SlideShare ist ein Scribd-Unternehmen logo

Privilege Project Vikram Andem

Als PPT, PDF herunterladen
Information Security Awareness Group
Information Security Awareness Group

Privilege Project Vikram Andem

TechnologieBildung
1 von 10
MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Project Recent Updates MWSG Meeting June 5-6, 2006 Stanford Linear Accelerator Laboratory Vikram Reddy Andem 1 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Where does Privilege fit in Grid Services Privilege Infrastructure Naturally fits Here. 2 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Project Goals The primary goal of the project was to deliver the execution call-out for finer-grained authorization of processing resources 3 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture – Compute Element Proposed architecture (Dane Skow, Markus Lorch, Ian Fisk) 04//2004 Vikram Reddy Andem, Fermilab Privilege Management 4 June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture (continued) VOMS Execution site Compute Element Gatekeeper GRAM gridFTP PRIMA SAZ site GUMS Server Storage Element SRM/ dCache gPLAZMA Storage Authorization Service 5 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Project Achievements • Privilege has delivered an infrastructure that has been deployed on OSG - The authorization system has been deployed on all CMS-T2 centers, the T1 at FNAL, FermiGrid, BNL, etc. - CMS and ATLAS have defined roles that can be implemented within VOMS - VOMS extended proxy is parsed by the callout and given to GUMS for authentication • The release for the pre-web service globus-gatekeeper callout is stable - Relatively light operations support - A couple of tickets a month, so far rapidly solved 6 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Recent Advances and News • Prima Web services callout for GT4 has been developed and is currently distributed with VDT 1.3.9 • Prima 64-bit callout version has been developed and is currently distributed with VDT 1.3.9 • As a part of the Policy, Publication and Trust Project we delivered - VO Policy Template for Open Science Grid - Site Policy Template for Open Science Grid • Transition of Privilege Project leadership (Gabriele Garzoglio) - gPLAZMA (Abhishek Rana, UCSD / Ted Hesselroth, FNAL) - GUMS (John Hover, BNL) - PRIMA (Vikram Andem) - SAZ (Valery Sergeev, FNAL) - SRM/d-Cache (DESY/FNAL teams) - VOMS (INFN team, Italy) • Working with Igor Sfiligoi (INFN) on Glexec SAML callout to GUMS 7 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Current Activities • Support PRIMA and GUMS code for 32/64 bits for GT2 and GT4 for CMS T1&2 + OSG VO (best effort) (50% Vikram) • Deploy and support gPlazma infrastructure for CMS Tier 1&2 (important for SRM v2 deployment) (50% Ted for 3 mo) • Fix GUMS memory management problems (John Hover et al.: up to .5 FTE for 3 weeks) • Stress test of the GT4 PRIMA call-out (John W.: 5 FTE days) • Integration of gLexec with Privilege (8.5 FTE weeks) • Integrate GUMS with a monitoring/alarm infrastructure (.2 FTE/2 mo) 8 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Future Plans – Ideas ? • Simplify / Aggregate architecture - Update communication protocols (from extended SAML v1.1 to SAML v2.0) - Improve PRIMA build process • Publication of role-based privilege policy (with EGEE) • Extend privilege enforcing to network management • Long term directions - Investigate direct DN rights enforcement (no UID mapping) - Integrate Privilege Project with Policy Discovery Services 9 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Questions ? 10 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

Empfohlen

Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Information Security Awareness Group
 
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...Information Security Awareness Group
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...Information Security Awareness Group
 
Big data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceBig data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceInformation Security Awareness Group
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Information Security Awareness Group
 
A Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy Andem
A Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy AndemA Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy Andem
A Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy AndemInformation Security Awareness Group
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,Information Security Awareness Group
 
Jozi-JUG JDK 9 Unconference
Jozi-JUG JDK 9 UnconferenceJozi-JUG JDK 9 Unconference
Jozi-JUG JDK 9 UnconferenceHeather VanCura
 

Empfohlen

Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Information Security Awareness Group
 
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...Information Security Awareness Group
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...Information Security Awareness Group
 
Big data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceBig data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceInformation Security Awareness Group
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Information Security Awareness Group
 
A Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy Andem
A Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy AndemA Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy Andem
A Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy AndemInformation Security Awareness Group
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,Information Security Awareness Group
 
Jozi-JUG JDK 9 Unconference
Jozi-JUG JDK 9 UnconferenceJozi-JUG JDK 9 Unconference
Jozi-JUG JDK 9 UnconferenceHeather VanCura
 
The Pacific Research Platform
The Pacific Research PlatformThe Pacific Research Platform
The Pacific Research PlatformLarry Smarr
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriSafe Software
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...Safe Software
 
