SlideShare une entreprise Scribd logo

CILogon and InCommon: Technical Update

J
jbasney

A technical update on CILogon (cilogon.org) and InCommon (incommon.org), which enable federated authentication to Globus, XSEDE, and other research services. Topics include: 1) growing support for the Research and Scholarship Category in InCommon and the world, 2) Identifier-Only Trust Assurance (IOTA) in the Interoperable Global Trust Federation (igtf.net), 3) obtaining X.509 server certificates from the InCommon IGTF Server CA, and 4) keeping current with security standards (e.g., OpenID Connect, SHA-2, TLS 1.2). Presented at GlobusWorld 2015 (www.globusworld.org).

Technologie
1  sur  15
Télécharger pour lire hors ligne
CILogon and InCommon: Technical Update Jim Basney <jbasney@ncsa.illinois.edu> This material is based upon work supported by the National Science Foundation under grant numbers 0943633 and 1053575 and by the Department of Energy under award number DE-SC0008597. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.
CILogon – https://cilogon.org/ •  Provides personal digital certificates for access to cyberinfrastructure •  Uses federated authentication for user identification
Federated Authentication •  Log on to CILogon using your campus (InCommon) or Google (OpenID) account
Integrated with Globus
Integrated with XSEDE www.cilogon.org/xsede
Integrated with Campus
Bridging InCommon and IGTF •  Translating mechanism and policy across higher education and grid trust federations !"#$%"&'()*+& & !"#$%%&'()*'(#$+*,-&).'/#0&-1#23#%-+4*&)'/#$4(#'%-4-1)%#&'5)-4/#
100+ InCommon Research and Scholarship Identity Providers Arizona State University Boston University Brookhaven National Laboratory Brown University California Institute of Technology California State Polytechnic University, Pomona California State University, Fresno California State University, Fullerton Carleton College Carnegie Mellon University Clemson University Colorado School of Mines Colorado State University Columbia University Cornell University Florida International University George Mason University Georgia Institute of Technology GPN (Great Plains Network) Indiana University Indiana University of Pennsylvania Internet2 Iowa State University Johns Hopkins Kansas State University Lawrence Berkeley National Laboratory Lehigh University LIGO Scientific Collaboration Louisiana State University LTERN (Long Term Ecological Research Network) Massachusetts Institute of Technology Montana State University - Bozeman New York University North Carolina State University Northwestern University Ohio State University Ohio Technology Consortium (OH-TECH) Oregon State University Pomona College Purdue University Main Campus Reed College Rice University Rockefeller University Rutgers, The State University of New Jersey San Diego State University Southern Illinois University Southern Methodist University Stevens Institute of Technology Stony Brook University Syracuse University Texas A & M University The University of Arizona Towson University Tufts University University At Albany, State University of New York University of Alabama at Birmingham University of Alaska Statewide System University of Arkansas University of California, Davis University of California, San Francisco University of California, Santa Cruz University of California-Irvine University of California-Los Angeles University of Central Florida University of Chicago University of Cincinnati Main Campus University of Colorado at Boulder University of Dayton University of Florida University of Hawaii University of Houston Libraries University of Illinois at Chicago University of Illinois At Springfield University of Illinois at Urbana-Champaign University of Iowa University of Kansas University of Maryland Baltimore University of Maryland Baltimore County University of Maryland College Park University of Massachusetts Amherst University of Michigan University of Minnesota University of Missouri System University of Nebraska-Lincoln University of North Carolina at Chapel Hill University of Oregon University of Pennsylvania University of Pittsburgh University of South Florida University of Southern California University of Utah University of Vermont University of Virginia University of Washington University of Wisconsin-Madison University of Wisconsin-Milwaukee Utah State University Utah Valley University Vanderbilt University Virginia Polytechnic Institute and State University Weill Cornell Medical College West Virginia University Western Michigan University Wheaton College (MA) Yale University id.incommon.org/category/research-and-scholarship
