My Proxy GW06

Information about My Proxy GW06

Published on June 18, 2007

Author: Techy_Guy

Source: authorstream.com

Content

MyProxy and the Globus Toolkit:  MyProxy and the Globus Toolkit Agenda: 10:00-10:30 MyProxy Introduction and Update (Jim Basney, NCSA) 10:30-10:45 MyProxy and NVO (Mike Freemon, NCSA) 10:45-11:00 MyProxy and FusionGrid (Mary Thompson, LBL) 11:00-11:15 MyProxy and EGEE (Ludek Matyska, CESNET) 11:15-11:30 Panel Discussion See http://myproxy.ncsa.uiuc.edu/talks.html for slides. http://myproxy.ncsa.uiuc.edu/ MyProxyIntroduction and Update:  MyProxy Introduction and Update Jim Basney Senior Research Scientist NCSA [email protected] What is MyProxy?:  What is MyProxy? An Online Certificate Authority Issues short-lived X.509 End Entity Certificates Avoid need for long-lived user keys An Online Credential Repository Issues short-lived X.509 Proxy Certificates Long-lived private keys never leave the server Supporting multiple authentication methods Passphrase, Certificate, PAM, SASL, Kerberos, Pubcookie, VOMS Open Source Software Included in Globus Toolkit, UGE, NMI, VDT, and CoG Kits C, Java, Python, and Perl clients available Contributions from EDG, UVA, LBL, and others MyProxy Logon:  MyProxy Logon Authenticate to retrieve PKI credentials End Entity or Proxy Certificate Trusted CA Certificates Certificate Revocation Lists (CRLs) MyProxy maintains the user’s PKI context Users don’t need to manage long-lived credentials Enables server-side monitoring and policy enforcement (ex. passphrase quality checks) CA certificates andamp; CRLs updated automatically at login MyProxy integrates with existing authentication systems Providing a gateway to grid authentication MyProxy Authentication:  MyProxy Authentication Key Passphrase X.509 Certificate Control credential storage, retrieval, and renewal Supports trusted authentication and renewal services Pluggable Authentication Modules (PAM) Kerberos password One Time Password (OTP) Lightweight Directory Access Protocol (LDAP) password Simple Authentication and Security Layer (SASL) Kerberos ticket (SASL GSSAPI) Pubcookie Web Single Sign-On Virtual Organization Membership Service (VOMS) Attribute-based access control MyProxy Deployment Options:  MyProxy Deployment Options Users already have PKI credentials MyProxy repository can help users manage the credentials by: Securing private keys in a professionally managed server Obtaining credentials when/where needed Using credentials with MyProxy-enabled applications Users have site logons but no PKI credentials MyProxy CA can provide the bridge Users need to register to obtain PKI credentials User registration portals provide a MyProxy interface Grid Account Management Architecture (GAMA) http://grid-devel.sdsc.edu/gama Portal-Based User Registration Service (PURSE) http://www.grids-center.org/solutions/purse MyProxy CA Configuration:  MyProxy CA Configuration Authentication options: PAM, SASL/Kerberos, SSL/TLS Username to certificate subject mapping Via 'gridmap' file, LDAP query, or call-out Certificate extension config file and call-out Maximum certificate lifetime policy Works well with Globus Simple CA MyProxy Repository Policies:  MyProxy Repository Policies Who can store credentials? Restrict to specific users or CAs Restrict to administrator only Who can retrieve credentials? Allow anyone with correct password Allow only trusted services / portals Maximum lifetime of retrieved credentials server-wide and per-credential MyProxy-enabled Applications:  MyProxy-enabled Applications CoG Kit APIs (www.cogkit.org) Grid portal toolkits GridSphere (www.gridsphere.org) GridPort (gridport.net) OGCE (www.collab-ogce.org) Authentication modules JAAS (myproxy.ncsa.uiuc.edu/jaas) Apache (myproxy.ncsa.uiuc.edu/apache) Pubcookie (myproxy.ncsa.uiuc.edu/pubcookie) MyProxy Documentation:  MyProxy Documentation MyProxy Support:  MyProxy Support MyProxy Protocols:  MyProxy Protocols Presenting the following scenarios: Obtain credentials via MyProxy CA Store credentials in MyProxy repository User Registration Portals Web Portal Authentication and Delegation Web Single Sign-On (SSO) Credential Renewal Password-based Delegation MyProxy CA with PAM:  gridmap CA key keypair MyProxy CA with PAM Client MyProxy Server password P A M Kerberos KDC RADIUS Server LDAP Server certificate request certificate TLS handshake MyProxy CA with Kerberos:  CA key gridmap keypair MyProxy CA with Kerberos Client MyProxy Server S A S L Kerberos KDC LDAP Server TLS handshake Grid Service X.509 DN lookup S A S L ticket SASL/GSSAPI/Kerberos certificate request certificate MyProxy Put:  keypair MyProxy Put Client MyProxy Server certificate private key certificate request proxy certificate chain username password policy private key cert chain TLS handshake MyProxy Get:  private key MyProxy Get Client MyProxy Server certificate request proxy certificate chain username password private key cert chain TLS handshake Grid Service X.509 cert chain User Registration Portal:  User Registration Portal Client MyProxy Server Grid Service Certificate Authority certificate private key certificate private key TLS handshake certificate request proxy certificate chain username password X.509 cert chain Registration Portal certificate private key TLS handshake username password User DB username Browser Password-based Portal Auth:  Password-based Portal Auth Browser Portal cert key Grid Service X.509 password username TLS handshake MyProxy X.509 cert key cert cert request password username Trusted Portal:  Trusted Portal Browser Portal User DB cert key Grid Service X.509 password username TLS handshake MyProxy X.509 cert key cert cert request username MyProxy and Web SSO:  MyProxy and Web SSO PURSE MyProxy Browser Portal A Portal B Pubcookie Login Server password password cert cookie cookie password password cookie cookie cert cert cookie Grid Service cookie X.509 X.509 Password-based Renewal:  Password-based Renewal MyProxy Condor-G GRAM Gatekeeper Client proxy job password password proxy job Job proxy password proxy proxy proxy proxy proxy proxy proxy proxy proxy Certificate-based Renewal:  Certificate-based Renewal MyProxy Condor-G GRAM Gatekeeper Client proxy job policy proxy job Job proxy X.509 proxy proxy proxy proxy proxy proxy proxy proxy proxy Workload Management Service Renewal Service key cert Password-based Delegation:  Password-based Delegation MyProxy Delegatee Delegator certificate private key passwordrandom username private key private key certificate certificate certificate certificate certificate username TLS handshake passwordrandom certificate certificate request certificate username passwordrandom TLS handshake certificate request certificate certificate certificate SSO for Browser and Application:  SSO for Browser and Application Portal MyProxy Server Browser Application Authenticate passwordrandom passwordrandom JWS cert cert Grid Service X.509 passwordrandom passwordrandom cert Conclusion:  Conclusion MyProxy provides a versatile solution for credential management on the grid Demonstrated use in many authentication, delegation, and single sign-on scenarios MyProxy provides practical authentication solutions Minimize changes to existing software and protocols Leverage community standards GSI, PAM, SASL, Kerberos, LDAP, Pubcookie Active MyProxy open source community New capabilities can be deployed incrementally We all benefit from each other’s work MyProxy and the Globus Toolkit:  MyProxy and the Globus Toolkit Agenda: 10:00-10:30 MyProxy Introduction and Update (Jim Basney, NCSA) 10:30-10:45 MyProxy and NVO (Mike Freemon, NCSA) 10:45-11:00 MyProxy and FusionGrid (Mary Thompson, LBL) 11:00-11:15 MyProxy and EGEE (Ludek Matyska, CESNET) 11:15-11:30 Panel Discussion See http://myproxy.ncsa.uiuc.edu/talks.html for slides. http://myproxy.ncsa.uiuc.edu/

Related presentations


Other presentations created by Techy_Guy

Character Analysis
04. 01. 2008
0 views

Character Analysis

Roosevelt and Latin America
22. 10. 2007
0 views

Roosevelt and Latin America

S10 Processor Performance
17. 09. 2007
0 views

S10 Processor Performance

Hawaiian Humpback Whale
17. 09. 2007
0 views

Hawaiian Humpback Whale

rainforest
02. 10. 2007
0 views

rainforest

Comvalid BGPsentinel
07. 10. 2007
0 views

Comvalid BGPsentinel

PETERPAN
10. 10. 2007
0 views

PETERPAN

across crocodile lake
11. 10. 2007
0 views

across crocodile lake

MLM basic info
12. 10. 2007
0 views

MLM basic info

VortragRichter
15. 10. 2007
0 views

VortragRichter

azerbaijan
15. 10. 2007
0 views

azerbaijan

ch02jjm
19. 10. 2007
0 views

ch02jjm

PRNAV Eurocontrol presentation
19. 10. 2007
0 views

PRNAV Eurocontrol presentation

Hakkarainen 091104
17. 09. 2007
0 views

Hakkarainen 091104

Extreme Ostrich2
17. 09. 2007
0 views

Extreme Ostrich2

Soy Protein in Baking
04. 10. 2007
0 views

Soy Protein in Baking

McMurrenTidbits
23. 10. 2007
0 views

McMurrenTidbits

Larijani stemcell ABA2007 Final
24. 10. 2007
0 views

Larijani stemcell ABA2007 Final

F Gauze
24. 10. 2007
0 views

F Gauze

TornadoSafetyAMS
07. 10. 2007
0 views

TornadoSafetyAMS

nii report
09. 10. 2007
0 views

nii report

NS102 3a S07 Fighting Sail
21. 10. 2007
0 views

NS102 3a S07 Fighting Sail

am0845 Khanna
16. 11. 2007
0 views

am0845 Khanna

culturechange
10. 12. 2007
0 views

culturechange

Jeopardy
29. 10. 2007
0 views

Jeopardy

masstheory
02. 11. 2007
0 views

masstheory

Finnish Chemicals information
21. 08. 2007
0 views

Finnish Chemicals information

zodiac
21. 08. 2007
0 views

zodiac

ICT Expo Presentation
21. 08. 2007
0 views

ICT Expo Presentation

words alive notes
21. 08. 2007
0 views

words alive notes

notes 13
21. 08. 2007
0 views

notes 13

200612011440150 ser mama
01. 10. 2007
0 views

200612011440150 ser mama

t5f2
07. 11. 2007
0 views

t5f2

PHYS 124 lt 2
13. 11. 2007
0 views

PHYS 124 lt 2

Localization days1 2
14. 11. 2007
0 views

Localization days1 2

Barlow
15. 11. 2007
0 views

Barlow

CEO breakfast Mar
16. 11. 2007
0 views

CEO breakfast Mar

SEVESO II 28 04 2003 d jansen
23. 11. 2007
0 views

SEVESO II 28 04 2003 d jansen

farawayplaces quiz
31. 10. 2007
0 views

farawayplaces quiz

lino hospitalstay 2005
28. 12. 2007
0 views

lino hospitalstay 2005

eno
05. 10. 2007
0 views

eno

Destinos Tradicionale
22. 10. 2007
0 views

Destinos Tradicionale

El Karib Hagmann 2001 HEKS ACORD
23. 10. 2007
0 views

El Karib Hagmann 2001 HEKS ACORD

Bioceramics
05. 01. 2008
0 views

Bioceramics

dennis
07. 01. 2008
0 views

dennis

DNR wetland benefits
07. 01. 2008
0 views

DNR wetland benefits

Norm Wright Presentation06
17. 09. 2007
0 views

Norm Wright Presentation06

Tudor Sports
21. 08. 2007
0 views

Tudor Sports

watson 2006
21. 08. 2007
0 views

watson 2006

IBM Presentation Roel Spee
24. 10. 2007
0 views

IBM Presentation Roel Spee

david simek
17. 09. 2007
0 views

david simek

75thWinter Silver
02. 08. 2007
0 views

75thWinter Silver

Revay Presentation
17. 09. 2007
0 views

Revay Presentation

week12 f03
17. 09. 2007
0 views

week12 f03

Ch12 ResolutionTheoremPro ving
17. 09. 2007
0 views

Ch12 ResolutionTheoremPro ving

INFOCOM99
05. 10. 2007
0 views

INFOCOM99

RoHS Presentation3 May
12. 10. 2007
0 views

RoHS Presentation3 May

Botany
07. 12. 2007
0 views

Botany

Week6February20 07
20. 02. 2008
0 views

Week6February20 07

Microcosmo Parte II
12. 10. 2007
0 views

Microcosmo Parte II

TSW
29. 02. 2008
0 views

TSW

HazMat Flow Study
26. 02. 2008
0 views

HazMat Flow Study

Vegetarian Nutrition 101
04. 03. 2008
0 views

Vegetarian Nutrition 101

White 10th Inter mountain
21. 08. 2007
0 views

White 10th Inter mountain

hondaimobil
02. 01. 2008
0 views

hondaimobil

Cfi
10. 03. 2008
0 views

Cfi

Timber Bridge Presentation
01. 01. 2008
0 views

Timber Bridge Presentation

carstenschymik
29. 12. 2007
0 views

carstenschymik

Ch 22 WB
07. 04. 2008
0 views

Ch 22 WB

Macroclean
10. 04. 2008
0 views

Macroclean

agingandwork
13. 04. 2008
0 views

agingandwork

nyBrazeau
14. 04. 2008
0 views

nyBrazeau

presentation total
16. 04. 2008
0 views

presentation total

3 Tufano2002
17. 04. 2008
0 views

3 Tufano2002

Chapter 18
18. 04. 2008
0 views

Chapter 18

Baltic states and Russia
12. 10. 2007
0 views

Baltic states and Russia

quotes
03. 10. 2007
0 views

quotes

WDR 2008
29. 11. 2007
0 views

WDR 2008

CHLA PSRS Overview
30. 04. 2008
0 views

CHLA PSRS Overview

15 UKernel
02. 05. 2008
0 views

15 UKernel

Mr Logan OCCAR
06. 03. 2008
0 views

Mr Logan OCCAR

shen
15. 10. 2007
0 views

shen

Industry Brief
22. 10. 2007
0 views

Industry Brief

sess 4 solano
18. 06. 2007
0 views

sess 4 solano

sess 2 vollmer
18. 06. 2007
0 views

sess 2 vollmer

NSDI05 poster
18. 06. 2007
0 views

NSDI05 poster

NLC talk
18. 06. 2007
0 views

NLC talk

my Master 4
18. 06. 2007
0 views

my Master 4

More Mosaics
18. 06. 2007
0 views

More Mosaics

MEM SPI Jan00
18. 06. 2007
0 views

MEM SPI Jan00

VCA Org Charts
11. 12. 2007
0 views

VCA Org Charts

cjdim com Boudchiche
23. 10. 2007
0 views

cjdim com Boudchiche

GA Conf06China1
25. 03. 2008
0 views

GA Conf06China1

lecture 7 deadlock
17. 09. 2007
0 views

lecture 7 deadlock

Neptune Presentation
15. 06. 2007
0 views

Neptune Presentation

neptune
15. 06. 2007
0 views

neptune

Mehregan
18. 06. 2007
0 views

Mehregan

Plants are very useful
15. 06. 2007
0 views

Plants are very useful

Learning Phonics
15. 06. 2007
0 views

Learning Phonics

Learning Percent III
15. 06. 2007
0 views

Learning Percent III

Learning Percent I
15. 06. 2007
0 views

Learning Percent I

Physical Education Procedures
15. 06. 2007
0 views

Physical Education Procedures

Penguins
15. 06. 2007
0 views

Penguins

Olympic Wax Museum
15. 06. 2007
0 views

Olympic Wax Museum

howe9
17. 09. 2007
0 views

howe9

GSantin Siena 2 SpaceTools
03. 01. 2008
0 views

GSantin Siena 2 SpaceTools

gunderia powerpointlab
26. 11. 2007
0 views

gunderia powerpointlab

MySQL UC solid DB xact
18. 06. 2007
0 views

MySQL UC solid DB xact

Civics Lecture
31. 12. 2007
0 views

Civics Lecture

Physics and psycho2
14. 02. 2008
0 views

Physics and psycho2

TOUREDIT
12. 03. 2008
0 views

TOUREDIT

harvard deas
03. 01. 2008
0 views

harvard deas

Angelology
01. 10. 2007
0 views

Angelology

HenryVIII wwtbam
21. 08. 2007
0 views

HenryVIII wwtbam

AGU 2002
03. 10. 2007
0 views

AGU 2002

RubÃn Blades
22. 10. 2007
0 views

RubÃn Blades

tran present
21. 08. 2007
0 views

tran present

BU01
17. 09. 2007
0 views

BU01

Thode
17. 09. 2007
0 views

Thode

PP R CAJAR
22. 10. 2007
0 views

PP R CAJAR

moore lightning uw05
17. 09. 2007
0 views

moore lightning uw05

Space- The Outside World
15. 06. 2007
0 views

Space- The Outside World

arts and humanities applications
22. 11. 2007
0 views

arts and humanities applications

Session9 CATHALAC UNDP
25. 10. 2007
0 views

Session9 CATHALAC UNDP

use sunscreen
17. 09. 2007
0 views

use sunscreen

aatom
20. 11. 2007
0 views

aatom

9681
02. 08. 2007
0 views

9681

HHDL
15. 10. 2007
0 views

HHDL