macaroons and dcache or delegating in a cloudy world
play

Macaroons and dCache or delegating in a cloudy world Patrick - PowerPoint PPT Presentation

Nov 23, 2023 •303 likes •432 views

Macaroons and dCache or delegating in a cloudy world Patrick Fuhrmann Paul Millar Paul Millar On behave of the project team Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 1 Macaroons and dCache | Taipei |

  1. Macaroons and dCache … or delegating in a cloudy world Patrick Fuhrmann Paul Millar Paul Millar On behave of the project team Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 1

  2. Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 2

  3. AAI … but Thi t lk i This talk is about the second 'A': Authorisation . b t th d 'A' A th i ti Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 3

  4. Quick recap: which is which? Credential Authorization Authentication Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 4

  5. Authorisation without authentication? How ? How ? Photo by Alan Cleaver (CC-BY) Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 5

  6. Photon Science portal use ‐ case U Users U User Web DB Authentication LOGIN Brouser dCache Request Download Request Download http WebDAV WebDAV P Portal t l Redirect R di t Request Download q Storage Pool Stream Data Stream Data Stream Data USER Community Specific Service Stack Data Service Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 6

  7. Desired: client downloads directly Users U U User Web DB Authentication LOGIN Brouser Request Download dCache Portal Redirect http p Request Download (How to authorize this request ?) q ( q ) WebDAV Redirect Request Download Storage Pool Stream Data USER Community Specific Service Stack Data Service Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 7

  8. Desired: client downloads directly U Users U User Web DB Authentication LOGIN Brouser dCache Request Download Portal Request Token Supply Token T T Redirect http WebDAV T T Request Download q Redirect Request Download Storage Pool Stream Data USER Community Specific Service Stack Data Service Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 8

  9. What are bearer tokens? Bearer token is something the user presents with a request so the server will authorise it There's no interaction between the server will authorise it. There s no interaction between client and server. Examples of bearer tokens: Examples of bearer tokens: • HTTP BASIC authn, anything stored as a cookies. Counter ‐ examples: Counter ‐ examples: • X.509 credential, • SAML • SAML, • Kerberos. Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 9

  10. Bearer tokens for download authz • Redirection should work without JavaScript , • Simple: embed token in redirection URL. http://webdav.example.org/path/to/file?authz=<TOKEN> htt // bd l / th/t /fil ? th <TOKEN> (There are nicer ways of embedding the token, but the URL is the only thing we can control) • Complete token always sent with the request • Complete token always sent with the request. • What can we do to stop someone stealing this token? • … or make the token useless if they steal it. … or make the token useless if they steal it. Macaroons and dCache | Taipei | Patrick Fuhrmann, Paul Millar | 15 March 2016 | 10

  11. Introducing Macaroons

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Whats new since 2016 Tigran Mkrtchyan for dCache Team dCache User Workshop, Ume, Sweden

Whats new since 2016 Tigran Mkrtchyan for dCache Team dCache User Workshop, Ume, Sweden

Whats new since 2016 Tigran Mkrtchyan for dCache Team dCache User Workshop, Ume, Sweden What will be NOT covered with talks Changes in REST API New functionality in dCache-view CEPH HA-dCache Macaroons and OpenID-connect

267 views • 25 slides
dCache dCache seminar at FERMIlab dCache.ORG Patrick Fuhrmann et al. dCache.ORG and slides

dCache dCache seminar at FERMIlab dCache.ORG Patrick Fuhrmann et al. dCache.ORG and slides

dCache dCache seminar at FERMIlab dCache.ORG Patrick Fuhrmann et al. dCache.ORG and slides stolen from nearly everywhere additional funding, support or contributions by d-grid DGI II P. Fuhrmann Sep 26, 2008 dCache seminar, FERMIlab

375 views • 34 slides
dCache Beginners Course Introducing dCache An overview to dCache and how it is deployed in grid

dCache Beginners Course Introducing dCache An overview to dCache and how it is deployed in grid

dCache Beginners Course Introducing dCache An overview to dCache and how it is deployed in grid environments. Karlsruhe Institute of Technology (KIT), Steinbuchcentre for Computing (SCC) KIT University of the State of Baden-Wuerttemberg and

297 views • 12 slides
The Tivoli Storage Manager in the Large Hardron Patrick Collider Grid world Fuhrmann for the

The Tivoli Storage Manager in the Large Hardron Patrick Collider Grid world Fuhrmann for the

dCache.ORG dCache.ORG The Tivoli Storage Manager in the Large Hardron Patrick Collider Grid world Fuhrmann for the dCache people TSM Symposium, Oxford Sep 27, 2005 Patrick Fuhrmann dCache.ORG dCache.ORG LCG Tier Center Mechanism Tier

573 views • 20 slides
dCache in Use at DESY dCache in Use DESY DV/IT 5.7.2010 Overview grid gridFTP, (gsi)dcap,

dCache in Use at DESY dCache in Use DESY DV/IT 5.7.2010 Overview grid gridFTP, (gsi)dcap,