International Federation: eduGAIN
International R&S: REFEDS
Multiple Levels of Assurance •  CILogon Silver CA –  InCommon Silver IDs –  IGTF accredited February 2011 •  CILogon Basic CA –  “Basic” InCommon IDs –  IGTF accredited June 2014 •  Google Authenticator provides second authentication factor
InCommon IGTF Server CA
Security Updates SHA-1 SSL OAuth 1.0 OpenID 2.0 SHA-2 TLS OAuth 2.0 OpenID Connect
Fifteen years of securing cyberinfrastructure 2000 20102001 2002 2003 2004 2005 2006 2007 2008 2009 October 2001 Support for certificate- based authentication added by Daniel Kouril and Miroslav Ruda for the European DataGrid project. December 2001 MyProxy version 0.4.1 was released, adding support for Globus Toolkit 2.0. July 2002 NSF Middleware Initiative MyProxy Project collaborative project with Marty Humphrey at the University of Virginia began. April 2003 The NSF Middleware Initiative (NMI) issued its third software release, the first NMI release to include MyProxy. April 2004 Condor-G 6.7.0 was released, including support for managing credentials with MyProxy. October 2005 MyProxy used in LTER Grid demonstration. TeraGrid '06 "Managing Credentials on the TeraGrid with MyProxy" February 2007 Inca 2.0 was released with support for MyProxy. February 2009 MyProxy passed independent vulnerability assessment. June 2009 CILogon project started. September 2009 New CILogon Service provided bridge between InCommon and Grid authentication. MyProxy is part of the Globus Toolkit and is included in Fedora and Debian Linux operating system package repositories. MyProxy is used by many grid projects including CILogon, OSG, and XSEDE. February 2006 GridShib-CA was released, demonstrating MyProxy use with InCommon. July 2003 MyProxy was used in the NEESgrid MOST experiment. MyProxy was funded primarily by: via NLANR NSF Middleware Initiative NCSA Core Award TeraGrid STCI Core MyProxy Team at NCSA (current and past): Jim Basney (lead) Bill Baker Randy Butler Shiva Shankar Chetan Patrick Duda Mike Freemon Terry Fleury Zhenmin Li Jason Novotny Venkat Yekkirala Von Welch MyProxy Community Collaborators and Contributors: Jarek Gawor (ANL) Monte Goode (LBNL) Marty Humphrey (UVa) Daniel Kouril (CESNET, CZ) Alexandre Lossent (CERN) Neill Miller (ANL) Miroslav Ruda (CESNET/EGEE) Steve Traylen (CERN/EGEE) Benjamin Temko (IU) Steven Tuecke (ANL) Naotaka Yamamoto (AIST) April 2000 MyProxy 0.1 was released. November 2000 A web-based grid portal using MyProxy for authentication debuted at SC2000. June 2008 NERSC deployed authentication for their Grid resources using MyProxy CA. September 2006 NVO used MyProxy with PubCookie for web single sign-on. September 2005 ESG used PURSE, built on MyProxy, for user authentication. May 2005 FusionGrid deployed replicated MyProxy for grid portals and credential renewal. August 2006 MyProxy 3.6 was released, including support for VOMS authorization. September 2005 MyProxy 3.0 was released, with contribution from LBNL adding certificate authority capability. October 2014 MyProxy 6.1 was released. This was the 61st release of MyProxy. 20152011 2012 2013 2014 February 2012 OAuth for MyProxy v1.0 was released, providing an OAuth- compliant web interface to MyProxy. November 2011 Globus Online supported OAuth interface to XSEDE MyProxy server. June 2012 "An Online Credential Repository for the Grid: MyProxy" was selected as one of the best papers of the IEEE HPDC conference's 20 years. June 2013 OAuth for MyProxy passed independent vulnerability assessment. September 2014 Globus Toolkit 6.0 included MyProxy 6.0. January 2015 CILogon Service passed XSEDE acceptance tests.
Thanks! jbasney@ncsa.illinois.edu @JimBasney

Recommandé

презентациякитай
презентациякитайпрезентациякитай
презентациякитайnasten4ik_29
 
Module 2
Module 2Module 2
Module 2shakyra90
 
Getting Social With Social: Using social media education to build relationshi...
Getting Social With Social: Using social media education to build relationshi...Getting Social With Social: Using social media education to build relationshi...
Getting Social With Social: Using social media education to build relationshi...Lindsay Nyquist
 
Prabhav services inc
Prabhav services incPrabhav services inc
Prabhav services inchiren2012
 
