Recent Activities on I nternational Grid Trust Federation Yoshio - - PowerPoint PPT Presentation

recent activities on i nternational grid trust federation
SMART_READER_LITE
LIVE PREVIEW

Recent Activities on I nternational Grid Trust Federation Yoshio - - PowerPoint PPT Presentation

Oct 14, 2023 35 likes •261 views

Recent Activities on I nternational Grid Trust Federation Yoshio Tanaka (yoshio. tanaka@aist. go. jp yoshio. tanaka@aist. go. jp) ) Yoshio Tanaka ( APGrid PMA, Chair PMA, Chair APGrid Grid Technology Research Center, Grid Technology

slide-1
SLIDE 1

National Institute of Advanced Industrial Science and Technology

Recent Activities on I nternational Grid Trust Federation

Yoshio Tanaka ( Yoshio Tanaka (yoshio. tanaka@aist. go. jp

  • yoshio. tanaka@aist. go. jp)

) APGrid APGrid PMA, Chair PMA, Chair Grid Technology Research Center, Grid Technology Research Center, AI ST, AI ST, Japan Japan

slide-2
SLIDE 2

Cont ent s

I ntroduction of Grid I ntroduction of Grid Grid Security Grid Security St at us and problems How to implement trust f ederation How to implement trust f ederation Policy Management Aut horit y I nt ernat ional Grid Trust Federat ion Summary Summary

slide-3
SLIDE 3

What is Grid?

Flexible, secure, coordinated resource sharing among dynamic Flexible, secure, coordinated resource sharing among dynamic collections of individuals, institutions, and resources collections of individuals, institutions, and resources resources include not only comput ers but various kinds of resources such as dat abases, net works, sensors, et c.

Sensor Net Storage Com puter Softw are Experts Visualization Broadband Network

User User User Secure

Coordinated Secure

slide-4
SLIDE 4

What Grid makes it possible?

Online Access to Remote I nstruments Online Access to Remote I nstruments Petabyte Petabyte-

  • scale Data Analysis

scale Data Analysis

Detector for ALICE experiment Detector for LHCb experiment

slide-5
SLIDE 5

What Grid makes it possible? (cont ’d)

Large Large-

  • scale Distributed Computing

scale Distributed Computing Large Large-

  • scale

scale Metacomputing Metacomputing

slide-6
SLIDE 6

What Grid makes it possible? (cont ’d)

High Throughput Computing High Throughput Computing I ntegration of Human Resources I ntegration of Human Resources

slide-7
SLIDE 7

The Grid: A Brief Hist ory

Early 90s Early 90s Gigabit t est beds, met acomput ing Mid to late 90s Mid to late 90s Early experiment s, academic sof t ware proj ect s, applicat ion experiment s Now Now Dozens of applicat ion communit ies & proj ect s in scient if ic and t echnical comput ing Maj or inf rast ruct ure deployment s De f act o st andard t echnology: Globus Toolkit TM Growing indust rial int erest Global Grid Forum: ~1000 people, 30+ count ries Status Status

Grid is going t o be a product ion phase

High-speed net work + High-perf ormance comput ers Grid middleware become mat ure

slide-8
SLIDE 8

Large-scale QM/ MD simulat ion on AI ST-TeraGrid @ SC2004

P32 (512 CPU) TCS (512 CPU) @ PSC P32 (512 CPU)

MD Simulation QM simulation based on DFT

F32 (256 CPU)

Run the simulation for more than 10 hours on 1793 cpus on AIST Super Cluster and TeraGrid

slide-9
SLIDE 9

Grid Securit y

GSI is based on X. 509 certif icates and PKI . GSI is based on X. 509 certif icates and PKI . Most organizat ions are launching t heir own Cert if icat e Aut horit ies (CA) f or issuing end-ent it y cert if icat es f or users, host s, services. Proxy Cert if icat es (RFC3820) f or single sign on and delegat ion A Virtual Organization (VO) is implemented by f ederations of A Virtual Organization (VO) is implemented by f ederations of multiple security domains. multiple security domains.

slide-10
SLIDE 10

Grid Securit y (cont ’d)

The most popular multi The most popular multi-

  • domain PKI architecture

domain PKI architecture (in Grid) is cross (in Grid) is cross-

  • recognition

recognition I ndependent CAs would somehow be licensed or audit ed by a mut ually recognized t rust ed aut horit y. e.g.

AI ST t rust s KI STI CA

  • perat ed by KI STI ,

Korea. KI STI t rust s AI ST GRI D CA operat ed by AI ST.

