untitled

Similar documents
untitled

グリッド研究センター 基盤ソフトチーム 2002年度成果発表

Microsoft PowerPoint - GridHotline-Tanaka-2008-Mar

JPGRID-GGF0205 第 5 回 GGF 調査会 globusworld 参加報告 株式会社 SRA グローバルITサービスカンパニー開発部産業第 4グループ 平野基孝 Programs 8 Tutorial 2: Grid Services and Web Services 8 Track

untitled

untitled

3. RIR 3.1. RIR Regional Internet Registry APNIC Asia Pacific Network Information Centre RIR RIPE NCC Réseaux IP Européens Network Coordination Centre

Encryption Security

untitled

XMLを基盤とするビジネスプロトコルの動向

ppt

"CAS を利用した Single Sign On 環境の構築"

All Rights Reserved, Copyright FUJITSU LIMITED All Rights Reserved, Copyright FUJITSU LIMITED

untitled

セキュリティ関連XML規格の紹介

Windows Oracle -Web - Copyright Oracle Corporation Japan, All rights reserved.

/02/ /09/ /05/ /02/ CA /11/09 OCSP SubjectAltName /12/02 SECOM Passport for Web SR

/07/ /10/12 I

"CAS を利用した Single Sign On 環境の構築"

Oracle Identity Managementの概要およびアーキテクチャ

sp c-final

 

untitled

Dec , IS p. 1/60

スライド 1

Testing XML Performance

untitled

IT IBM Corporation

M-JUSD2471b

第3 章 電子認証技術に関する国際動向

SAML

Microsoft PowerPoint - JPGrid-WS-Tanaka

PowerPoint プレゼンテーション

1. PKI (EDB/PKI) (Single Sign On; SSO) (PKI) ( ) Private PKI, Free Software ITRC 20th Meeting (Oct. 5, 2006) T. The University of Tokush

特集 e- サイエンスを実現するグリッド技術 1 サイエンスグリッドの動向 三浦謙一 国立情報学研究所 サイエンスグリッドとは 10 e- Electrical Power Grid 図 -1 Virtual Organization 1 ET 所の 所 (Electric ow

Juniper Networks Corporate PowerPoint Template

金融分野のTPPsとAPIのオープン化:セキュリティ上の留意点

ICSU World Data System (WDS) WDC WDS Scientific Committee (ICSU) WS

"CAS を利用した Single Sign On 環境の構築"

BIG‑IP Access Policy Manager | F5 Datasheet

untitled

,,,,., C Java,,.,,.,., ,,.,, i

(2) IPP Independent Power Producers IPP 1995 NCC(New Common Carrier NCC NTT NTT NCC NTT NTT IPP 2. IPP (3) [1] [2] IPP [2] IPP IPP [1] [2]

Vol. 45 No Web ) 3) ),5) 1 Fig. 1 The Official Gazette. WTO A

( )

Amazon EC2 IaaS (Infrastructure as a Service) HPCI HPCI ( VM) VM VM HPCI VM OS VM HPCI HPC HPCI RENKEI-PoP 2 HPCI HPCI 1 HPCI HPCI HPC CS

情報セキュリティの現状と課題

<95DB8C9288E397C389C88A E696E6462>

Zurich, CH Brussels, BE Wrocław, PO Toronto, CA Ottawa, CA Herzliya, IL Almaden, US Boulder, US Detroit, US TJ Watson, US Tokyo, JP Tokyo, JP Atlanta,

MRI | 所報 | 分権経営の進展下におけるグループ・マネジメント


ñ{ï 01-65

GGF6 参加報告 担当者 : 建部修見 ( 産総研 ) JPGRID-GGF0204 会員限定 AREA 内容状況 終了 Group 新設 Group DATA 現状でファイル転送 複製管理 永続的データ管理 データベースアクセスグリッドサービスのグループが存在する ファイル転送では GridFT

untitled

AirMac ネットワーク for Windows

untitled


IPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra

FY05-KOM 生産技術部 2005/4/20

AirMac ネットワーク構成の手引き

Web ( ) [1] Web Shibboleth SSO Web SSO Web Web Shibboleth SAML IdP(Identity Provider) Web Web (SP:ServiceProvider) ( ) IdP Web Web MRA(Mail Retrieval

eTA案内_ 完成TZ

はじめに

untitled

No.7, (2006) A Survey of Legislation Regarding Environmental Information in Europe and Japan IWATA Motokazu Nihon University, Graduate School of

Cisco® ASA シリーズルーター向けDigiCert® 統合ガイド

,,, J-SOX ISMS PCIDSS,, IM/VoIP/VoD Copyright 2008 Juniper Networks, Inc. 2

Tab 5, 11 Tab 4, 10, Tab 3, 9, 15Tab 2, 8, 14 Tab 1, 7, 13 2

Zurich, CH Brussels, BE Wrocław, PO Toronto, CA Ottawa, CA Herzliya, IL Almaden, US Detroit, US Tokyo, JP Boulder, US TJ Watson, US Tokyo, JP Atlanta,