Andreas Haupt, Birgit Lewendel dCache in Use at DESY dCache in Use DESY DV/IT 5.7.2010 Overview grid gridFTP, (gsi)dcap, SRM dcache-se-desy dcache-se-cms dcache-se-atlas lcg-se1 lcg-se0 Calice, CFEL, GKSS, ILC, Olympus, Petra3,

417 views • 7 slides
dCache for Photon Science Outline: Overview and Resources Photon dCache Monitoring Birgit

dCache for Photon Science Outline: Overview and Resources Photon dCache Monitoring Birgit

dCache for Photon Science Outline: Overview and Resources Photon dCache Monitoring Birgit Lewendel for the dCache operations team Summary DESY IT 6th dCache Workshop dCache at DESY DESY National Analysis Facility Zeuthen 0.7 PB CTA

100 views • 7 slides
dCache NFSv4.1 Tigran Mkrtchyan Zeuthen, 13.04.12 dCache NFSv4.1 | Tigran Mkrtchyan | 4/13/12 |

dCache NFSv4.1 Tigran Mkrtchyan Zeuthen, 13.04.12 dCache NFSv4.1 | Tigran Mkrtchyan | 4/13/12 |

dCache NFSv4.1 Tigran Mkrtchyan Zeuthen, 13.04.12 dCache NFSv4.1 | Tigran Mkrtchyan | 4/13/12 | Page 1 Outline NFSv41 basics NFSv4.1 concepts PNFS Id mapping Industry standard dCache implementation dCache NFSv4.1 |

1.14k views • 46 slides
dCache - delegated storage solutions Tigran Mkrtchyan for dCache Team ISGC 2016, Taiwan dCache

dCache - delegated storage solutions Tigran Mkrtchyan for dCache Team ISGC 2016, Taiwan dCache

dCache - delegated storage solutions Tigran Mkrtchyan for dCache Team ISGC 2016, Taiwan dCache on one slide JVM JVM JVM Message passing layer Door(s) Pool Manager Name Space Pools (clients entry point) Door Pools (requests scheduler)

254 views • 21 slides
CMS Subgroups in dCache 2.2 CMS T3 requirements for dCache We manage a CMS T3 cluster financed

CMS Subgroups in dCache 2.2 CMS T3 requirements for dCache We manage a CMS T3 cluster financed

CMS Subgroups in dCache 2.2 CMS T3 requirements for dCache We manage a CMS T3 cluster financed by 3 Swiss Institutes: PSI , UniZ , ETHZ ; during 2013 we will run 700TB net based on 2*NetApp E5400 + 4*Sun X4500 + 5*Sun X4540 ; Our user

210 views • 10 slides
Effjcient Message Serialization for Inter-Service Communication in dCache Evaluating a Replacement

Effjcient Message Serialization for Inter-Service Communication in dCache Evaluating a Replacement

Effjcient Message Serialization for Inter-Service Communication in dCache Evaluating a Replacement for Java Serialization in dCache Lea Morschel for dCache Team, November 7 2019 About dCache A distributed petabyte-scale storage system for

713 views • 42 slides
dCache: Powerful Storage Made Easy Paul l Milla illar (on behalf of the dCache.org team)

dCache: Powerful Storage Made Easy Paul l Milla illar (on behalf of the dCache.org team)

dCache: Powerful Storage Made Easy Paul l Milla illar (on behalf of the dCache.org team) dCache dCache is powerful storage system, providing what people need, now. We're also pushing the envelope of what storage systems can do.

1.04k views • 25 slides
dCache dCache in the in the NDGF Distributed Tier 1 NDGF Distributed Tier 1 Gerd Behrmann

dCache dCache in the in the NDGF Distributed Tier 1 NDGF Distributed Tier 1 Gerd Behrmann

dCache dCache in the in the NDGF Distributed Tier 1 NDGF Distributed Tier 1 Gerd Behrmann Second dCache Workshop Hamburg, 18 th of January 2007 NORDUnet A/S NORDUnet A/S The Nordic Regional Research and Educational Network (RREN)

520 views • 18 slides
dCache, selected topics (LCG MB) Patrick Fuhrmann dCache.ORG additional funding, support or

dCache, selected topics (LCG MB) Patrick Fuhrmann dCache.ORG additional funding, support or

dCache.ORG dCache, selected topics (LCG MB) Patrick Fuhrmann dCache.ORG additional funding, support or contributions by d-grid DGI II Phone Meeting 4.8.2009 LCG MB Patrick Fuhrmann Content Chimera and the Pnfs to Chimera Migration

176 views • 15 slides
Functional Encryptions and Cloudy Applications Function on a Cloudy Day Giuseppe Persiano

Functional Encryptions and Cloudy Applications Function on a Cloudy Day Giuseppe Persiano

Functional Encryptions and Cloudy Applications Function on a Cloudy Day Giuseppe Persiano Dipartimento di Informatica Universit` a di Salerno giuper@dia.unisa.it Crypto for 2020 January, 23 2013 Tenerife, Spain Giuseppe Persiano (UNISA)

1.35k views • 95 slides
Integra(on of Billing (Accoun(ng) Plots ( dCache 2.1+) Albert L.