CA CA globus CA CA globus CA CA globus CA CA globus CA CA globus CA CA globus CA CA globus CA CA globus CA CA globus

slide-11
SLIDE 11

Architecture, technology Architecture, technology

Based on GT2 Based on GT2

Allow multiple Allow multiple CAs CAs Build MDS Tree Build MDS Tree

Grid middleware/tools from Asia Pacific Grid middleware/tools from Asia Pacific

Ninf Ninf-

  • G (

G (GridRPC GridRPC programming) programming) Nimrod Nimrod-

  • G (parametric modeling system

G (parametric modeling system) SCMSWeb (resource monitoring) Grid Data Farm (Grid File System), etc.

Status Status

22 organizations (10 countries) 23 clusters (1688 CPUs)

Grids in Asia Pacific Grids in Asia Pacific

slide-12
SLIDE 12

Problems

Problems of authentication f ederations Problems of authentication f ederations All CAs should keep t he same level of

  • perat ion.

How t he CA is securely operat ed?

Use HSM? Dedicat ed CA room?

All CAs should have no conf lict in policy

How t he CA ident if ies end ent it ies?

Use f ace-t o-f ace meet ing? Telephone? et c.

Policy Management Authority (PMA) is a Policy Management Authority (PMA) is a coordination body of CA policies and coordination body of CA policies and

  • perations.
  • perations.
slide-13
SLIDE 13

APGrid PMA: Asia Pacif ic Grid PMA

General Policy Management Authority in Asia Pacif ic General Policy Management Authority in Asia Pacif ic Not specif ic f or ApGrid, Not specif ic f or PRAGMA… Launched on June 1 Launched on June 1st

st, 2004

, 2004 Def ines minimum CA requirements Def ines minimum CA requirements APGrid APGrid PMA approved that we accept two levels of PMA approved that we accept two levels of CA: CA: Experiment al-level CA

Alt ernat ive of t he Globus CA Can be t rust ed wit hin A-P communit ies

Product ion-level CA

St rict management is necessary Expect ed t o be t rust ed by int ernat ional communit ies

slide-14
SLIDE 14

APGridPMA: St at us (Members and CAs)

Af f iliation Name Production CA Experimental CA AI ST / J apan Yoshio Tanaka in operat ion will close ASCC / Taiwan Eric Yen in operat ion none KI STI / Korea J ae-Hyuck Kwak in operat ion in operat ion CAS / China Kai Nan in operat ion in operat ion I HEP / China Gonxing Sun in operat ion none VPAC/ Aust ralia Damon Smit h planning in operat ion NAREGI / J apan Shinj i Shimoj o Planning in operat ion NCHC / Taiwan J ulian Yu-Chung Chen planning in operat ion Osaka U / J apan Susumu Dat e planning in operat ion SDSC / USA Mason Kat z no plan planning HKU / HongKong Chen Lin, Elaine no plan in operat ion U of Hyd / I ndia Arun Agarwal no plan in operat ion USM / Malaysia Boon Yaik no plan in operat ion BI I / Singapore Kishore Sakharkar no plan in operat ion

slide-15
SLIDE 15

APGridPMA: St at us

7 ex of f icio members, 7 general members 7 ex of f icio members, 7 general members Regular (monthly) VTC. Regular (monthly) VTC. (physical) f ace (physical) f ace-

  • to

to-

  • f ace meeting once per year.

f ace meeting once per year. We have started mutual audit We have started mutual audit NAREGI PKI WG has subj ect ively select ed crit eria f or audit ing Grid CAs.

based on

AI CPA/ CI CA WebTrust SM/ TM Program f or Cert if icat ion Aut horit y minimum CA requirement s of APGrid PMA and EUGrid PMA

AI ST CA has audit ed Academia Sinica CA (Taiwan) All APGrid PMA Product ion-level CAs will be audit ed by ext ernal audit ors in a year. Audit checklist and experiences will be document ed at t he GGF CAOPs WG.

slide-16
SLIDE 16

St at us of PMAs

Currently, there are three regional Currently, there are three regional PMAs PMAs EUGrid PMA (est ablished May 2004)

Former: EUDG WP6 CA Coordinat ion Group (st art ed in 2002)

TAG PMA (going t o be est ablished)

Former: DOEGrid PMA (st art ed in 2002)

APGrid PMA (est ablished J une 2004)

