SlideShare une entreprise Scribd logo

Privilege Project Vikram Andem

Télécharger en tant que PPT, PDF
Information Security Awareness Group
Information Security Awareness Group

Privilege Project Vikram Andem

TechnologieFormation
1  sur  10
MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Project Recent Updates MWSG Meeting June 5-6, 2006 Stanford Linear Accelerator Laboratory Vikram Reddy Andem 1 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Where does Privilege fit in Grid Services Privilege Infrastructure Naturally fits Here. 2 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Project Goals The primary goal of the project was to deliver the execution call-out for finer-grained authorization of processing resources 3 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture – Compute Element Proposed architecture (Dane Skow, Markus Lorch, Ian Fisk) 04//2004 Vikram Reddy Andem, Fermilab Privilege Management 4 June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture (continued) VOMS Execution site Compute Element Gatekeeper GRAM gridFTP PRIMA SAZ site GUMS Server Storage Element SRM/ dCache gPLAZMA Storage Authorization Service 5 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Project Achievements • Privilege has delivered an infrastructure that has been deployed on OSG - The authorization system has been deployed on all CMS-T2 centers, the T1 at FNAL, FermiGrid, BNL, etc. - CMS and ATLAS have defined roles that can be implemented within VOMS - VOMS extended proxy is parsed by the callout and given to GUMS for authentication • The release for the pre-web service globus-gatekeeper callout is stable - Relatively light operations support - A couple of tickets a month, so far rapidly solved 6 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Recent Advances and News • Prima Web services callout for GT4 has been developed and is currently distributed with VDT 1.3.9 • Prima 64-bit callout version has been developed and is currently distributed with VDT 1.3.9 • As a part of the Policy, Publication and Trust Project we delivered - VO Policy Template for Open Science Grid - Site Policy Template for Open Science Grid • Transition of Privilege Project leadership (Gabriele Garzoglio) - gPLAZMA (Abhishek Rana, UCSD / Ted Hesselroth, FNAL) - GUMS (John Hover, BNL) - PRIMA (Vikram Andem) - SAZ (Valery Sergeev, FNAL) - SRM/d-Cache (DESY/FNAL teams) - VOMS (INFN team, Italy) • Working with Igor Sfiligoi (INFN) on Glexec SAML callout to GUMS 7 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Current Activities • Support PRIMA and GUMS code for 32/64 bits for GT2 and GT4 for CMS T1&2 + OSG VO (best effort) (50% Vikram) • Deploy and support gPlazma infrastructure for CMS Tier 1&2 (important for SRM v2 deployment) (50% Ted for 3 mo) • Fix GUMS memory management problems (John Hover et al.: up to .5 FTE for 3 weeks) • Stress test of the GT4 PRIMA call-out (John W.: 5 FTE days) • Integration of gLexec with Privilege (8.5 FTE weeks) • Integrate GUMS with a monitoring/alarm infrastructure (.2 FTE/2 mo) 8 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Future Plans – Ideas ? • Simplify / Aggregate architecture - Update communication protocols (from extended SAML v1.1 to SAML v2.0) - Improve PRIMA build process • Publication of role-based privilege policy (with EGEE) • Extend privilege enforcing to network management • Long term directions - Investigate direct DN rights enforcement (no UID mapping) - Integrate Privilege Project with Policy Discovery Services 9 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
MWSG Meeting, Stanford Linear Accelerator Laboratory Questions ? 10 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

Recommandé

Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Information Security Awareness Group
 
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...Information Security Awareness Group
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...Information Security Awareness Group
 
Big data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceBig data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceInformation Security Awareness Group
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Information Security Awareness Group
 
A Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy Andem
A Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy AndemA Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy Andem
A Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy AndemInformation Security Awareness Group
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,Information Security Awareness Group
 
Jozi-JUG JDK 9 Unconference
Jozi-JUG JDK 9 UnconferenceJozi-JUG JDK 9 Unconference
Jozi-JUG JDK 9 UnconferenceHeather VanCura
 

Recommandé

Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Information Security Awareness Group
 
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...Information Security Awareness Group
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...Information Security Awareness Group
 
Big data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceBig data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceInformation Security Awareness Group
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Information Security Awareness Group
 
A Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy Andem
A Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy AndemA Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy Andem
A Cryptanalysis of the Tiny Encryption Algorithm Vikram Reddy AndemInformation Security Awareness Group
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,Information Security Awareness Group
 
Jozi-JUG JDK 9 Unconference
Jozi-JUG JDK 9 UnconferenceJozi-JUG JDK 9 Unconference
Jozi-JUG JDK 9 UnconferenceHeather VanCura
 
The Pacific Research Platform
The Pacific Research PlatformThe Pacific Research Platform
The Pacific Research PlatformLarry Smarr
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriSafe Software
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...Safe Software
 
Join the Java Evolution Portland Oregon
Join the Java Evolution Portland OregonJoin the Java Evolution Portland Oregon
Join the Java Evolution Portland OregonHeather VanCura
 
Esri ArcGIS Federal
Esri ArcGIS FederalEsri ArcGIS Federal
Esri ArcGIS FederalHarsh Prakash (AWS, Azure, Security+, Agile, PMP, GISP)
 
Fast radio follow-up of GRBs
Fast radio follow-up of GRBsFast radio follow-up of GRBs
Fast radio follow-up of GRBsTim Staley
 
OGCE RT Rroject Review
OGCE RT Rroject ReviewOGCE RT Rroject Review
OGCE RT Rroject Reviewmarpierc
 
OGCE Review for Indiana University Research Technologies
OGCE Review for Indiana University Research TechnologiesOGCE Review for Indiana University Research Technologies
OGCE Review for Indiana University Research Technologiesmarpierc
 
