Argus: The Simplified Policy Language
|
|
- Willa Bishop
- 6 years ago
- Views:
Transcription
1 Argus: The Simplified Policy Language Andrea Ceccanti INFN-CNAF EGEE 09 September 2009, Barcelona EGEE and glite are registered trademarks
2 Argus High level overview PAP: author, store, manage and distribute policies PDP: evaluate requests against policies PEP: create request and enforce PDP decisions 2
3 AuthZ Argus is designed to answer the question: Can user X perform action Y on resource Z? Argus policies contain rules that state which actions can be performed on which resources by which users. Argus uses XACML v.2.0 as the policy language. however, XACML is hard to read and write, so we developed a Simplified Policy Language (SPL) to suit our needs 3
4 The banning use case User X should not be allowed to do anything on any resource (for this example X will be my certificate subject) 4
5 An XACML banning policy...? 5
6 The corresponding SPL policy resource ".*" { action ".*" { rule deny { subject="cn=andrea Ceccanti,L=CNAF,OU=Personal Certificate,O=INFN,C=IT" 6
7 resource <value> {... action <value> { Enabling Grids for E-sciencE rule <permit deny> { <attributeid> = <attributevalue> The SPL Syntax (1) You can have multiple resource stanzas, one for each resource (or group of resources) that you want to protect. Inside each resource stanza, you may define multiple action stanzas, to authorize specific actions on such resource. Inside each action stanza, you can define multiple rule stanzas. Each rule defines a subject that is authorized (in case of a permit rule) or not authorized (in case of a deny rule) to perform the action on the resource identified by the enclosing action and resource stanzas. 7
8 Actions and Resources Actions and resources are identified by unique identifiers that are assigned to them. tipically URIs, but any string could work An example Resource ID: An example Action ID: More info here: 8
9 Identifying subjects A subject in a policy is described by a set of attributes: subject, an X509 certificate subject, ex: subject= CN=Andrea Ceccanti,L=CNAF,OU=Personal Certificate,O=INFN,C=IT ca, the certificate subject of a CA, ex: ca= CN=INFN CA,O=INFN,C=IT vo, the name of a Virtual Organization vo= test_vo fqan, a VOMS Fully Qualified Attribute Name fqan= /test_vo/production pfqan, the primary VOMS FQAN pfqan= /test_vo/role=pilot 9
10 resource <value> { action <value> { Enabling Grids for E-sciencE The SPL Syntax (2) Resources and actions are identified via regular expressions (the <value> field) that are matched against resource and action ids in the authorization request rule <permit deny> { <attributeid> = <attributevalue> Each rule contains a list of attributes that are matched against the subject attributes in the authorization request. Attributes inside a rule are ANDed, i.e. the subject attributes in the request must match all the attribute listed in the rule for the rule to be applied. Only one rule is applied at a time, the first one that matches the request: order matters! 10
11 Examples We have two CEs at our site, ce_1 and ce_2. We want to authorize Andrea Ceccanti to contact one but not the other. resource ce_1 { action.* { rule permit { subject = CN=Andrea Ceccanti,L=CNAF,OU=Personal Certificate,O=INFN,C=IT resource ce_2 { action.* { rule deny{ subject = CN=Andrea Ceccanti,L=CNAF,OU=Personal Certificate,O=INFN,C=IT 11
12 Examples We want to ban users from VO test_vo from ce_1 but not those who have a certificate signed by INFN CA. resource ce_1 { action.* { rule permit { vo = test_vo ca = CN=INFN CA,O=INFN,C=IT rule deny { vo = test_vo 12
13 Examples On ce_1 we want to allow all test_vo members, except submitters with role /test_vo/role=pilot as the primary FQAN resource ce_1 { action.* { rule deny { pfqan = /test_vo/role=pilot rule permit { vo = test_vo 13
