Securi ty M echani sm s The European DataGri d Proj ect - - PowerPoint PPT Presentation

securi ty m echani sm s
SMART_READER_LITE
LIVE PREVIEW

Securi ty M echani sm s The European DataGri d Proj ect - - PowerPoint PPT Presentation

Jan 15, 2023 25 likes •155 views

Securi ty M echani sm s The European DataGri d Proj ect Team http: //www. eu-datagri d. org O vervi ew User si de Getti ng a certi fi cate Becom i ng a m em ber of the VO Server si de Authenti

slide-1
SLIDE 1

Securi ty M echani sm s

The European DataGri d Proj ect Team http: //www. eu-datagri d.

  • rg
slide-2
SLIDE 2

Securi ty Tutori al

2

O vervi ew

User

si de

Getti

ng a certi fi cate

Becom i

ng a m em ber

  • f

the VO

Server

si de

Authenti

cati

  • n /

CA

Authori

zati

  • n /

VO

( wi th som e exam pl es)

slide-3
SLIDE 3

Securi ty Tutori al

3

Authenti cati

  • n
  • Authenti

cati

  • n

( CA W orki ng Group)

  • Pol

i ci es & Procedures m utual trust

  • Currentl

y the EDG CA group has approved

  • 15 EDG CAs
  • 5

CrossGri d CAs

  • France-

CN RS acted as catchal l CA to accept si tes not covered by accepted CAs

  • Users

i denti fi ed by thei r personal certi fi cate

Greece Pol and Cyprus Sl

  • vaki

a CrossGri d Certi fi cati

  • n

Authori ti es Czech Republ i c CrossGri d CAs US –DO E Uni ted Ki ngdom Spai n Russi a Portugal N ordi c Countri es N etherl ands Irel and Germ any France CN RS Canada CERN DataGri d Certi fi cati

  • n

Authori ti es

slide-4
SLIDE 4

Securi ty Tutori al

4

Authori zati

  • n

Authori

zati

  • n

( Authori zati

  • n

W orki ng Group)

Based

  • n

Vi rtual O rgani zati

  • ns

( VO )

Authori

zati

  • ns

by experi m ent

12

+ 1 Vi rtual O rgani zati

  • ns

Each

VO has hi s

  • wn

m anager

Gui del i nes ALICE M EDICAL IM AGIN G GEN O M IC EARTH O B D0 BABAR CM S LH Cb ATLAS TSTG ITEAM W P6 DataGri d Vi rtual O rgani zati

  • ns
slide-5
SLIDE 5

Securi ty Tutori al

5

Authenti cati

  • n

O vervi ew

M ethod to

request certi fi cate dependi ng

  • f

the CA

A

certi fi cate i s val i d 1 year

W eb

request

France

CN RS

Irel

and

Ital

y

N etherl

ands

Uni

ted Ki ngdom

US

DO E

Gri

d- cert- request

Canada CERN Germ any N ordi

c Countri es

Portugal Russi

a

Spai

n

O penssl

request

Czech

Republ i c

slide-6
SLIDE 6

Securi ty Tutori al

6

CN RS Personal Certi fi cate Request

http:

//i gc. servi ces. cnrs. fr/Datagri d- fr/

See

dem o

slide-7
SLIDE 7

Securi ty Tutori al

7

Certi fi cate Converti

  • n

Convert

your certi fi cate from PKCS1 2 form at i n PEM form at

/opt/edg/bi

n/pkcs12- extract O r

  • penssl

pkcs12 - nocerts \

  • in cert.p12 \
  • out ~user/.globus/userkey.pem
  • penssl

pkcs12 - cl certs - nokeys \

  • in cert.p12 \
  • out ~user/.globus/usercert.pem
slide-8
SLIDE 8

Securi ty Tutori al

8

Authori zati

  • n

User regi strati

  • n

i n an EDG Vi rtual O rgani sati

  • n

Si

gn the usage gui del i nes: https: //m ari anne. i n2p3. fr/cgi

  • bi

n/datagri d/regi ster/account. pl

In

case

  • f

probl em , contact your VO M anager

  • >

You are regi stered i n the VO server and have a user account.

slide-9
SLIDE 9

Securi ty Tutori al

9

Usage

You m ust have a val i d certi fi cate from a trusted CA!

l

  • gi

n” : gri d-proxy-i ni t short l i feti m e certi fi cate: 24 hours

Enter PEM pass phrase: ...........................+++++ ....................................+++++

checki

ng the proxy: gri d-proxy-i nfo

  • subj

ect

/O=Grid/O=CERN/OU=cern.ch/CN=Akos Frohner/CN=proxy

l

  • gout”

: gri d-proxy-destroy

  • >

use the gri d servi ces

slide-10
SLIDE 10

Securi ty Tutori al

1

CN RS H ost Certi fi cate Request

http:

//i gc. servi ces. cnrs. fr/Datagri d- fr/

See

dem o

You

recei ve by crypted and si gned em ai l the host certi fi cate

slide-11
SLIDE 11

Securi ty Tutori al

1 1

Confi gurati

  • n
  • n

the Server

Al

l RPM s are here:

http:

//datagri d. i n2p3. fr/autobui l d/rh6. 2/rpm l i st/

Certi

fi cate and CRL URLs of the CAs: Authenti cati

  • n

http:

//datagri d. i n2p3. fr/autobui l d/rh6. 2/rpm l i st/CE- ca- v1_4_3. htm l

Creati

  • n
  • f

the gri dm apfi l e: Authori zati

  • n

http:

//datagri d. i n2p3. fr/di stri buti

  • n/datagri

d/wp6/RPM S/edg- m kgri dm ap- 1. 0. 9- 2. i 386. rpm

Scri

pts to update gri dm apfi l e and CRLs: Authenti cati

  • n/Authori

zati

  • n

http:

//datagri d. i n2p3. fr/di stri buti

  • n/datagri

d/wp6/RPM S/edg- uti l s- system - 1. 3. 2- 1. noarch. rpm

slide-12
SLIDE 12

Securi ty Tutori al

1 2

Sum m ary

Authenti

fi cati

  • n

http:

//m ari anne. i n2p3. fr/datagri d/ca/ca- tabl e- ca. htm l

http:

//m ari anne. i n2p3. fr/datagri d/ca/ca- hel p. htm l

http:

//i gc. servi ces. cnrs. fr/Datagri d- fr/

Authori

zati

  • n

https:

//m ari anne. i n2p3. fr/cgi

  • bi

n/datagri d/regi ster/account. pl

http:

//m ari anne. i n2p3. fr/datagri d/vo/vo- tabl e. htm l

slide-13
SLIDE 13

Securi ty Tutori al

1 3

Further Inform ati

  • n

Gri d

EDG

CAs: http: //m ari anne. i n2p3. fr/datagri d/ca

Gl

  • bus

Securi ty: http: //www. gl

  • bus.
  • rg/securi

ty/

EDG

W P2: http: //gri d- data- m anagem ent. web. cern. ch/gri d- data- m anagem ent/securi ty/

EDG

D7. 5: http: //edm s. cern. ch/docum ent/340234 Background

GGF

Securi ty: http: //www. gri dforum .

  • rg/securi

ty/

GSS-

API: http: //www. faqs.

  • rg/faqs/kerberos-

faq/general /secti

  • n-

84. htm l

IETF

PKIX charter: http: //www. i etf.

  • rg/htm l

. charters/pki x- charter. htm l

PKCS:

http: //www. rsasecuri ty. com /rsal abs/pkcs/i ndex. htm l