Join the Java Evolution Portland Oregon
Join the Java Evolution Portland OregonJoin the Java Evolution Portland Oregon
Join the Java Evolution Portland OregonHeather VanCura
 
Esri ArcGIS Federal
Esri ArcGIS FederalEsri ArcGIS Federal
Esri ArcGIS FederalHarsh Prakash (AWS, Azure, Security+, Agile, PMP, GISP)
 
Fast radio follow-up of GRBs
Fast radio follow-up of GRBsFast radio follow-up of GRBs
Fast radio follow-up of GRBsTim Staley
 
OGCE RT Rroject Review
OGCE RT Rroject ReviewOGCE RT Rroject Review
OGCE RT Rroject Reviewmarpierc
 
OGCE Review for Indiana University Research Technologies
OGCE Review for Indiana University Research TechnologiesOGCE Review for Indiana University Research Technologies
OGCE Review for Indiana University Research Technologiesmarpierc
 
Indiana University's Advanced Science Gateway Support
Indiana University's Advanced Science Gateway SupportIndiana University's Advanced Science Gateway Support
Indiana University's Advanced Science Gateway Supportmarpierc
 
Systems Engineering Update - Dr. Ron Sega
Systems Engineering Update - Dr. Ron SegaSystems Engineering Update - Dr. Ron Sega
Systems Engineering Update - Dr. Ron SegaINCOSE Colorado Front Range Chapter
 
awards competences talks
awards competences talksawards competences talks
awards competences talksStefano Colafranceschi
 
六合彩,香港六合彩
六合彩,香港六合彩六合彩,香港六合彩
六合彩,香港六合彩bwsibh
 
香港六合彩
香港六合彩香港六合彩
香港六合彩dsageg
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShareirglygks
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩dscvsj
 
香港六合彩|六合彩
香港六合彩|六合彩香港六合彩|六合彩
香港六合彩|六合彩twieat
 
香港六合彩
香港六合彩香港六合彩
香港六合彩vbmlrn
 
Join the Java Evolution Columbus Ohio
Join the Java Evolution Columbus OhioJoin the Java Evolution Columbus Ohio
Join the Java Evolution Columbus OhioHeather VanCura
 
F1041028_George_Chen_Resume_9_with_Publications_Training
F1041028_George_Chen_Resume_9_with_Publications_TrainingF1041028_George_Chen_Resume_9_with_Publications_Training
F1041028_George_Chen_Resume_9_with_Publications_TrainingWei-Su Chen
 
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...Big Data Week
 
Big data analysis concepts and references
Big data analysis concepts and referencesBig data analysis concepts and references
Big data analysis concepts and referencesInformation Security Awareness Group
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim PolkInformation Security Awareness Group
 

Weitere ähnliche Inhalte

Ähnlich wie Privilege Project Vikram Andem

The Pacific Research Platform
The Pacific Research PlatformThe Pacific Research Platform
The Pacific Research PlatformLarry Smarr
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriSafe Software
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...Safe Software
 
Join the Java Evolution Portland Oregon
Join the Java Evolution Portland OregonJoin the Java Evolution Portland Oregon
Join the Java Evolution Portland OregonHeather VanCura
 
Fast radio follow-up of GRBs
Fast radio follow-up of GRBsFast radio follow-up of GRBs
Fast radio follow-up of GRBsTim Staley
 
OGCE RT Rroject Review
OGCE RT Rroject ReviewOGCE RT Rroject Review
OGCE RT Rroject Reviewmarpierc
 
OGCE Review for Indiana University Research Technologies
OGCE Review for Indiana University Research TechnologiesOGCE Review for Indiana University Research Technologies
OGCE Review for Indiana University Research Technologiesmarpierc
 
Indiana University's Advanced Science Gateway Support
Indiana University's Advanced Science Gateway SupportIndiana University's Advanced Science Gateway Support
Indiana University's Advanced Science Gateway Supportmarpierc
 
六合彩,香港六合彩
六合彩,香港六合彩六合彩,香港六合彩
六合彩,香港六合彩bwsibh
 
香港六合彩
香港六合彩香港六合彩
香港六合彩dsageg
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShareirglygks
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩dscvsj
 
香港六合彩|六合彩
香港六合彩|六合彩香港六合彩|六合彩
香港六合彩|六合彩twieat
 
香港六合彩
香港六合彩香港六合彩
香港六合彩vbmlrn
 
Join the Java Evolution Columbus Ohio
Join the Java Evolution Columbus OhioJoin the Java Evolution Columbus Ohio
Join the Java Evolution Columbus OhioHeather VanCura
 
F1041028_George_Chen_Resume_9_with_Publications_Training
F1041028_George_Chen_Resume_9_with_Publications_TrainingF1041028_George_Chen_Resume_9_with_Publications_Training
F1041028_George_Chen_Resume_9_with_Publications_TrainingWei-Su Chen
 
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...Big Data Week
 

Ähnlich wie Privilege Project Vikram Andem (20)

The Pacific Research Platform
The Pacific Research PlatformThe Pacific Research Platform
The Pacific Research Platform
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & Esri
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
 
Join the Java Evolution Portland Oregon
Join the Java Evolution Portland OregonJoin the Java Evolution Portland Oregon
Join the Java Evolution Portland Oregon
 
Esri ArcGIS Federal
Esri ArcGIS FederalEsri ArcGIS Federal
Esri ArcGIS Federal
 
Fast radio follow-up of GRBs
Fast radio follow-up of GRBsFast radio follow-up of GRBs
Fast radio follow-up of GRBs
 
OGCE RT Rroject Review
OGCE RT Rroject ReviewOGCE RT Rroject Review
OGCE RT Rroject Review
 
OGCE Review for Indiana University Research Technologies
OGCE Review for Indiana University Research TechnologiesOGCE Review for Indiana University Research Technologies
OGCE Review for Indiana University Research Technologies
 
Indiana University's Advanced Science Gateway Support
Indiana University's Advanced Science Gateway SupportIndiana University's Advanced Science Gateway Support
Indiana University's Advanced Science Gateway Support
 
Systems Engineering Update - Dr. Ron Sega
Systems Engineering Update - Dr. Ron SegaSystems Engineering Update - Dr. Ron Sega
Systems Engineering Update - Dr. Ron Sega
 
awards competences talks
awards competences talksawards competences talks
awards competences talks
 
六合彩,香港六合彩
六合彩,香港六合彩六合彩,香港六合彩
六合彩,香港六合彩
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩
 
香港六合彩|六合彩
香港六合彩|六合彩香港六合彩|六合彩
香港六合彩|六合彩
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
Join the Java Evolution Columbus Ohio
Join the Java Evolution Columbus OhioJoin the Java Evolution Columbus Ohio
Join the Java Evolution Columbus Ohio
 
F1041028_George_Chen_Resume_9_with_Publications_Training
F1041028_George_Chen_Resume_9_with_Publications_TrainingF1041028_George_Chen_Resume_9_with_Publications_Training
F1041028_George_Chen_Resume_9_with_Publications_Training
 
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
 

Mehr von Information Security Awareness Group

Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...Information Security Awareness Group
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Information Security Awareness Group
 
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...Information Security Awareness Group
 
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...Information Security Awareness Group
 
Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun Li
Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun LiDigital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun Li
Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun LiInformation Security Awareness Group
 

Mehr von Information Security Awareness Group (20)

Big data analysis concepts and references
Big data analysis concepts and referencesBig data analysis concepts and references
Big data analysis concepts and references
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene Itkis
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...
 
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
 
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
 
THE OPEN SCIENCE GRID Ruth Pordes
THE OPEN SCIENCE GRID Ruth PordesTHE OPEN SCIENCE GRID Ruth Pordes
THE OPEN SCIENCE GRID Ruth Pordes
 
Open Science Grid security-atlas-t2 Bob Cowles
Open Science Grid security-atlas-t2 Bob CowlesOpen Science Grid security-atlas-t2 Bob Cowles
Open Science Grid security-atlas-t2 Bob Cowles
 
Security Open Science Grid Doug Olson
Security Open Science Grid Doug OlsonSecurity Open Science Grid Doug Olson
Security Open Science Grid Doug Olson
 
Open Science Group Security Kevin Hill
Open Science Group Security Kevin HillOpen Science Group Security Kevin Hill
Open Science Group Security Kevin Hill
 
Xrootd proxies Andrew Hanushevsky
Xrootd proxies Andrew HanushevskyXrootd proxies Andrew Hanushevsky
Xrootd proxies Andrew Hanushevsky
 
DES Block Cipher Hao Qi
DES Block Cipher Hao QiDES Block Cipher Hao Qi
DES Block Cipher Hao Qi
 
Cache based side_channel_attacks Anestis Bechtsoudis
Cache based side_channel_attacks Anestis BechtsoudisCache based side_channel_attacks Anestis Bechtsoudis
Cache based side_channel_attacks Anestis Bechtsoudis
 
Rakesh kumar srirangam
Rakesh kumar srirangamRakesh kumar srirangam
Rakesh kumar srirangam
 
Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun Li
Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun LiDigital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun Li
Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun Li
 
Proxy cryptography Anca-Andreea Ivan , Yevgeniy Dodis
Proxy cryptography Anca-Andreea Ivan , Yevgeniy DodisProxy cryptography Anca-Andreea Ivan , Yevgeniy Dodis
Proxy cryptography Anca-Andreea Ivan , Yevgeniy Dodis
 
Quan nguyen symmetric versus asymmetric cryptography
Quan nguyen symmetric versus asymmetric cryptographyQuan nguyen symmetric versus asymmetric cryptography
Quan nguyen symmetric versus asymmetric cryptography
 
Elliptic curvecryptography Shane Almeida Saqib Awan Dan Palacio
Elliptic curvecryptography Shane Almeida Saqib Awan Dan PalacioElliptic curvecryptography Shane Almeida Saqib Awan Dan Palacio
Elliptic curvecryptography Shane Almeida Saqib Awan Dan Palacio
 

Kürzlich hochgeladen

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 

Privilege Project Vikram Andem

  • 1. MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Project Recent Updates MWSG Meeting June 5-6, 2006 Stanford Linear Accelerator Laboratory Vikram Reddy Andem 1 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 2. MWSG Meeting, Stanford Linear Accelerator Laboratory Where does Privilege fit in Grid Services Privilege Infrastructure Naturally fits Here. 2 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 3. MWSG Meeting, Stanford Linear Accelerator Laboratory Project Goals The primary goal of the project was to deliver the execution call-out for finer-grained authorization of processing resources 3 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 4. MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture – Compute Element Proposed architecture (Dane Skow, Markus Lorch, Ian Fisk) 04//2004 Vikram Reddy Andem, Fermilab Privilege Management 4 June 06, 2006
  • 5. MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture (continued) VOMS Execution site Compute Element Gatekeeper GRAM gridFTP PRIMA SAZ site GUMS Server Storage Element SRM/ dCache gPLAZMA Storage Authorization Service 5 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 6. MWSG Meeting, Stanford Linear Accelerator Laboratory Project Achievements • Privilege has delivered an infrastructure that has been deployed on OSG - The authorization system has been deployed on all CMS-T2 centers, the T1 at FNAL, FermiGrid, BNL, etc. - CMS and ATLAS have defined roles that can be implemented within VOMS - VOMS extended proxy is parsed by the callout and given to GUMS for authentication • The release for the pre-web service globus-gatekeeper callout is stable - Relatively light operations support - A couple of tickets a month, so far rapidly solved 6 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 7. MWSG Meeting, Stanford Linear Accelerator Laboratory Recent Advances and News • Prima Web services callout for GT4 has been developed and is currently distributed with VDT 1.3.9 • Prima 64-bit callout version has been developed and is currently distributed with VDT 1.3.9 • As a part of the Policy, Publication and Trust Project we delivered - VO Policy Template for Open Science Grid - Site Policy Template for Open Science Grid • Transition of Privilege Project leadership (Gabriele Garzoglio) - gPLAZMA (Abhishek Rana, UCSD / Ted Hesselroth, FNAL) - GUMS (John Hover, BNL) - PRIMA (Vikram Andem) - SAZ (Valery Sergeev, FNAL) - SRM/d-Cache (DESY/FNAL teams) - VOMS (INFN team, Italy) • Working with Igor Sfiligoi (INFN) on Glexec SAML callout to GUMS 7 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 8. MWSG Meeting, Stanford Linear Accelerator Laboratory Current Activities • Support PRIMA and GUMS code for 32/64 bits for GT2 and GT4 for CMS T1&2 + OSG VO (best effort) (50% Vikram) • Deploy and support gPlazma infrastructure for CMS Tier 1&2 (important for SRM v2 deployment) (50% Ted for 3 mo) • Fix GUMS memory management problems (John Hover et al.: up to .5 FTE for 3 weeks) • Stress test of the GT4 PRIMA call-out (John W.: 5 FTE days) • Integration of gLexec with Privilege (8.5 FTE weeks) • Integrate GUMS with a monitoring/alarm infrastructure (.2 FTE/2 mo) 8 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 9. MWSG Meeting, Stanford Linear Accelerator Laboratory Future Plans – Ideas ? • Simplify / Aggregate architecture - Update communication protocols (from extended SAML v1.1 to SAML v2.0) - Improve PRIMA build process • Publication of role-based privilege policy (with EGEE) • Extend privilege enforcing to network management • Long term directions - Investigate direct DN rights enforcement (no UID mapping) - Integrate Privilege Project with Policy Discovery Services 9 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 10. MWSG Meeting, Stanford Linear Accelerator Laboratory Questions ? 10 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006