My. Proxy NMI Integration Jim Basney, NCSA Marty Humphrey, University of Virginia http: //myproxy. ncsa. uiuc. edu/
My. Proxy is an online repository for grid credentials. n Secure credential storage n Convenient credential access n Flexible credential management
Examples of My. Proxy in use:
Credential mobility: tg-login. ncsa. teragrid. org Obtain certificate ca. ncsa. uiuc. edu Store proxy myproxy. teragrid. org tg-login. caltech. teragrid. org Retrieve proxy tg-login. sdsc. teragrid. org tg-login. uc. teragrid. org
Grid portals: My. Proxy server Login CHEF portal Fetch proxy Access data Grid. FTP server
Proxy renewal: Submit job Workload management system Submit job Refresh proxy Fetch proxy My. Proxy server Globus gatekeeper
Long-term credential storage: Request account Username, password Accounting system Load user’s credentials Retrieve proxy Change password My. Proxy server Obtain user’s certificate Certificate authority
NMI integration: My. Proxy included in NMI R 3 & R 4 n Packaged with GPT n Uses Globus Toolkit security libraries n n Used by NMI components: ¨ OGCE NMI portal ¨ Condor-G www. ogce. org
My. Proxy OGSI implementation: Initial release this month for GT 3. 0 n Designed to leverage OGSI functionality n Credential. Manager. Factory Credential. Manager Instance
Hardware-secured My. Proxy: Retrieve proxy Proxy request My. Proxy Server IBM 4758 Proxy certificate M. Lorch, J. Basney, and D. Kafura, "A Hardware-secured Credential Repository for Grid PKIs, " 4 th IEEE/ACM International Symposium on Cluster Computing and the Grid, April 2004.
Ongoing work: Continued OGSA development n Credential access control (XACML, SAML) n Credential exchange protocols (WS-Trust) n Audit logging, monitoring, and event notification n Additional authentication methods (Kerberos, PAM, OTP, SRP) n Managing multiple credentials n
Acknowledgements: n n n n Shiva Chetan Sumin Song Feng Qin Xiao Tu Shaun Arnold Jun Wang Greg Mattes Glenn Wasson n n n n Jarek Gawor Daniel Kouril Jason Novotny Miroslav Ruda Benjamin Temko Von Welch Markus Lorch Charles Severance Supported by NSF Middleware Initiative
Скачать презентацию My Proxy NMI Integration Jim Basney NCSA Marty
cfe979cd606d11b91b7daffa6ff19fe5.ppt