14 List currently active policies: PAP command line tools pap-admin list-policies Import policies expressed in the SPL from a file: pap-admin add-policies-from-file my-policies.txt easily ban/un-ban users, vos: pap-admin ban vo test_vo pap-admin un-ban vo test_vo add a generic policy: pap-admin add-policy --resource ce_1 --action.* \ permit pfqan= /test_vo/role=pilot 14
15 Resources & Contacts Enabling Grids for E-sciencE Argus documentation home: Simplified Policy Language documentation: PAP documentation: Argus getting started guides: Contacts: 15
16 Questions?? 16
17 Hands on screencast Vimeo: Quicktime movie: 17
18 Screencast setup 18
19 Custom Argus service conf. Argus services installed following the Getting Started guide: with some changes to default configuration No caching of decisions on the PEP daemon The PDP refreshes policies from the PAP every minute And also to VOMS server default configuration use the --shortfqans option to make the voms server issue short fqans, ie. things like /test_vo/analysis instead of /test_vo/ analysis/role=null/capability=null If you don t do this you have to write all that NULL stuff into your policies if you want a working demo 19
SGS11: Swiss Grid School 2011 Argus The EMI Authorization Service
1 SGS11: Swiss Grid School 2011 Argus The EMI Authorization Service Andres Aeschlimann SWITCH Outline 1. Argus Authorization Service 2. Service Deployment 3. Authorization Policies 4. Simplified Policy
More informationFederated Authentication with Web Services Clients
Federated Authentication with Web Services Clients in the context of SAML based AAI federations Thomas Lenggenhager thomas.lenggenhager@switch.ch Mannheim, 8. March 2011 Overview SAML n-tier Delegation
More informationArgus Authorization Service
Argus Authorization Service Valery Tschopp - SWITCH GDB Meeting, 11.07.2012 @ CERN EMI is partially funded by the European Commission under Grant Agreement RI-261611 Authorization What is authorization?
More informationArgus Documentation. Release Andrea Ceccanti, Valery Tschopp, Michel Jouvin, Marco Caberlett
Argus Documentation Release 1.7.0 Andrea Ceccanti, Valery Tschopp, Michel Jouvin, Marco Caberlett Aug 04, 2017 Contents 1 Argus Release notes 3 1.1 Argus 1.7.2 (01-08-2017)........................................
More informationArgus Vulnerability Assessment *1
Argus Vulnerability Assessment *1 Manuel Brugnoli and Elisa Heymann Universitat Autònoma de Barcelona June, 2011 Introduction Argus is the glite Authorization Service. It is intended to provide consistent
More informationINDIGO-Datacloud Identity and Access Management Service
INDIGO-Datacloud Identity and Access Management Service RIA-653549 Presented by Andrea Ceccanti (INFN) andrea.ceccanti@cnaf.infn.it WLCG AuthZ WG Meeting Dec, 14th 2017 IAM overview INDIGO IAM The Identity
More informationAn XACML Attribute and Obligation Profile for Authorization Interoperability in Grids
GWD-C Federated Security fed-sec@ogf.org Rachana Ananthakrishnan, Argonne National Laboratory Gabriele Garzoglio, Fermilab Oscar Koeroo, Nikhef March 11, 2012 Protocol version 1.2 An XACML Attribute and
More informationglite Java Authorisation Framework (gjaf) and Authorisation Policy coordination
glite Java Authorisation Framework (gjaf) and Authorisation Policy coordination Yuri Demchenko University of Amsterdam MWSG meeting EGEE 06 Conference, September 27, 2006, Geneve www.eu-egee.org EGEE and
More informationAn XACML Attribute and Obligation Profile for Authorization Interoperability in Grids
GWD-CP.205 Federated Security fedsec-cg@ogf.org Rachana Ananthakrishnan, Argonne National Laboratory Gabriele Garzoglio *, Fermilab Oscar Koeroo *, Nikhef January 21, 2013 Protocol version 1.2 An XACML
More informationImproving Grid User's Privacy with glite Pseudonymity Service
Improving Grid User's Privacy with glite Pseudonymity Service Henri Mikkonen, Joni Hahkala and John White 5 th EGEE User Forum 12-16 April 2010 Uppsala, Sweden www.eu-egee.org EGEE and glite are registered
More informationFailover procedure for Grid core services
Failover procedure for Grid core services Kai Neuffer COD-15, Lyon www.eu-egee.org EGEE and glite are registered trademarks Overview List of Grid core services Top level BDII Central LFC VOMS server WMS-LB/RB
More informationMyProxy Server Installation
MyProxy Server Installation Emidio Giorgio INFN First Latin American Workshop for Grid Administrators 21-25 November 2005 www.eu-egee.org Outline Why MyProxy? Proxy Renewal mechanism. Remote authentication
More informationGrid Authentication and Authorisation Issues. Ákos Frohner at CERN
Grid Authentication and Authorisation Issues Ákos Frohner at CERN Overview Setting the scene: requirements Old style authorisation: DN based gridmap-files Overview of the EDG components VO user management:
More informationSLCS and VASH Service Interoperability of Shibboleth and glite
SLCS and VASH Service Interoperability of Shibboleth and glite Christoph Witzig, SWITCH (witzig@switch.ch) www.eu-egee.org NREN Grid Workshop Nov 30th, 2007 - Malaga EGEE and glite are registered trademarks
More information[GSoC Proposal] Securing Airavata API
[GSoC Proposal] Securing Airavata API TITLE: Securing AIRAVATA API ABSTRACT: The goal of this project is to design and implement the solution for securing AIRAVATA API. Particularly, this includes authenticating
More informationGrid services. Enabling Grids for E-sciencE. Dusan Vudragovic Scientific Computing Laboratory Institute of Physics Belgrade, Serbia
Grid services Dusan Vudragovic dusan@phy.bg.ac.yu Scientific Computing Laboratory Institute of Physics Belgrade, Serbia Sep. 19, 2008 www.eu-egee.org Set of basic Grid services Job submission/management
More informationMonitoring tools in EGEE
Monitoring tools in EGEE Piotr Nyczyk CERN IT/GD Joint OSG and EGEE Operations Workshop - 3 Abingdon, 27-29 September 2005 www.eu-egee.org Kaleidoscope of monitoring tools Monitoring for operations Covered
More informationBeyond X.509: Token-based Authentication and Authorization with the INDIGO Identity and Access Management Service
Beyond X.509: Token-based Authentication and Authorization with the INDIGO Identity and Access Management Service Andrea Ceccanti andrea.ceccanti@cnaf.infn.it Workshop CCR Rimini, June 12th 2018 INDIGO
More informationObligation Standardization
Standardization David Chadwick, University of Kent Mario Lischka NEC Laboratories Europe 1 Problems with Existing Model s have not been handled fully, they are simply attribute assignments which are consumed
More informationEGEE (JRA4) Loukik Kudarimoti DANTE. RIPE 51, Amsterdam, October 12 th, 2005 Enabling Grids for E-sciencE.
RIPE 51, Amsterdam, October 12 th, 2005 Enabling Grids for E-sciencE EGEE (JRA4) www.eu-egee.org Loukik Kudarimoti DANTE www.eu-egee.org EGEE is a project funded by the European Union under contract IST-2003-508833
More informationAuthorisation Policy coordination and glite Java Authorisation Framework (gjaf)
Authorisation Policy coordination and glite Java Authorisation Framework (gjaf) Yuri Demchenko University of Amsterdam JRA1 All Hands meeting, July 10-12, 2006, Pilsen www.eu-egee.org EGEE and glite are
More informationGrid4All Security User's Manual, Release 0.6
Grid4All Security User's Manual, Release 0.6 by Leif Lindbäck and Vladimir Vlassov Royal Institute of Technology (KTH), Stockholm, Sweden Email {leifl, vladv}@kth.se FP6 Project Grid4All (IST-2006-034567)
More informationGLOBUS TOOLKIT SECURITY
GLOBUS TOOLKIT SECURITY Plamen Alexandrov, ISI Masters Student Softwarepark Hagenberg, January 24, 2009 TABLE OF CONTENTS Introduction (3-5) Grid Security Infrastructure (6-15) Transport & Message-level
More informationEnabling Grids for E-sciencE. EGEE security pitch. Olle Mulmo. EGEE Chief Security Architect KTH, Sweden. INFSO-RI
EGEE security pitch Olle Mulmo EGEE Chief Security Architect KTH, Sweden www.eu-egee.org Project PR www.eu-egee.org EGEE EGEE is the largest Grid infrastructure project in the World? : 70 leading institutions
More informationGrid Technologies for AAI*