IPSJ SIG Technical Report Vol.2014-IOT-27 No.14 Vol.2014-SPT-11 No /10/10 1,a) 2 zabbix Consideration of a system to support understanding of f

外国語学部 紀要30号(横書)/03_菊地俊一

Win XP SP3 Japanese Ed. NCP IPSec client Hub L3 SW SRX100 Policy base VPN fe-0/0/0 vlan.0 Win 2003 SVR /

YC41S213.ec Jpn Pharmacol Ther vol. 41 supplement 2013 A Proposal for Optimization of Clinical Trial by Central Monitoring System Consolidat


橡CoreTechAS_OverView.PDF

Table 1 Utilization of Data for River Water Table 2 Utilization of Data for Groundwater Quality Analysis5,6,9,10,13,14) Quality Analysis5-13) Fig. 1 G

バーゼル4

DOUSHISYA-sports_R12339(高解像度).pdf

Microsoft Word - Win-Outlook.docx

Plan of Talk CAS CAS 2 CAS Single Sign On CAS CAS 2 CAS Aug. 19, 2005 NII p. 2/32

I. Opal SSC 1. Opal SSC 2. Opal Storage 3. Opal Storage MBR Shadowing 6. SP II. TCG Opal SSC HDD 9. Opal SSC HDD *1. TCG: Trusted Computin

APUにおける国際化と課題

2

Web-ATMによる店舗向けトータルATMサービス

セキュリティ関連XML規格の紹介

untitled

Cisco WebEx ホワイトペーパー: リアルタイムコラボレーションのパワーを解き放つ: Cisco WebEx ソリューションのセキュリティ概要

LAN LAN LAN LAN LAN LAN,, i

Liberty for XML cons

IP IPv4-IPv6

untitled

-October TPP ASEAN RCEP TPP MV Islamic State, IS EU EU EU EU EU


日本オラクルのSOA戦略

<Insert Picture Here> Oracle Business Intelligence 2006/6/27

はじめに

アニュアルレポート2003

橡sit nakai-ppt

Contents Logging in 3-14 Downloading files from e-ijlp 15 Submitting files on e-ijlp Sending messages to instructors Setting up automatic

Transcription:

National Institute of Advanced Industrial Science and Techlogy International Grid Trust Federation 1

National Institute of Advanced Industrial Science and Techlogy Three key functions in a Grid security model Multiple security mechanisms VO Dynamic creation of services Dynamic establishment of trust domains VO (trust domain) trust domain Von Welch, et.al., Security for Grid Services, HPDC-12, 2003 2

Security Challenges in a Grid Environment The Integration Challenge The Interoperability Challenge Hosting Environment interoperatility Protocol level (SOAP/HTTP) Policy level (party) Identity level Identity Identity Identity Credential Nataraj Nagaratnam, et.al., Security Architecture for Open Grid Services GWD-I (draft-ggf-ogsa-sec-arch-01) Security Challenges in a Grid Environment The Trust Relationship Challenge Identity and authorization identity, privilege Policy enforcement Assurance level discovery Privacy, virus protection, firewall usage, VPN, etc. Policy composition Delegation Nataraj Nagaratnam, et.al., Security Architecture for Open Grid Services GWD-I (draft-ggf-ogsa-sec-arch-01) 3

National Institute of Advanced Industrial Science and Techlogy GSI: Grid Security Infrastructure ( PKI X.509 X.509 SSL protocol WS-Security X.509 Proxy X.509(RFC3820) 4

Proxy Subject DN Issuer () Digital Signature grid-proxy-init Proxy Subject DN/Proxy Issuer ( ) Digital Signature Subject DN Issuer () Digital Signature GSI Proxy (globus ) grid-proxy-init grid-proxy-init Proxy Proxy Proxydelegation single sign on 5

Proxy Single Sign On + Delegation Globus Toolkit My Proxy Grid Portal Proxy ProxyAuthentication & delegation (by Globus Alliance) Globus World 2005 Web Gridshib, XACML PURSE, MyProxy, One-Time PW Auth & Key exchange GGF14 OGSA AuthZ WG SAML Authorization Trusted Computing RG TCG Firewall Issues RG OPs International Grid Trust Federation (ITGF) 6

Grid-Shibboleth Integration: A Policy Controlled Attribute Framework (Von Welch, Globus Alliance) NMI 2 2004 12 Shibboleth Grid(GT4) Grid(GT4) Internet2 Shibboleth SAML X.509 Identity SAML X.509 Pull Model Globus Services Shibboleth GT4.x WS Pre-WS Push Model Shibboleth VOMS S 2005 First Release (GT4.2?) Access Control for the Grid: XACML (Anne Anderson, Sun) XACML (extensible( Access Control Markup Language) XACML OASIS standard Open source implementations by Sun Microsystems Globus Toolkit will ship with XACML runtime by ANL ANL GT4.0 GT4.2 or later 7