Commissione pariopportunitalmaschile
Commissione pariopportunitalmaschileCommissione pariopportunitalmaschile
Commissione pariopportunitalmaschileFrancesco Eterno
 
CILogon 2.0 at 2016 Internet2 Global Summit
CILogon 2.0 at 2016 Internet2 Global SummitCILogon 2.0 at 2016 Internet2 Global Summit
CILogon 2.0 at 2016 Internet2 Global Summitjbasney
 
FeduShare TechEx15
FeduShare TechEx15FeduShare TechEx15
FeduShare TechEx15jbasney
 
European coffee-shops
European coffee-shopsEuropean coffee-shops
European coffee-shopsJuan Marín
 

Recommandé

презентациякитай
презентациякитайпрезентациякитай
презентациякитайnasten4ik_29
 
Module 2
Module 2Module 2
Module 2shakyra90
 
Getting Social With Social: Using social media education to build relationshi...
Getting Social With Social: Using social media education to build relationshi...Getting Social With Social: Using social media education to build relationshi...
Getting Social With Social: Using social media education to build relationshi...Lindsay Nyquist
 
Prabhav services inc
Prabhav services incPrabhav services inc
Prabhav services inchiren2012
 
Commissione pariopportunitalmaschile
Commissione pariopportunitalmaschileCommissione pariopportunitalmaschile
Commissione pariopportunitalmaschileFrancesco Eterno
 
CILogon 2.0 at 2016 Internet2 Global Summit
CILogon 2.0 at 2016 Internet2 Global SummitCILogon 2.0 at 2016 Internet2 Global Summit
CILogon 2.0 at 2016 Internet2 Global Summitjbasney
 
FeduShare TechEx15
FeduShare TechEx15FeduShare TechEx15
FeduShare TechEx15jbasney
 
European coffee-shops
European coffee-shopsEuropean coffee-shops
European coffee-shopsJuan Marín
 
Se 29
Se 29Se 29
Se 29Kppkp Bangil
 
A sore throat or strep throat
A sore throat or strep throatA sore throat or strep throat
A sore throat or strep throatMegan Perkins
 
Qui som
Qui somQui som
Qui somIpomea Associació
 
Tt 200 2014 tt_btc full
Tt 200 2014 tt_btc fullTt 200 2014 tt_btc full
Tt 200 2014 tt_btc fulllý Lác
 
SAML Security Contacts
SAML Security ContactsSAML Security Contacts
SAML Security Contactsjbasney
 
Washtech presentation
Washtech presentationWashtech presentation
Washtech presentationsorgho
 
Hashtags & friends
Hashtags & friendsHashtags & friends
Hashtags & friendsLindsay Nyquist
 
走出技术壁垒
走出技术壁垒走出技术壁垒
走出技术壁垒heavenhuang
 
A sore throat or strep throat
A sore throat or strep throatA sore throat or strep throat
A sore throat or strep throatMegan Perkins
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborationsjbasney
 
Sosialisasi badan
Sosialisasi badanSosialisasi badan
Sosialisasi badanKppkp Bangil
 
Diseño presentación corporativa SENTIMOTO LTD
Diseño presentación corporativa SENTIMOTO LTDDiseño presentación corporativa SENTIMOTO LTD
Diseño presentación corporativa SENTIMOTO LTDMarcel Molina Valenzuela
 
Ten ways to take your hashtags to the next level
Ten ways to take your hashtags to the next levelTen ways to take your hashtags to the next level
Ten ways to take your hashtags to the next levelLindsay Nyquist
 
Ptkp
PtkpPtkp
PtkpKppkp Bangil
 
Cybersecurity for Conservation
Cybersecurity for ConservationCybersecurity for Conservation
Cybersecurity for Conservationjbasney
 
On the farm
On the farmOn the farm
On the farmCristina Arocas
 
CILogon 2.0 MAGIC SC16
CILogon 2.0 MAGIC SC16CILogon 2.0 MAGIC SC16
CILogon 2.0 MAGIC SC16jbasney
 
CILogon 2.0 Update at TechEx 2016
CILogon 2.0 Update at TechEx 2016CILogon 2.0 Update at TechEx 2016
CILogon 2.0 Update at TechEx 2016jbasney
 