Grid Technologies for AAI* in Selected Grid Infrastructures and using a subset of the available technologies (2010) David Groep, Nikhef with graphics by many others from publicly available sources... based
More informationPERMIS An Application Independent Authorisation Infrastructure. David Chadwick
PERMIS An Application Independent Authorisation Infrastructure David Chadwick Role/Attribute Based Access Control Model Hierarchical Role based Access Control (RBAC) Permissions are allocated to roles/attributes
More informationBob Jones. EGEE and glite are registered trademarks. egee EGEE-III INFSO-RI
Bob Jones EGEE project director www.eu-egee.org egee EGEE-III INFSO-RI-222667 EGEE and glite are registered trademarks Quality: Enabling Grids for E-sciencE Monitoring via Nagios - distributed via official
More informationAttributes used for Authorisation in Network Resource Provisioning
Attributes used for Authorisation in Network Resource Provisioning (XACML-NRP Authorisation Interoperability Profile for NRP) Yuri Demchenko System and Network Engineering Group University of Amsterdam
More informationAMGA metadata catalogue system
AMGA metadata catalogue system Hurng-Chun Lee ACGrid School, Hanoi, Vietnam www.eu-egee.org EGEE and glite are registered trademarks Outline AMGA overview AMGA Background and Motivation for AMGA Interface,
More informationStoRM configuration. namespace.xml
StoRM configuration. namespace.xml 13 November 2007 Outline About this talk Mapping concepts Namespace concepts Namespace algorithms Namespace in practise Mapping Concepts Mapping concepts Mapping The
More informationglite Grid Services Overview
The EPIKH Project (Exchange Programme to advance e-infrastructure Know-How) glite Grid Services Overview Antonio Calanducci INFN Catania Joint GISELA/EPIKH School for Grid Site Administrators Valparaiso,
More informationSetup Desktop Grids and Bridges. Tutorial. Robert Lovas, MTA SZTAKI
Setup Desktop Grids and Bridges Tutorial Robert Lovas, MTA SZTAKI Outline of the SZDG installation process 1. Installing the base operating system 2. Basic configuration of the operating system 3. Installing
More informationEnabling Grids for E-sciencE. A centralized administration of the Grid infrastructure using Cfengine. Tomáš Kouba Varna, NEC2009.
EGEE and glite are registered trademarks Enabling Grids for E-sciencE A centralized administration of the Grid infrastructure using Cfengine Tomáš Kouba Varna, NEC2009 www.eu-egee.org Introduction Typical
More informationEGEE and Interoperation
EGEE and Interoperation Laurence Field CERN-IT-GD ISGC 2008 www.eu-egee.org EGEE and glite are registered trademarks Overview The grid problem definition GLite and EGEE The interoperability problem The
More informationg-eclipse A Framework for Accessing Grid Infrastructures Nicholas Loulloudes Trainer, University of Cyprus (loulloudes.n_at_cs.ucy.ac.
g-eclipse A Framework for Accessing Grid Infrastructures Trainer, University of Cyprus (loulloudes.n_at_cs.ucy.ac.cy) EGEE Training the Trainers May 6 th, 2009 Outline Grid Reality The Problem g-eclipse
More information3rd UNICORE Summit, Rennes, Using SAML-based VOMS for Authorization within Web Services-based UNICORE Grids
3rd UNICORE Summit, Rennes, 28.08.2007 Using SAML-based VOMS for Authorization within Web Services-based UNICORE Grids Valerio Venturi, Morris Riedel, Shiraz Memon, Shahbaz Memon, Frederico Stagni, Bernd
More informationINDIGO AAI An overview and status update!
RIA-653549 INDIGO DataCloud INDIGO AAI An overview and status update! Andrea Ceccanti (INFN) on behalf of the INDIGO AAI Task Force! indigo-aai-tf@lists.indigo-datacloud.org INDIGO Datacloud An H2020 project
More informationUnderstanding StoRM: from introduction to internals
Understanding StoRM: from introduction to internals 13 November 2007 Outline Storage Resource Manager The StoRM service StoRM components and internals Deployment configuration Authorization and ACLs Conclusions.