Portal-based Authorization Solution for the Earth System Grid SciDAC Project (Veronika Nefedova, ANL) DOE Earthsystem Grid PURSE (Portal-based User Registration Service) MyProxy Web Long Lived MyProxy MyProxy ESG external GridFTP access Portal PortalURL SAML Assertion S MyProxyProxy SAML Assertion Proxy S-enabled GridFTP Using the MyProxy Online Credential Repository (Jim Besney, NCSA) MyProxy PURSE (Portal-based User Registration Service) Long Lived Short Lived Proxy MyProxy + SASL OTP MyProxy Password Kerberos ticket MyProxy Password 8

Secure (One-Time-) Password Authentication for the Globus Toolkit (Olivier Chevassut, LBNL) Long LivedData Center Data Center short lived OTP One-Time Password authentication and Key Exchange (OPKeyX) One Time Password Globus OPKeyX Transport Layer OPKeyX TSL OPKeyX OPKeyX WS-SecureConversation Virtual Machines as Virtual Resources on the Grid (Kate Kathey, ANL) VM VM GRAM VM Xen VM VM 9

SAML, XACML Web Proxy Single Sign On, Delegation Authorization Long Lived OTP VM International Grid Trust Federation National Institute of Advanced Industrial Science and Techlogy 10

/ X.509 X.509PKI 11

multi PKI domain Cross Certification, Cross Recognition, Bridged Pros/Cons HSM. Policy Management Authority (PMA) PMA (Policy Management Authority PMA PMA International Grid Policy Management Authority (http://www.gridpma.org) The goal of the Grid PMA will be to harmonize these various PMAs policies to allow for a global trust relationship to be established European Grid PMA Asia Pacific Grid PMA Americas Grid PMAs DOE Grids Grid Canada NCSA Alliance NASA IPG Grid PMA PMA 12

PMA PMA PMA EUGrid PMA (established May 2004) Former: EUDG WP6 Coordination Group (started in 2002) TAG PMA (going to be established) Former: DOEGrid PMA (started in 2002) APGrid PMA (established June 2004) Ufficially started in 2003 PMA PMA Regional PMA PMA PMA PMA 13

International Grid Trust Federation (IGTF) GGF OPs WG GGF7@Tokyo, March 2003 First meeting with EU, DOE, and AP members Agreed with working on forming the Grid PMA. develop minimum requirements develop GridPMA charter 2004 9 DOEGrid PMA, EUGrid PMA, APGrid PMA PMA 2005 3 PMA International Grid Trust Federation APGrid PMA 2005 5 IGTF/PMA Can EGEE trust your? How is the procedure for reviewing/accrediting your? Does your need to be reviewed by individual organizations in EGEE? If the other in Asia wish to be trusted by EGEE, is separate review necessary? APGridPMA will accredit your. EGEE does t need to review/accredit your. Can your organization trust s in EGEE? How is the procedure for reviewing? Do you need to review all s in EGEE? EUGridPMA will accredit s. Both you and APGridPMA do t need to review/accredit s in EGEE. If you will launch a new that is expected to be trusted by organizations in EGEE, how should you design policy and practices of your? APGrid PMA provides minimum requirements. 14

APGrid PMA: Asia Pacific Grid PMA PMA 2004 6 1 Minimum requirements APGrid PMA Experimental-level Production-level APGridPMA: Status (Members and s) Affiliation Name Production Experimental LCG? AIST / Japan Yoshio Tanaka will close ASCC / Taiwan Eric Yen ne yes KISTI / Korea Jae-Hyuck Kwak yes S / China Kai Nan IHEP / China Gonxing Sun CP under review ne yes VPAC/Australia Damon Smith planning yes NCHC / Taiwan Julian Yu-Chung Chen planning Osaka U / Japan Susumu Date planning SDSC / USA Mason Katz plan planning HKU / HongKong Chen Lin, Elaine plan U of Hyd / India Arun Agarwal plan USM / Malaysia Boon Yaik plan BII / Singapore Kishore Sakharkar plan NAREGI 15

IGTF OPs WG Charter Federation APGrid PMA, EUGrid PMA, TAGPMA IGTF PMA PMA 8Charter (EUGrid PMA RPM IGTF-PMA@gridpma.org IGTF-General@gridpma.org IGTF ChairPMA PMA RPM PMA PMA PMA PMA CRL minimum requirements 16

Summary EUGrid PMA TAG PMA APGrid PMA APGridPMA is a coordination body of policies in Asia Pacific. APGridPMA is collaborating with EUGrid PMA and TAGPMA for International Grid Trust Federation. More Information APGrid PMA http://www.apgridpma.org/ EUGrid PMA http://www.eugridpma.org/ TAGPMA http://www.tagpma.org/ GridPMA http://www.gridpma.org/ ApGrid http://www.apgrid.org/ PRAGMA http://www.pragma-grid.net/ GTRC/AIST http://www.gtrc.aist.go.jp/ My email address yoshio.tanaka@aist.go.jp 17

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック