Скачать презентацию European Grid Policy Management Authority 1 st EGEE Скачать презентацию European Grid Policy Management Authority 1 st EGEE

060c9e784273a6f2ed07f522fd6b10ba.ppt

  • Количество слайдов: 11

European. Grid Policy Management Authority 1 st EGEE Project Conference European. Grid Policy Management Authority 1 st EGEE Project Conference

Authentication &Authorisation · Authentication · who you are · Authorisation · what you are Authentication &Authorisation · Authentication · who you are · Authorisation · what you are allowed to do In a grid of many individuals and organisations · need single sign-on and identity certificates · for all national and global grid projects · thus issued by independent identity providers · and trusted by everyone in the grid David Groep – davidg@nikhef. nl 1 st EGEE Conference - 2

An EGEE Security Activity CA coordination is an activity of EGEE JRA 3 · An EGEE Security Activity CA coordination is an activity of EGEE JRA 3 · establish a CA trust domain for EGEE · coordination of existing national initiatives David Groep – davidg@nikhef. nl 1 st EGEE Conference - 3

The EUGrid. PMA European Grid Authentication Policy Management Authority for e-Science · Coordinates authentication The EUGrid. PMA European Grid Authentication Policy Management Authority for e-Science · Coordinates authentication for people and services for European and related Grid projects EGEE, DEISA, SEEGRID, LCG, … · ‘PMA’ manages authentication guidelines policy · Trust domain for research and academic purposes David Groep – davidg@nikhef. nl 1 st EGEE Conference - 4

Certificate Authority Coordination · Evolved from the CA Coordination Group in Data. Grid, Cross. Certificate Authority Coordination · Evolved from the CA Coordination Group in Data. Grid, Cross. Grid, LCG, … · collection of national or regional CAs · each with own policies and practices · all meet or exceed minimum requirements · · identity checking (in-person, photo-ID) physical security (off-line signing key, storage) naming (unique certificate names) revocation (updated lists, retrieval) · Clearly defined accreditation procedure David Groep – davidg@nikhef. nl 1 st EGEE Conference - 5

Why are there so many CAs? · national (regional) CAs can better verify identity Why are there so many CAs? · national (regional) CAs can better verify identity · different legislation throughout EU · if you find minimum requirements trustworthy: · · accept all of the CAs install their root certificates use tools and scripts provided to manage trust directory refresh the revocation lists daily with these tools · If you doubt a root certificate: · TERENA provides the Academic CA Repository TACAR · validate the integrity of your certificate store there · see the eugridpma or TERENA websites for link David Groep – davidg@nikhef. nl 1 st EGEE Conference - 6

Where to go for a certificate? · Everyone (almost) in Europe has a national Where to go for a certificate? · Everyone (almost) in Europe has a national CA · Green: CA Accredited · Yellow: being discussed Other Accredited CAs: · · · · · David Groep – davidg@nikhef. nl Do. EGrids (US) Grid. Canada ASCCG (Taiwan) Arme. SFO (Armenia) CERN Russia (HEP) FNAL Service CA (US) Israel Pakistan 1 st EGEE Conference - 7

The Catch-All CAs · For those left out of the rain in EGEE · The Catch-All CAs · For those left out of the rain in EGEE · CNRS “catch-all” (Sophie Nicoud) · coverage for all EGEE partners · you should agree on a local Registration Authority · For the South-East European Region · regional catch-all is being established (Nikos Vogiatzis, SEE-GRID) · For LCG physicists world-wide · Doe. Grids CA (Tony Genovese & Mike Helm, ESnet) · Registration Authorities through Ian Neilson David Groep – davidg@nikhef. nl 1 st EGEE Conference - 8

A European Authentication Solution · Common services to all European e. Infrastructure · EUGrid. A European Authentication Solution · Common services to all European e. Infrastructure · EUGrid. PMA: · All EU Grid infrastructure programmes · CAs also cover inter-organisational national projects · TERENA TACAR provides more than Grid CAs: · e. g. NREN CAs for access to wireless networks · root of trust for any other Authentication and Authorisation Infrastructure (AAI’s) library access, scientific journals, etc. · EUGrid. PMA collaborates in gridpma. org · International Grid Federation (IGF) with US & AP · en route to a federation covering the world David Groep – davidg@nikhef. nl 1 st EGEE Conference - 9

David Groep – davidg@nikhef. nl 1 st EGEE Conference - 10 David Groep – davidg@nikhef. nl 1 st EGEE Conference - 10

e. Infrastructure Reflection Group e. Infrastructure Reflection Group "The e. IRG notes the timely operation of the EUGrid. PMA in conjunction with the TACAR CA repository and it expresses its satisfaction for a European initiative that serves e-Science Grid projects. The e. IRG endorses the principle of the EUGrid. PMA and TACAR. The e. IRG welcomes the development which positions Europe in the forefront of Grid and e-Science interoperability. The e. IRG strongly encourages the EUGrid. PMA/TACAR to continue their valuable work and recommends that they be supported by the relevant EU/national projects and agencies. " David Groep – davidg@nikhef. nl 1 st EGEE Conference - 11