More informationImplementing GRID interoperability
AFS & Kerberos Best Practices Workshop University of Michigan, Ann Arbor June 12-16 2006 Implementing GRID interoperability G. Bracco, P. D'Angelo, L. Giammarino*, S.Migliori, A. Quintiliani, C. Scio**,
More informationXACML Profile for Requests for Multiple Resources
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 XACML Profile for Requests for Multiple Resources Working Draft 03, 3 August 2004 Document identifier: oasis-xacml-profile-multiple-resources-wd-03
More informationHierarchical Resources: Non-XML Resource Use Case
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 Hierarchical Resources: Non-XML Resource Use Case Working Draft 01, 17 June 2004 Document identifier: xacml-profile-hierarchical-resources-nonxml-1.0-draft01
More informationE G E E - I I. Document identifier: Date: 10/08/06. Document status: Document link:
E G E E - I I A F S P O O L A C C O U N T U S E R S G S S K L O G A N D L C M A P S E X T E N S I O N T O S U P P O R T A F S U S E R S A S E G E E P O O L A C C O U N T U S E R S Document identifier:
More informationHierarchical Resource profile of XACML
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Hierarchical Resource profile of XACML Committee Draft 01, 30 September 2004 Document identifier: access_control-xacml-2.0-hier_profile-spec-cd-01
More informationXACML Profile and Implementation for Authorization Interoperability between OSG and EGEE
XACML Profile and Implementation for Authorization Interoperability between OSG and EGEE G. Garzoglio, 1 * I. Alderman 2, M. Altunay, 1 R. Ananthakrishnan, 3 J. Bester, 3 K. Chadwick, 1 V. Ciaschini, 4
More informationDEVELOPMENT OF A NEW POLICY EVALUATION PROCEDURE FOR XACML
DEVELOPMENT OF A NEW POLICY EVALUATION PROCEDURE FOR XACML Jorian van Oostenbrugge Supervisor: Fatih Turkmen August 19, 2016 System and Network Engineering University of Amsterdam WHY Customer data more
More informationEUROPEAN MIDDLEWARE INITIATIVE
EUROPEAN MIDDLEWARE INITIATIVE VOMS CORE AND WMS SECURITY ASSESSMENT EMI DOCUMENT Document identifier: EMI-DOC-SA2- VOMS_WMS_Security_Assessment_v1.0.doc Activity: Lead Partner: Document status: Document
More informationIdentity, Authentication and Authorization. John Slankas
Identity, Authentication and Authorization John Slankas jbslanka@ncsu.edu Identity Who or what a person or thing is; a distinct impression of a single person or thing presented to or perceived by others;
More informationOGF Production Grid Infrastructure. Glossary of Acronyms and Terms
GFD-I.181 OGF Production Grid Infrastructure Editor: E. Urbah, LAL, Univ Paris-Sud, IN2P3/CNRS http://forge.gridforum.org/sf/projects/pgi-wg 20 March, 2011 OGF Production Grid Infrastructure Glossary of
More informationThe glite middleware. Presented by John White EGEE-II JRA1 Dep. Manager On behalf of JRA1 Enabling Grids for E-sciencE
The glite middleware Presented by John White EGEE-II JRA1 Dep. Manager On behalf of JRA1 John.White@cern.ch www.eu-egee.org EGEE and glite are registered trademarks Outline glite distributions Software
More informationDynamic Security Context Management in Grid-based Applications
Abstract Dynamic Security Context Management in Grid-based Applications Yuri Demchenko #1, Olle Mulmo *2, Leon Gommans #3, Cees de Laat #4, Alfred Wan #5 # System and Network Engineering Group, University
More informationDIRAC distributed secure framework
Journal of Physics: Conference Series DIRAC distributed secure framework To cite this article: A Casajus et al 2010 J. Phys.: Conf. Ser. 219 042033 View the article online for updates and enhancements.