Unof f icially st art ed in 2003

Each regional PMA is responsible f or Each regional PMA is responsible f or coordinat ion of CA policy wit hin t he region coordinat ion of CA policy wit h t he ot her regional PMAs Three Three PMAs PMAs are the f ounders of the I nternational are the f ounders of the I nternational Grid Trust Federation (I GTF) Grid Trust Federation (I GTF)

slide-17
SLIDE 17

Role of PMAs (examples)

Can EGEE trust your CA? Can EGEE trust your CA? How is t he procedure f or reviewing/ accredit ing your CA? Does your CA need t o be reviewed by individual organizat ions in EGEE? I f t he ot her CA in Asia wish t o be t rust ed by EGEE, is separat e review necessary? APGridPMA will accredit your CA. EGEE does not need t o review/ accredit your CA. Can your organization trust Can your organization trust CAs CAs in EGEE? in EGEE? How is t he procedure f or reviewing? Do you need t o review all CAs in EGEE? EUGridPMA will accredit CAs. Bot h you and APGridPMA do not need t o review/ accredit CAs in EGEE. I f you will launch a new CA that is expected to be trusted by I f you will launch a new CA that is expected to be trusted by

  • rganizations in EGEE, how should you design policy and
  • rganizations in EGEE, how should you design policy and

practices of your CA? practices of your CA? APGrid PMA provides minimum CA requirement s.

slide-18
SLIDE 18

Hist ory of I GTF act ivit ies

GGF7@Tokyo, March 2003 GGF7@Tokyo, March 2003 First meet ing wit h EU, DOE, and AP members Agreed wit h working on f orming t he Grid PMA.

develop minimum requirement s develop GridPMA chart er

Continuous discussions between AP, EU, and TAG Continuous discussions between AP, EU, and TAG PMA f or I nternational Grid Trust Federation. PMA f or I nternational Grid Trust Federation. GGF12 and EUGrid PMA meet ing@Brussels, Sept ember 2004 GGF13@Seoul, March 2005 EUGridPMA meet ing@Tallinn, May 2005 GGF14@Chicago, J une 2005 GGF15@Bost on, Oct . 2005

slide-19
SLIDE 19

St at us and next st ep of I GTF

Charter has been draf ted by David Charter has been draf ted by David Groep Groep (NI KEF, (NI KEF, EUGrid EUGrid PMA Chair) and it is being PMA Chair) and it is being reviewed by three reviewed by three PMAs PMAs. . Start date (Dates TBD) Start date (Dates TBD)

Set up PMA@GridPMA.org Reposit ory – ESnet Mailing list s - ESnet

First work it em

Coordinat ion of policies

Next

How t o share CA inf ormat ion (CA cert if icat es, et c.)

slide-20
SLIDE 20

Some of (operat ional) issues t o be resolved

How can we implement international Grid How can we implement international Grid f ederation? f ederation? Should I nternational Grid PMA def ine Should I nternational Grid PMA def ine minimum CA requirements? minimum CA requirements? Should a Grid PMA audit each other Should a Grid PMA audit each other’ ’s PMA? s PMA? How is t he cont ent s of audit ing? I f minimum CA requirements will be changed, I f minimum CA requirements will be changed, that should be propagated to other that should be propagated to other PMAs PMAs. . I f a CA key is compromised, how revocation I f a CA key is compromised, how revocation inf ormation should be propagated to relaying inf ormation should be propagated to relaying parties? parties? … …

slide-21
SLIDE 21

CA CA CA CA CA CA CA CA CA CA

EUGrid PMA

CA CA CA CA CA CA CA CA

APGrid PMA

CA CA

TAG PMA

CA CA CA CA CA CA CA CA CA CA

Summary Summary

APGridPMA is a coordinat ion body of

CA policies in Asia Pacif ic.

APGridPMA is collaborat ing wit h

EUGrid PMA and TAGPMA f or I nt ernat ional Grid Trust Federat ion.

slide-22
SLIDE 22

More I nf ormat ion

APGrid APGrid PMA PMA ht t p:/ / www.apgridpma.org/ EUGrid EUGrid PMA PMA ht t p:/ / www.eugridpma.org/ TAGPMA TAGPMA ht t p:/ / www.t agpma.org/ GridPMA GridPMA ht t p:/ / www.gridpma.org/ ApGrid ApGrid ht t p:/ / www.apgrid.org/ PRAGMA PRAGMA ht t p:/ / www.pragma-grid.net / GTRC/ AI ST GTRC/ AI ST ht t p:/ / www.gt rc.aist .go.j p/ My email address My email address yoshio.t anaka@aist .go.j p