CILogon 2.0 at Oct 2017 CICI PI meeting
CILogon 2.0 at Oct 2017 CICI PI meetingCILogon 2.0 at Oct 2017 CICI PI meeting
CILogon 2.0 at Oct 2017 CICI PI meetingjbasney
 
CILogon PEARC17
CILogon PEARC17CILogon PEARC17
CILogon PEARC17jbasney
 
GENI Engineering Conference -- Ian Foster
GENI Engineering Conference -- Ian FosterGENI Engineering Conference -- Ian Foster
GENI Engineering Conference -- Ian FosterIan Foster
 
CILogon: An Integrated Identity and Access Management Platform for Science
CILogon: An Integrated Identity and Access Management Platform for ScienceCILogon: An Integrated Identity and Access Management Platform for Science
CILogon: An Integrated Identity and Access Management Platform for Sciencejbasney
 

Contenu connexe

En vedette

A sore throat or strep throat
A sore throat or strep throatA sore throat or strep throat
A sore throat or strep throatMegan Perkins
 
Tt 200 2014 tt_btc full
Tt 200 2014 tt_btc fullTt 200 2014 tt_btc full
Tt 200 2014 tt_btc fulllý Lác
 
SAML Security Contacts
SAML Security ContactsSAML Security Contacts
SAML Security Contactsjbasney
 
Washtech presentation
Washtech presentationWashtech presentation
Washtech presentationsorgho
 
走出技术壁垒
走出技术壁垒走出技术壁垒
走出技术壁垒heavenhuang
 
A sore throat or strep throat
A sore throat or strep throatA sore throat or strep throat
A sore throat or strep throatMegan Perkins
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborationsjbasney
 
Diseño presentación corporativa SENTIMOTO LTD
Diseño presentación corporativa SENTIMOTO LTDDiseño presentación corporativa SENTIMOTO LTD
Diseño presentación corporativa SENTIMOTO LTDMarcel Molina Valenzuela
 
Ten ways to take your hashtags to the next level
Ten ways to take your hashtags to the next levelTen ways to take your hashtags to the next level
Ten ways to take your hashtags to the next levelLindsay Nyquist
 
Cybersecurity for Conservation
Cybersecurity for ConservationCybersecurity for Conservation
Cybersecurity for Conservationjbasney
 

En vedette (16)

Se 29
Se 29Se 29
Se 29
 
A sore throat or strep throat
A sore throat or strep throatA sore throat or strep throat
A sore throat or strep throat
 
Qui som
Qui somQui som
Qui som
 
Tt 200 2014 tt_btc full
Tt 200 2014 tt_btc fullTt 200 2014 tt_btc full
Tt 200 2014 tt_btc full
 
SAML Security Contacts
SAML Security ContactsSAML Security Contacts
SAML Security Contacts
 
Washtech presentation
Washtech presentationWashtech presentation
Washtech presentation
 
Hashtags & friends
Hashtags & friendsHashtags & friends
Hashtags & friends
 
走出技术壁垒
走出技术壁垒走出技术壁垒
走出技术壁垒
 
A sore throat or strep throat
A sore throat or strep throatA sore throat or strep throat
A sore throat or strep throat
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
Sosialisasi badan
Sosialisasi badanSosialisasi badan
Sosialisasi badan
 
Diseño presentación corporativa SENTIMOTO LTD
Diseño presentación corporativa SENTIMOTO LTDDiseño presentación corporativa SENTIMOTO LTD
Diseño presentación corporativa SENTIMOTO LTD
 
Ten ways to take your hashtags to the next level
Ten ways to take your hashtags to the next levelTen ways to take your hashtags to the next level
Ten ways to take your hashtags to the next level
 
Ptkp
PtkpPtkp
Ptkp
 
Cybersecurity for Conservation
Cybersecurity for ConservationCybersecurity for Conservation
Cybersecurity for Conservation
 
On the farm
On the farmOn the farm
On the farm
 

Similaire à CILogon and InCommon: Technical Update

CILogon 2.0 MAGIC SC16
CILogon 2.0 MAGIC SC16CILogon 2.0 MAGIC SC16
CILogon 2.0 MAGIC SC16jbasney
 
