct.infn.it) 15 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  16. EGI-InSPIRE activities 1. • Make NGIs aware of available (bridging) solutions and the existing gaps – so these can get filled! – June 2012: ‘Authentication solutions in EGI’ report https://documents.egi.eu/document/1178 – August 2012: Blog post series http://www.egi.eu/blog/2012/08/09/federated_identity_management.html – September 2012: AAI workshop • Prague, 19 th of September: http://go.egi.eu/aaiworkshop – December 2012 (approx): Science Gateway Primer • ‘Manual for portal developers’ – witten by an EGI Virtual Team project • Chapter on integrating science gateways with identity federations • https://wiki.egi.eu/wiki/VT_Science_Gateway_Primer 16 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  17. AAI workshop + Discussion (16:00 ‐ 17:30) 17 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  18. EGI-InSPIRE activities 2. • Facilitate federated services – pilot & production services – AAI pilot for EGA – GrIDP federation – FIM authentication in the EGI Federated Cloud 18 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  19. AAI Pilot: European Genome-phenome Archive (EGA) Data Access Committee Logged in from the HAKA identity Grant federation access Request access to dataset X Update policy (SPL) administration PAP CLI EGA Argus Obtain autz info Request PEP portal dataset API execution Obtain authz info Provide dataset EGA 19 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

  20. Grid Identity Pool (GrIDP) federation EGI.eu Single Sign On (~1700 users at the moment) 20 www.egi.eu EGI ‐ InSPIRE RI ‐ 261323

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SEE-GRID-SCI SEE-GRID Infrastructure for Regional eScience www.see-grid-sci.eu International

SEE-GRID-SCI SEE-GRID Infrastructure for Regional eScience www.see-grid-sci.eu International

SEE-GRID-SCI SEE-GRID Infrastructure for Regional eScience www.see-grid-sci.eu International Symposium on Grid Computing (ISGC) Academia Sinica, Taipei, 5-12 March 2010 Dr. Ognjen Prnjat European and Regional Grid Management GRNET The

329 views • 31 slides
EUDAT: Towards a pan-European Collaborative Data Infrastructure Federated Identity Management and

EUDAT: Towards a pan-European Collaborative Data Infrastructure Federated Identity Management and

EUDAT: Towards a pan-European Collaborative Data Infrastructure Federated Identity Management and Access Control Mark van de Sanden SARA, The Netherlands Terena VAMP workshop Utrecht, 6-7 September 2012 Outline Project Core Services

435 views • 16 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
Digital Identity as a Basis for Internet Security Infrastructure Ing. Radovan Semank

Digital Identity as a Basis for Internet Security Infrastructure Ing. Radovan Semank

Digital Identity as a Basis for Internet Security Infrastructure Ing. Radovan Semank Business Global Systems Agenda Introduction Unified User Management Public Key Infrastructure Digital Identity Conclusion Introduction

337 views • 12 slides
SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular

SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular

KTH ROYAL INSTITUTE OF TECHNOLOGY SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems M. Khodaei, H. Jin and P . Papadimitratos Networked Systems Security Group (NSS) In IEEE

464 views • 42 slides
1 File Management: Outline File Management File Package Overview The GATFile class Authors

1 File Management: Outline File Management File Package Overview The GATFile class Authors

What is GAT? Grid Application Toolkit GAT is? an API and toolkit for developing and running portable grid apps independently of the underlying grid infrastructure and available services Authors: Gabrielle Allen, K. Davis, T. Goodale,

194 views • 5 slides
NG07 summary: Grid state of art, solution infrastructure and solution, infrastructure, and

NG07 summary: Grid state of art, solution infrastructure and solution, infrastructure, and

NG07 summary: Grid state of art, solution infrastructure and solution, infrastructure, and KnowARC topics Weizhong Qiang N November 2, 2007 b 2 2007 Outline Outline Grid State of Art Some grid projects and their strategy Grid

658 views • 34 slides
European Identity of Biom edical Science S TU D E N T F OR U M E d i n b u r g h , 2 0 12

European Identity of Biom edical Science S TU D E N T F OR U M E d i n b u r g h , 2 0 12

European Identity of Biom edical Science S TU D E N T F OR U M E d i n b u r g h , 2 0 12 Overview of discussion topics I) European identity of BMS a) What characterizes a profession in general? b) What should characterize our

692 views • 19 slides
Kipper a Grid bridge to Identity Federation Andrey Kiryanov Brief The Kipper client

Kipper a Grid bridge to Identity Federation Andrey Kiryanov Brief The Kipper client

Kipper a Grid bridge to Identity Federation Andrey Kiryanov Brief The Kipper client software combines tools and utilities to extend a Web Application to: Enable login via federated SSO like eduGAIN Retrieve a SAML2 Identity Assertion

385 views • 24 slides
Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity

Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity

Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity Management Engineering, Red Hat jpazdziora@redhat.com 15 th October 2014 Identity Users; user groups. Hosts; host groups; services. Identities

700 views • 18 slides
A European Grid Technology A European Grid Technology http://www.unicore.eu

A European Grid Technology A European Grid Technology http://www.unicore.eu

A European Grid Technology A European Grid Technology http://www.unicore.eu http://www.unicore.eu Achim Streit Jlich Supercomputing Centre (JSC) History Lesson History Lesson UN iform I nterface to CO mputing Re sources seamless,

454 views • 23 slides
SA1.4 Infrastructure for Grid Management Overview Emir Imamagic University Computing Centre

SA1.4 Infrastructure for Grid Management Overview Emir Imamagic University Computing Centre

EGI-InSPIRE SA1.4 Infrastructure for Grid Management Overview Emir Imamagic University Computing Centre (SRCE) 1 EGI-InSPIRE RI-261323 www.egi.eu Operational Tools Mailing List Communication between operational tool administrators

339 views • 9 slides
Towards Deploying a Scalable &amp; Robust Vehicular Identity and Credential Management

Towards Deploying a Scalable &amp; Robust Vehicular Identity and Credential Management

Towards Deploying a Scalable &amp; Robust Vehicular Identity and Credential Management Infrastructure M. Khodaei, H. Jin, and P. Papadimitratos Networked Systems Security Group www.ee.kth.se/nss Royal Institute of Technology (KTH) Stockholm,

302 views • 26 slides
Infrastructure To facilitate the efficient and effective rollout of Strategic Electricity Grid

Infrastructure To facilitate the efficient and effective rollout of Strategic Electricity Grid

DEA National Corridors for Electricity Grid Infrastructure To facilitate the efficient and effective rollout of Strategic Electricity Grid Infrastructure 20 th February 2014 First Expert Reference Group Meeting CSIR Pretoria Presented by:

148 views • 14 slides
Logging into the Grid (certificates) NorduGrid Tutorial, LCSC 2002 1 Grid Security

Logging into the Grid (certificates) NorduGrid Tutorial, LCSC 2002 1 Grid Security

NorduGrid Tutorial Logging into the Grid (certificates) NorduGrid Tutorial, LCSC 2002 1 Grid Security Infrastructure The Grid uses public key security infrastructure PKI X.509 infrastructure every user, services, resources must posess a

286 views • 10 slides
Integrating container-based virtualization technologies into ARC-powered grid infrastructure

Integrating container-based virtualization technologies into ARC-powered grid infrastructure

Integrating container-based virtualization technologies into ARC-powered grid infrastructure Oleksandr Boretskyi, Oleksandr Bohomaz, Andrii Salnikov Taras Schevchenko National University of Kyiv e-mail: grid@grid.org.ua Koice 2016 Software

518 views • 15 slides
Discussion of Intergenerational Mobility in China by Yi Fan, Junjian Yi, and Junsen Zhang

Discussion of Intergenerational Mobility in China by Yi Fan, Junjian Yi, and Junsen Zhang

Discussion of Intergenerational Mobility in China by Yi Fan, Junjian Yi, and Junsen Zhang Steven N. Durlauf University of Wisconsin June 17, 2013 1 Overview T his is important research on an important topic. The paper does three things.

528 views • 19 slides
Free and Open Source Geospatial Software at the University of Applied Sciences University of

Free and Open Source Geospatial Software at the University of Applied Sciences University of

A field report on the Role of Free and Open Source Geospatial Software at the University of Applied Sciences University of Applied Sciences and Arts Northwestern Switzerland School of Architecture, Civil Engineering and Geomatics Institute of

486 views • 15 slides
Genomes and Complex Diseases 02-223 Personalized Medicine:

Genomes and Complex Diseases 02-223 Personalized Medicine:

Genomes and Complex Diseases 02-223 Personalized Medicine: Understanding Your Own Genome Fall 2014 Genome Polymorphisms A Human TCGAGGTATTAAC Genealogy The ancestral

561 views • 45 slides
A/E Selection Process A/E Selection Process from the Corps perspective from the Corps

A/E Selection Process A/E Selection Process from the Corps perspective from the Corps

A/E Selection Process A/E Selection Process from the Corps perspective from the Corps perspective Marilyn W. Lewis, P.E. Asst Chief, Engineering Division Louisville District US Army Corps of Engineers Louisville District US Army Corps of

449 views • 40 slides
Drivers of Mobility Patrizio Piraino 5 September 2019 Introduction Evidence of positive

Drivers of Mobility Patrizio Piraino 5 September 2019 Introduction Evidence of positive

Drivers of Mobility Patrizio Piraino 5 September 2019 Introduction Evidence of positive correlations in SES across generations for every society for which we have data and for different markers of status literature offers a number of

348 views • 19 slides
Experience Report: Smuggling a Little Bit of Coq Inside a CAD Development Context Dimitur Krustev

Experience Report: Smuggling a Little Bit of Coq Inside a CAD Development Context Dimitur Krustev

Experience Report: Smuggling a Little Bit of Coq Inside a CAD Development Context Dimitur Krustev IGE+XAO Balkan 6 July 2020 / Coq Workshop 2020 Dimitur Krustev (IGE+XAO Balkan) Smuggling a Little Bit of Coq Coq Workshop 2020 1 / 13 Outline

427 views • 16 slides
Space and Naval Warfare Systems Center Atlantic Project Procurement Strategy Overview SSC

Space and Naval Warfare Systems Center Atlantic Project Procurement Strategy Overview SSC

Space and Naval Warfare Systems Center Atlantic Project Procurement Strategy Overview SSC Atlantic Small Business Outreach Mr. Pete Vandemeulebroecke 6.0 Program Management Tidewater Association of Service Competency Lead Contractors (TASC)

236 views • 8 slides
Bronchiectasis: How Bad Is It? Gregory Tino, M.D. Chief, Department of Medicine Penn

Bronchiectasis: How Bad Is It? Gregory Tino, M.D. Chief, Department of Medicine Penn

Bronchiectasis: How Bad Is It? Gregory Tino, M.D. Chief, Department of Medicine Penn Presbyterian Medical Center Associate Professor of Medicine Perelman School of Medicine at the University of Pennsylvania Philadelphia, PA Disclosures

776 views • 40 slides

More recommend