Integra(on of Billing (Accoun(ng) Plots ( dCache 2.1+) Albert L.

Integra(on of Billing (Accoun(ng) Plots ( dCache 2.1+) Albert L. Rossi Fermi Na(onal Accelerator Laboratory Accoun(ng ( dCache Book , Chpt. 24) For dCache

401 views • 10 slides
ASL Cloudy RTA L. Strow Cloudy Radiative Transfer for AIRS Overview RTA Codes Comparisons to

ASL Cloudy RTA L. Strow Cloudy Radiative Transfer for AIRS Overview RTA Codes Comparisons to

ASL Cloudy RTA L. Strow Cloudy Radiative Transfer for AIRS Overview RTA Codes Comparisons to CM2 (GFDL) and ECMWF Closure with L2 Clouds ECMWF Comparisons L. Larrabee Strow 1 , Sergio DeSouza-Machado 1 , H. H. Cirrus Aumann 2 , Yi Huang 3

528 views • 36 slides
EECS 394 Software Development Chris Riesbeck Developing Mobile/Web Apps 1 Wednesday, October

EECS 394 Software Development Chris Riesbeck Developing Mobile/Web Apps 1 Wednesday, October

EECS 394 Software Development Chris Riesbeck Developing Mobile/Web Apps 1 Wednesday, October 24, 2012 Mobile Choices 2 Wednesday, October 24, 2012 Native Apps Native app access to all phone features best look and feel and performance

1.12k views • 38 slides
Making Drupal Friendly for Editors and Clients BADCamp

Making Drupal Friendly for Editors and Clients BADCamp

Making Drupal Friendly for Editors and Clients BADCamp October 5, 2019 Jim.Vomero@FourKitchens.com @nJim Four Kitchens builds websites and apps for organizations that depend on

933 views • 51 slides
WarningBird: Detecting Suspicious URLs in Twitter Stream NDSS 2012 Sangho Lee and Jong Kim

WarningBird: Detecting Suspicious URLs in Twitter Stream NDSS 2012 Sangho Lee and Jong Kim

WarningBird: Detecting Suspicious URLs in Twitter Stream NDSS 2012 Sangho Lee and Jong Kim POSTECH, Korea February 8, 2012 Suspicious URLs in Twitter Twitter suffers from malicious tweets. Containing URLs for spam, phishing,

332 views • 21 slides
draft-fieau-https-delivery-delegation Frdric Fieau - Orange Iuniana Oprescu - Orange IETF 93

draft-fieau-https-delivery-delegation Frdric Fieau - Orange Iuniana Oprescu - Orange IETF 93

draft-fieau-https-delivery-delegation Frdric Fieau - Orange Iuniana Oprescu - Orange IETF 93 Prague 2015 Rationale Delegation of content delivery occurs both in the clear HTTP and encrypted HTTPS in interconnection Several methods

622 views • 9 slides
Session 22 Intra Server Control 1 Lecture Objectives Understand the differences between a

Session 22 Intra Server Control 1 Lecture Objectives Understand the differences between a

Session 22 Intra-server Control Session 22 Intra Server Control 1 Lecture Objectives Understand the differences between a server side forward and a redirect Understand the differences between an include and a forward and when

308 views • 6 slides
Ads networks are following you, follow them back (The web is even worse than you thought) Quinn

Ads networks are following you, follow them back (The web is even worse than you thought) Quinn

Ads networks are following you, follow them back (The web is even worse than you thought) Quinn Norton - @quinnnorton Rapha el Vinot - @rafi0t https://www.circl.lu 2018-03-15 Who are we Quinn Norton Rapha el Vinot Freelance

532 views • 26 slides
Statically Inferring Performance Properties of Software Configurations Chi Li , Shu Wang, Henry

Statically Inferring Performance Properties of Software Configurations Chi Li , Shu Wang, Henry

Statically Inferring Performance Properties of Software Configurations Chi Li , Shu Wang, Henry Hoffmann, Shan Lu Configurations Explosion Tianyin Xu, Long Jin, Xuepeng Fan, Yuanyuan Zhou, Shankar Pasupathy, and Rukma Talwadker . Hey, You Have

891 views • 37 slides
Data Scientists in Software Teams: State of Art and Challenges [IEEE Transactions on Software

Data Scientists in Software Teams: State of Art and Challenges [IEEE Transactions on Software

Data Scientists in Software Teams: State of Art and Challenges [IEEE Transactions on Software Engineering, ICSE 2018 Journal First] Miryung Kim University of California, Los Angeles Thomas Zimmermann, Rob DeLine, and Andrew Begel Microsoft

247 views • 23 slides

More recommend