More informationGrid Services Security Vulnerability and Risk Analysis
Grid Services Security Vulnerability and Risk Analysis Dr Linda Cornwall RAL www.eu-egee.org EGEE and glite are registered trademarks Contents Why we setup the Grid Security Vulnerability Group Starting
More informationIntroduzione al GRID computing
Introduzione al GRID computing Carlo Sciò scio@frascati.enea.it - int. 5617 FRASCATI Enea Casaccia, 15 May 2008 www.eu-egee.org Overview - What is Grid? - Why Grid? Distributed supercomputing High Throughput
More informationDavid W Chadwick, Linying Su, Romain Laborde,
GWD-R-P OGSA-Authz David W Chadwick, Linying Su, Romain Laborde, University of Kent 31 March 2008 Use of XACML Request Context to Obtain an Authorisation Decision Status of This Document This document
More informationDIRAC Distributed Secure Framework
DIRAC Distributed Secure Framework A Casajus Universitat de Barcelona E-mail: adria@ecm.ub.es R Graciani Universitat de Barcelona E-mail: graciani@ecm.ub.es on behalf of the LHCb DIRAC Team Abstract. DIRAC,
More informationDeploying virtualisation in a production grid
Deploying virtualisation in a production grid Stephen Childs Trinity College Dublin & Grid-Ireland TERENA NRENs and Grids workshop 2 nd September 2008 www.eu-egee.org EGEE and glite are registered trademarks
More informationLesson 22 XACML Service Oriented Architectures Security Module 1 - Basic technologies Unit 1 Introduction
Lesson 22 XACML Service Oriented Architectures Security Module 1 - Basic technologies Unit 1 Introduction Ernesto Damiani Università di Milano Pag. 1 XACML - Topics Goals Approach Examples Summary Purdue
More informationGrids and Security. Ian Neilson Grid Deployment Group CERN. TF-CSIRT London 27 Jan
Grids and Security Ian Neilson Grid Deployment Group CERN TF-CSIRT London 27 Jan 2004-1 TOC Background Grids Grid Projects Some Technical Aspects The three or four A s Some Operational Aspects Security
More informationEMI Deployment Planning. C. Aiftimiei D. Dongiovanni INFN
EMI Deployment Planning C. Aiftimiei D. Dongiovanni INFN Outline Migrating to EMI: WHY What's new: EMI Overview Products, Platforms, Repos, Dependencies, Support / Release Cycle Migrating to EMI: HOW Admin
More informationVirtualization in a Grid Environment. Nils Dijk - Hogeschool van Amsterdam Instituut voor Informatica
Virtualization in a Grid Environment Nils Dijk - nils.dijk@hva.nl Hogeschool van Amsterdam Instituut voor Informatica July 8, 2010 Abstract Date: July 8, 2010 Title: Virtualization in a Grid Environment
More informationThe PRIMA Grid Authorization System
The PRIMA Grid Authorization System Markus Lorch and Dennis Kafura {mlorch@vt.edu, kafura@cs.vt.edu} Department of Computer Science Virginia Tech Blacksburg, VA 24061 Abstract PRIMA, a system for PRIvilege
More informationNAC 2007 Spring Conference
NAC 2007 Spring Conference Click to edit Master title style OASIS XACML Update Hal Lockhart Office of the CTO BEA Systems hlockhar@bea.com Hal Lockhart Senior Principal Technologist, OCTO Co-chair XACML
More informationEurogrid: a glideinwms based portal for CDF data analysis - 19th January 2012 S. Amerio. (INFN Padova) on behalf of Eurogrid support group
Eurogrid: a glideinwms based portal for CDF data analysis - 19th January 2012 S. Amerio (INFN Padova) on behalf of Eurogrid support group CDF computing model CDF computing model is based on Central farm
More informationglite Middleware Usage
glite Middleware Usage Dusan Vudragovic dusan@phy.bg.ac.yu Scientific Computing Laboratory Institute of Physics Belgrade, Serbia Nov. 18, 2008 www.eu-egee.org EGEE and glite are registered trademarks Usage
More information30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy
Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy Why the Grid? Science is becoming increasingly digital and needs to deal with increasing amounts of
More informationRB-GACA: A RBAC based Grid Access Control Architecture
RB-GACA: A RBAC based Grid Access Control Architecture Weizhong Qiang, Hai Jin, Xuanhua Shi, Deqing Zou, Hao Zhang Cluster and Grid Computing Lab Huazhong University of Science and Technology, Wuhan, 430074,
More informationDelegated authentication Electronic identity: delegated and federated authentication, policy-based access control
Delegated authentication Electronic identity: delegated and federated authentication, policy-based access control Antonio Lioy < lioy @ polito.it > several RPs (Replying Party) may decide to delegate authentication
More informationLCG User Registration & VO management
LCG User Registration & VO management Spring HEPiX Edinburgh 1Maria Dimou- cern-it-gd Presentation Outline Why is LCG Registration worth talking about. How do we register users today. What needs to be
More informationdcache Introduction Course
GRIDKA SCHOOL 2013 KARLSRUHER INSTITUT FÜR TECHNOLOGIE KARLSRUHE August 29, 2013 dcache Introduction Course Overview Chapters I, II and Ⅴ Christoph Anton Mitterer christoph.anton.mitterer@lmu.de ⅤIII.