CILogon 2.0 Update at TechEx 2016
CILogon 2.0 Update at TechEx 2016CILogon 2.0 Update at TechEx 2016
CILogon 2.0 Update at TechEx 2016jbasney
 
CILogon 2.0 at Oct 2017 CICI PI meeting
CILogon 2.0 at Oct 2017 CICI PI meetingCILogon 2.0 at Oct 2017 CICI PI meeting
CILogon 2.0 at Oct 2017 CICI PI meetingjbasney
 
CILogon PEARC17
CILogon PEARC17CILogon PEARC17
CILogon PEARC17jbasney
 
GENI Engineering Conference -- Ian Foster
GENI Engineering Conference -- Ian FosterGENI Engineering Conference -- Ian Foster
GENI Engineering Conference -- Ian FosterIan Foster
 
CILogon: An Integrated Identity and Access Management Platform for Science
CILogon: An Integrated Identity and Access Management Platform for ScienceCILogon: An Integrated Identity and Access Management Platform for Science
CILogon: An Integrated Identity and Access Management Platform for Sciencejbasney
 
Slides CapTechTalks Webinar April 2024 Ilia Kolochenko.pptx
Slides CapTechTalks Webinar April 2024 Ilia Kolochenko.pptxSlides CapTechTalks Webinar April 2024 Ilia Kolochenko.pptx
Slides CapTechTalks Webinar April 2024 Ilia Kolochenko.pptxCapitolTechU
 
UCCSC 2013 Presentation on UCSF Profiles
UCCSC 2013 Presentation on UCSF Profiles UCCSC 2013 Presentation on UCSF Profiles
UCCSC 2013 Presentation on UCSF Profiles lesliey
 
UCCSC Sauter Award for Profiles
UCCSC Sauter Award for ProfilesUCCSC Sauter Award for Profiles
UCCSC Sauter Award for Profilesericmeeks
 
CILogon 2.0 at 2017 Internet2 Global Summit
CILogon 2.0 at 2017 Internet2 Global SummitCILogon 2.0 at 2017 Internet2 Global Summit
CILogon 2.0 at 2017 Internet2 Global Summitjbasney
 
Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222KevinAlt1
 
OntoSoft: A Distributed Semantic Registry for Scientific Software
OntoSoft: A Distributed Semantic Registry for Scientific SoftwareOntoSoft: A Distributed Semantic Registry for Scientific Software
OntoSoft: A Distributed Semantic Registry for Scientific Softwaredgarijo
 
Research Networking SEO state of the union 2015
Research Networking SEO state of the union 2015Research Networking SEO state of the union 2015
Research Networking SEO state of the union 2015lesliey
 
Federated id alignment 2011
Federated id alignment 2011Federated id alignment 2011
Federated id alignment 2011BCcampus
 
20130821 Mozilla Badges OpenCall with Accreditrust
20130821 Mozilla Badges OpenCall with Accreditrust20130821 Mozilla Badges OpenCall with Accreditrust
20130821 Mozilla Badges OpenCall with AccreditrustEric Korb
 

Similaire à CILogon and InCommon: Technical Update (20)

CILogon 2.0 MAGIC SC16
CILogon 2.0 MAGIC SC16CILogon 2.0 MAGIC SC16
CILogon 2.0 MAGIC SC16
 
CILogon 2.0 Update at TechEx 2016
CILogon 2.0 Update at TechEx 2016CILogon 2.0 Update at TechEx 2016
CILogon 2.0 Update at TechEx 2016
 
CILogon 2.0 at Oct 2017 CICI PI meeting
CILogon 2.0 at Oct 2017 CICI PI meetingCILogon 2.0 at Oct 2017 CICI PI meeting
CILogon 2.0 at Oct 2017 CICI PI meeting
 
CILogon PEARC17
CILogon PEARC17CILogon PEARC17
CILogon PEARC17
 
GENI Engineering Conference -- Ian Foster
GENI Engineering Conference -- Ian FosterGENI Engineering Conference -- Ian Foster
GENI Engineering Conference -- Ian Foster
 
CILogon: An Integrated Identity and Access Management Platform for Science
CILogon: An Integrated Identity and Access Management Platform for ScienceCILogon: An Integrated Identity and Access Management Platform for Science
CILogon: An Integrated Identity and Access Management Platform for Science
 
Slides CapTechTalks Webinar April 2024 Ilia Kolochenko.pptx
Slides CapTechTalks Webinar April 2024 Ilia Kolochenko.pptxSlides CapTechTalks Webinar April 2024 Ilia Kolochenko.pptx
Slides CapTechTalks Webinar April 2024 Ilia Kolochenko.pptx
 
UCCSC 2013 Presentation on UCSF Profiles
UCCSC 2013 Presentation on UCSF Profiles UCCSC 2013 Presentation on UCSF Profiles
UCCSC 2013 Presentation on UCSF Profiles
 
UCCSC Sauter Award for Profiles
UCCSC Sauter Award for ProfilesUCCSC Sauter Award for Profiles
UCCSC Sauter Award for Profiles
 
OCR cybersecurity
OCR cybersecurityOCR cybersecurity
OCR cybersecurity
 
Knoesis Student Achievement
Knoesis Student AchievementKnoesis Student Achievement
Knoesis Student Achievement
 
Ucsd research-it-09-11-18
Ucsd research-it-09-11-18Ucsd research-it-09-11-18
Ucsd research-it-09-11-18
 
CILogon 2.0 at 2017 Internet2 Global Summit
CILogon 2.0 at 2017 Internet2 Global SummitCILogon 2.0 at 2017 Internet2 Global Summit
CILogon 2.0 at 2017 Internet2 Global Summit
 
Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222
 
Youngen "Secure Remote Access to Scholarly Resources"
Youngen "Secure Remote Access to Scholarly Resources"Youngen "Secure Remote Access to Scholarly Resources"
Youngen "Secure Remote Access to Scholarly Resources"
 
OntoSoft: A Distributed Semantic Registry for Scientific Software
OntoSoft: A Distributed Semantic Registry for Scientific SoftwareOntoSoft: A Distributed Semantic Registry for Scientific Software
OntoSoft: A Distributed Semantic Registry for Scientific Software
 
Research Networking SEO state of the union 2015
Research Networking SEO state of the union 2015Research Networking SEO state of the union 2015
Research Networking SEO state of the union 2015
 
Alamw15 VIVO
Alamw15 VIVOAlamw15 VIVO
Alamw15 VIVO
 
Federated id alignment 2011
Federated id alignment 2011Federated id alignment 2011
Federated id alignment 2011
 
20130821 Mozilla Badges OpenCall with Accreditrust
20130821 Mozilla Badges OpenCall with Accreditrust20130821 Mozilla Badges OpenCall with Accreditrust
20130821 Mozilla Badges OpenCall with Accreditrust
 

Plus de jbasney

Guidance and Survey Results from the Trustworthy Data Working Group
Guidance and Survey Results from the Trustworthy Data Working GroupGuidance and Survey Results from the Trustworthy Data Working Group
Guidance and Survey Results from the Trustworthy Data Working Groupjbasney
 
Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)
Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)
Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)jbasney
 
CILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth FederationCILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth Federationjbasney
 
CILogon 2.0 - IAM Online Webinar Series
CILogon 2.0 - IAM Online Webinar SeriesCILogon 2.0 - IAM Online Webinar Series
CILogon 2.0 - IAM Online Webinar Seriesjbasney
 
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for CyberinfrastructureLightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructurejbasney
 
11th FIM4R Workshop: US Projects Update
11th FIM4R Workshop: US Projects Update11th FIM4R Workshop: US Projects Update
11th FIM4R Workshop: US Projects Updatejbasney
 
CTSC+SWAMP: cybersecurity resources for your campus
CTSC+SWAMP: cybersecurity resources for your campusCTSC+SWAMP: cybersecurity resources for your campus
CTSC+SWAMP: cybersecurity resources for your campusjbasney
 
CTSC at TNC16
CTSC at TNC16CTSC at TNC16
CTSC at TNC16jbasney
 
CILogon 2.0 at REFEDS 30
CILogon 2.0 at REFEDS 30CILogon 2.0 at REFEDS 30
CILogon 2.0 at REFEDS 30jbasney
 

Plus de jbasney (9)

Guidance and Survey Results from the Trustworthy Data Working Group
Guidance and Survey Results from the Trustworthy Data Working GroupGuidance and Survey Results from the Trustworthy Data Working Group
Guidance and Survey Results from the Trustworthy Data Working Group
 
Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)
Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)
Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)
 
CILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth FederationCILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth Federation
 
CILogon 2.0 - IAM Online Webinar Series
CILogon 2.0 - IAM Online Webinar SeriesCILogon 2.0 - IAM Online Webinar Series
CILogon 2.0 - IAM Online Webinar Series
 
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for CyberinfrastructureLightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
 
11th FIM4R Workshop: US Projects Update
11th FIM4R Workshop: US Projects Update11th FIM4R Workshop: US Projects Update
11th FIM4R Workshop: US Projects Update
 
CTSC+SWAMP: cybersecurity resources for your campus
CTSC+SWAMP: cybersecurity resources for your campusCTSC+SWAMP: cybersecurity resources for your campus
CTSC+SWAMP: cybersecurity resources for your campus
 
CTSC at TNC16
CTSC at TNC16CTSC at TNC16
CTSC at TNC16
 
CILogon 2.0 at REFEDS 30
CILogon 2.0 at REFEDS 30CILogon 2.0 at REFEDS 30
CILogon 2.0 at REFEDS 30
 

Dernier

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Dernier (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

CILogon and InCommon: Technical Update

  • 1. CILogon and InCommon: Technical Update Jim Basney <jbasney@ncsa.illinois.edu> This material is based upon work supported by the National Science Foundation under grant numbers 0943633 and 1053575 and by the Department of Energy under award number DE-SC0008597. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.
  • 2. CILogon – https://cilogon.org/ •  Provides personal digital certificates for access to cyberinfrastructure •  Uses federated authentication for user identification
  • 3. Federated Authentication •  Log on to CILogon using your campus (InCommon) or Google (OpenID) account
  • 7. Bridging InCommon and IGTF •  Translating mechanism and policy across higher education and grid trust federations !"#$%"&'()*+& & !"#$%%&'()*'(#$+*,-&).'/#0&-1#23#%-+4*&)'/#$4(#'%-4-1)%#&'5)-4/#
  • 8. 100+ InCommon Research and Scholarship Identity Providers Arizona State University Boston University Brookhaven National Laboratory Brown University California Institute of Technology California State Polytechnic University, Pomona California State University, Fresno California State University, Fullerton Carleton College Carnegie Mellon University Clemson University Colorado School of Mines Colorado State University Columbia University Cornell University Florida International University George Mason University Georgia Institute of Technology GPN (Great Plains Network) Indiana University Indiana University of Pennsylvania Internet2 Iowa State University Johns Hopkins Kansas State University Lawrence Berkeley National Laboratory Lehigh University LIGO Scientific Collaboration Louisiana State University LTERN (Long Term Ecological Research Network) Massachusetts Institute of Technology Montana State University - Bozeman New York University North Carolina State University Northwestern University Ohio State University Ohio Technology Consortium (OH-TECH) Oregon State University Pomona College Purdue University Main Campus Reed College Rice University Rockefeller University Rutgers, The State University of New Jersey San Diego State University Southern Illinois University Southern Methodist University Stevens Institute of Technology Stony Brook University Syracuse University Texas A & M University The University of Arizona Towson University Tufts University University At Albany, State University of New York University of Alabama at Birmingham University of Alaska Statewide System University of Arkansas University of California, Davis University of California, San Francisco University of California, Santa Cruz University of California-Irvine University of California-Los Angeles University of Central Florida University of Chicago University of Cincinnati Main Campus University of Colorado at Boulder University of Dayton University of Florida University of Hawaii University of Houston Libraries University of Illinois at Chicago University of Illinois At Springfield University of Illinois at Urbana-Champaign University of Iowa University of Kansas University of Maryland Baltimore University of Maryland Baltimore County University of Maryland College Park University of Massachusetts Amherst University of Michigan University of Minnesota University of Missouri System University of Nebraska-Lincoln University of North Carolina at Chapel Hill University of Oregon University of Pennsylvania University of Pittsburgh University of South Florida University of Southern California University of Utah University of Vermont University of Virginia University of Washington University of Wisconsin-Madison University of Wisconsin-Milwaukee Utah State University Utah Valley University Vanderbilt University Virginia Polytechnic Institute and State University Weill Cornell Medical College West Virginia University Western Michigan University Wheaton College (MA) Yale University id.incommon.org/category/research-and-scholarship
  • 11. Multiple Levels of Assurance •  CILogon Silver CA –  InCommon Silver IDs –  IGTF accredited February 2011 •  CILogon Basic CA –  “Basic” InCommon IDs –  IGTF accredited June 2014 •  Google Authenticator provides second authentication factor
  • 13. Security Updates SHA-1 SSL OAuth 1.0 OpenID 2.0 SHA-2 TLS OAuth 2.0 OpenID Connect
  • 14. Fifteen years of securing cyberinfrastructure 2000 20102001 2002 2003 2004 2005 2006 2007 2008 2009 October 2001 Support for certificate- based authentication added by Daniel Kouril and Miroslav Ruda for the European DataGrid project. December 2001 MyProxy version 0.4.1 was released, adding support for Globus Toolkit 2.0. July 2002 NSF Middleware Initiative MyProxy Project collaborative project with Marty Humphrey at the University of Virginia began. April 2003 The NSF Middleware Initiative (NMI) issued its third software release, the first NMI release to include MyProxy. April 2004 Condor-G 6.7.0 was released, including support for managing credentials with MyProxy. October 2005 MyProxy used in LTER Grid demonstration. TeraGrid '06 "Managing Credentials on the TeraGrid with MyProxy" February 2007 Inca 2.0 was released with support for MyProxy. February 2009 MyProxy passed independent vulnerability assessment. June 2009 CILogon project started. September 2009 New CILogon Service provided bridge between InCommon and Grid authentication. MyProxy is part of the Globus Toolkit and is included in Fedora and Debian Linux operating system package repositories. MyProxy is used by many grid projects including CILogon, OSG, and XSEDE. February 2006 GridShib-CA was released, demonstrating MyProxy use with InCommon. July 2003 MyProxy was used in the NEESgrid MOST experiment. MyProxy was funded primarily by: via NLANR NSF Middleware Initiative NCSA Core Award TeraGrid STCI Core MyProxy Team at NCSA (current and past): Jim Basney (lead) Bill Baker Randy Butler Shiva Shankar Chetan Patrick Duda Mike Freemon Terry Fleury Zhenmin Li Jason Novotny Venkat Yekkirala Von Welch MyProxy Community Collaborators and Contributors: Jarek Gawor (ANL) Monte Goode (LBNL) Marty Humphrey (UVa) Daniel Kouril (CESNET, CZ) Alexandre Lossent (CERN) Neill Miller (ANL) Miroslav Ruda (CESNET/EGEE) Steve Traylen (CERN/EGEE) Benjamin Temko (IU) Steven Tuecke (ANL) Naotaka Yamamoto (AIST) April 2000 MyProxy 0.1 was released. November 2000 A web-based grid portal using MyProxy for authentication debuted at SC2000. June 2008 NERSC deployed authentication for their Grid resources using MyProxy CA. September 2006 NVO used MyProxy with PubCookie for web single sign-on. September 2005 ESG used PURSE, built on MyProxy, for user authentication. May 2005 FusionGrid deployed replicated MyProxy for grid portals and credential renewal. August 2006 MyProxy 3.6 was released, including support for VOMS authorization. September 2005 MyProxy 3.0 was released, with contribution from LBNL adding certificate authority capability. October 2014 MyProxy 6.1 was released. This was the 61st release of MyProxy. 20152011 2012 2013 2014 February 2012 OAuth for MyProxy v1.0 was released, providing an OAuth- compliant web interface to MyProxy. November 2011 Globus Online supported OAuth interface to XSEDE MyProxy server. June 2012 "An Online Credential Repository for the Grid: MyProxy" was selected as one of the best papers of the IEEE HPDC conference's 20 years. June 2013 OAuth for MyProxy passed independent vulnerability assessment. September 2014 Globus Toolkit 6.0 included MyProxy 6.0. January 2015 CILogon Service passed XSEDE acceptance tests.