More informationRelease 0.1. Paolo Andreetto
CREAM G uidedocumentation Release 0.1 Paolo Andreetto Dec 15, 2017 Contents 1 CREAM Functional Description 3 2 CREAM installation 5 2.1 Requirements............................................... 5 2.2
More informationR-GMA (Relational Grid Monitoring Architecture) for monitoring applications
R-GMA (Relational Grid Monitoring Architecture) for monitoring applications www.eu-egee.org egee EGEE-II INFSO-RI-031688 Acknowledgements Slides are taken/derived from the GILDA team Steve Fisher (RAL,
More informationGWD-R (proposed) June 2003
Use of SAML for OGSA Authorization Status of This Memo This document has been submitted to the Global Grid Forum OGSA Security Working Group for consideration as recommendations document in that area of
More informationThe glite middleware. Ariel Garcia KIT
The glite middleware Ariel Garcia KIT Overview Background The glite subsystems overview Security Information system Job management Data management Some (my) answers to your questions and random rumblings
More informationBookkeeping and submission tools prototype. L. Tomassetti on behalf of distributed computing group
Bookkeeping and submission tools prototype L. Tomassetti on behalf of distributed computing group Outline General Overview Bookkeeping database Submission tools (for simulation productions) Framework Design
More informationThe LHC Computing Grid
The LHC Computing Grid Gergely Debreczeni (CERN IT/Grid Deployment Group) The data factory of LHC 40 million collisions in each second After on-line triggers and selections, only 100 3-4 MB/event requires
More informationGrid Security Infrastructure
Grid Computing Competence Center Grid Security Infrastructure Riccardo Murri Grid Computing Competence Center, Organisch-Chemisches Institut, University of Zurich Oct. 12, 2011 Facets of security Authentication
More informationLCG Installation LCFGng
GridKa School, 20-23 September 2004 www.eu-egee.org LCG Installation LCFGng Peer Hasselmeyer GridKa, FZK EGEE is a project funded by the European Union under contract IST-2003-508833 What is LCFGng? LCFGng
More informationPolicy Machine PRESENTED BY: SMRITI BHATT
Policy Machine PRESENTED BY: SMRITI BHATT Overview Many policies and access control models DAC, MAC, RBAC, ABAC, LaBAC, ReBAC, Policy Machine immense concept and capabilities PM vs ABAC Attributes, relationships,
More informationThe EPIKH, GILDA and GISELA Projects
The EPIKH Project (Exchange Programme to advance e-infrastructure Know-How) The EPIKH, GILDA and GISELA Projects Antonio Calanducci INFN Catania (Consorzio COMETA) - UniCT Joint GISELA/EPIKH School for
More informationYAIM Overview. Bruce Becker Meraka Institute. Co-ordination & Harmonisation of Advanced e-infrastructures for Research and Education Data Sharing
Co-ordination & Harmonisation of Advanced e-infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n. 306819 YAIM Overview Bruce Becker Meraka Institute Outline
More informationOverview of WMS/LB API
Overview of WMS/LB API Emidio Giorgio www.eu-egee.org Outline API vs. CLI Overview of WMProxy API Overview of Logging and Bookkeeping API Usage examples API vs. CLI Users applications can be integrated
More informationextensible Access Control Markup Language (XACML) Anne Anderson Sun Microsystems, Inc. GSA Identity Workshop 27 Feb 2007
extensible Access Control Markup Language (XACML) Anne Anderson Sun Microsystems, Inc. GSA Identity Workshop 27 Feb 2007 Outline Introduction to XACML XACML 3.0: Coming soon! > Administrative Policy and
More informationMilestone deliverable reference number M.4.1 (Part 1 of the Deliverable D.4.1)
034115 PHOSPHORUS Lambda User Controlled Infrastructure for European Research Integrated Project Strategic objective: Research Networking Testbeds Milestone deliverable reference number M.4.1 (Part 1 of
More informationTHEBES: THE GRID MIDDLEWARE PROJECT Project Overview, Status Report and Roadmap
THEBES: THE GRID MIDDLEWARE PROJECT Project Overview, Status Report and Roadmap Arnie Miles Georgetown University adm35@georgetown.edu http://thebes.arc.georgetown.edu The Thebes middleware project was
More informationglideinwms Training Glidein Internals How they work and why by Igor Sfiligoi, Jeff Dost (UCSD) glideinwms Training Glidein internals 1
Glidein Internals How they work and why by Igor Sfiligoi, Jeff Dost (UCSD) Glidein internals 1 Refresher glidein_startup the glidein_startup script configures and starts Condor on the worker node Glidein
More informationCredential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003
Credential Management in the Grid Security Infrastructure GlobusWorld Security Workshop January 16, 2003 Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ Credential Management Enrollment:
More informationAdvanced Job Submission on the Grid
Advanced Job Submission on the Grid Antun Balaz Scientific Computing Laboratory Institute of Physics Belgrade http://www.scl.rs/ 30 Nov 11 Dec 2009 www.eu-egee.org Scope User Interface Submit job Workload
More informationCluster Nazionale CSN4
CCR Workshop - Stato e Prospettive del Calcolo Scientifico Cluster Nazionale CSN4 Parallel computing and scientific activity Roberto Alfieri - Parma University & INFN, Gr.Coll. di Parma LNL - 16/02/2011
More informationGrouper after Groups Enabling Net+ Services with PAP, PEP, and PDP...Oh My!
Grouper after Groups Enabling Net+ Services with PAP, PEP, and PDP...Oh My! October 3rd, 2012 Bill Thompson IAM Architect, Unicon Chris Hyzer Grouper Developer, University of Pennsylvania Grouper after
More informationSummer Student Work: Accounting on Grid-Computing
Summer Student Work: Accounting on Grid-Computing Walter Bender Supervisors: Yves Kemp/Andreas Gellrich/Christoph Wissing September 18, 2007 Abstract The task of this work was to develop a graphical tool
More informationA QUICK INTRODUCTION TO VOMS
A QUICK INTRODUCTION TO VOMS 1.INTRODUCTION Aim of this write-up is to give an overview on the current VOMS affaire : a description of the mechanism currently used on the LCG/gLite middleware, the relationships
More informationTrust Eleva,on Architecture v03
Trust Eleva,on Architecture v03 DISCUSSION DRAFT 2015-01- 27 Andrew Hughes 1 Purpose of this presenta,on To alempt to explain the Trust Eleva,on mechanism as a form of ALribute Based Access Control To
More informationAndrea Sciabà CERN, Switzerland
Frascati Physics Series Vol. VVVVVV (xxxx), pp. 000-000 XX Conference Location, Date-start - Date-end, Year THE LHC COMPUTING GRID Andrea Sciabà CERN, Switzerland Abstract The LHC experiments will start
More informationThe SweGrid Accounting System
The SweGrid Accounting System Enforcing Grid Resource Allocations Thomas Sandholm sandholm@pdc.kth.se 1 Outline Resource Sharing Dilemma Grid Research Trends Connecting National Computing Resources in
More informationPrivacy Policy Languages:
Privacy Policy Languages: XACML vs EPAL 5 th Annual Privacy & Security Workshop 29 October 2004 Anne Anderson Staff Engineer Sun Microsystems Labs Burlington, MA, USA Anne.Anderson@sun.com Copyright 2004
More informationLCG-2 and glite Architecture and components
LCG-2 and glite Architecture and components Author E.Slabospitskaya www.eu-egee.org Outline Enabling Grids for E-sciencE What are LCG-2 and glite? glite Architecture Release 1.0 review What is glite?.
More informationShibVomGSite: A Framework for Providing Username and Password Support to GridSite with Attribute based Authorization using Shibboleth and VOMS
ShibVomGSite: A Framework for Providing Username and Password Support to GridSite with Attribute based Authorization using Shibboleth and VOMS Joseph Olufemi Dada & Andrew McNab School of Physics and Astronomy,
More informationRIPPLESTONE SUMMARY
RIPPLESTONE 3.7 - SUMMARY HOME PAGE ADDED AN ADMIN DASHBOARD (3.7.1.2) This new page is available to Super Users and Administrators and provides information about the Ripplestone system. It allows them
More informationIntroduction to Grid Security
Introduction to Grid Security Mika Silander Helsinki Institute of Physics www.hip.fi T-106.5820 Grid Technologies and Applications TKK, Outline Background Functionality overview Virtual Organisations Certification
More informationglideinwms architecture by Igor Sfiligoi, Jeff Dost (UCSD)
glideinwms architecture by Igor Sfiligoi, Jeff Dost (UCSD) Outline A high level overview of the glideinwms Description of the components 2 glideinwms from 10k feet 3 Refresher - HTCondor A Condor pool
More information