Indiana University's Advanced Science Gateway Support
Indiana University's Advanced Science Gateway SupportIndiana University's Advanced Science Gateway Support
Indiana University's Advanced Science Gateway Supportmarpierc
 
Systems Engineering Update - Dr. Ron Sega
Systems Engineering Update - Dr. Ron SegaSystems Engineering Update - Dr. Ron Sega
Systems Engineering Update - Dr. Ron SegaINCOSE Colorado Front Range Chapter
 
awards competences talks
awards competences talksawards competences talks
awards competences talksStefano Colafranceschi
 
六合彩,香港六合彩
六合彩,香港六合彩六合彩,香港六合彩
六合彩,香港六合彩bwsibh
 
香港六合彩
香港六合彩香港六合彩
香港六合彩dsageg
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShareirglygks
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩dscvsj
 
香港六合彩|六合彩
香港六合彩|六合彩香港六合彩|六合彩
香港六合彩|六合彩twieat
 
香港六合彩
香港六合彩香港六合彩
香港六合彩vbmlrn
 
Join the Java Evolution Columbus Ohio
Join the Java Evolution Columbus OhioJoin the Java Evolution Columbus Ohio
Join the Java Evolution Columbus OhioHeather VanCura
 
F1041028_George_Chen_Resume_9_with_Publications_Training
F1041028_George_Chen_Resume_9_with_Publications_TrainingF1041028_George_Chen_Resume_9_with_Publications_Training
F1041028_George_Chen_Resume_9_with_Publications_TrainingWei-Su Chen
 
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...Big Data Week
 
Big data analysis concepts and references
Big data analysis concepts and referencesBig data analysis concepts and references
Big data analysis concepts and referencesInformation Security Awareness Group
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim PolkInformation Security Awareness Group
 

Contenu connexe

Similaire à Privilege Project Vikram Andem

The Pacific Research Platform
The Pacific Research PlatformThe Pacific Research Platform
The Pacific Research PlatformLarry Smarr
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriSafe Software
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...Safe Software
 
Join the Java Evolution Portland Oregon
Join the Java Evolution Portland OregonJoin the Java Evolution Portland Oregon
Join the Java Evolution Portland OregonHeather VanCura
 
Fast radio follow-up of GRBs
Fast radio follow-up of GRBsFast radio follow-up of GRBs
Fast radio follow-up of GRBsTim Staley
 
OGCE RT Rroject Review
OGCE RT Rroject ReviewOGCE RT Rroject Review
OGCE RT Rroject Reviewmarpierc
 
OGCE Review for Indiana University Research Technologies
OGCE Review for Indiana University Research TechnologiesOGCE Review for Indiana University Research Technologies
OGCE Review for Indiana University Research Technologiesmarpierc
 
Indiana University's Advanced Science Gateway Support
Indiana University's Advanced Science Gateway SupportIndiana University's Advanced Science Gateway Support
Indiana University's Advanced Science Gateway Supportmarpierc
 
六合彩,香港六合彩
六合彩,香港六合彩六合彩,香港六合彩
六合彩,香港六合彩bwsibh
 
香港六合彩
香港六合彩香港六合彩
香港六合彩dsageg
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShareirglygks
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩dscvsj
 
香港六合彩|六合彩
香港六合彩|六合彩香港六合彩|六合彩
香港六合彩|六合彩twieat
 
香港六合彩
香港六合彩香港六合彩
香港六合彩vbmlrn
 
Join the Java Evolution Columbus Ohio
Join the Java Evolution Columbus OhioJoin the Java Evolution Columbus Ohio
Join the Java Evolution Columbus OhioHeather VanCura
 
F1041028_George_Chen_Resume_9_with_Publications_Training
F1041028_George_Chen_Resume_9_with_Publications_TrainingF1041028_George_Chen_Resume_9_with_Publications_Training
F1041028_George_Chen_Resume_9_with_Publications_TrainingWei-Su Chen
 
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...Big Data Week
 

Similaire à Privilege Project Vikram Andem (20)

The Pacific Research Platform
The Pacific Research PlatformThe Pacific Research Platform
The Pacific Research Platform
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & Esri
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...
 
Join the Java Evolution Portland Oregon
Join the Java Evolution Portland OregonJoin the Java Evolution Portland Oregon
Join the Java Evolution Portland Oregon
 
Esri ArcGIS Federal
Esri ArcGIS FederalEsri ArcGIS Federal
Esri ArcGIS Federal
 
Fast radio follow-up of GRBs
Fast radio follow-up of GRBsFast radio follow-up of GRBs
Fast radio follow-up of GRBs
 
OGCE RT Rroject Review
OGCE RT Rroject ReviewOGCE RT Rroject Review
OGCE RT Rroject Review
 
OGCE Review for Indiana University Research Technologies
OGCE Review for Indiana University Research TechnologiesOGCE Review for Indiana University Research Technologies
OGCE Review for Indiana University Research Technologies
 
Indiana University's Advanced Science Gateway Support
Indiana University's Advanced Science Gateway SupportIndiana University's Advanced Science Gateway Support
Indiana University's Advanced Science Gateway Support
 
Systems Engineering Update - Dr. Ron Sega
Systems Engineering Update - Dr. Ron SegaSystems Engineering Update - Dr. Ron Sega
Systems Engineering Update - Dr. Ron Sega
 
awards competences talks
awards competences talksawards competences talks
awards competences talks
 
六合彩,香港六合彩
六合彩,香港六合彩六合彩,香港六合彩
六合彩,香港六合彩
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩
 
香港六合彩|六合彩
香港六合彩|六合彩香港六合彩|六合彩
香港六合彩|六合彩
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
Join the Java Evolution Columbus Ohio
Join the Java Evolution Columbus OhioJoin the Java Evolution Columbus Ohio
Join the Java Evolution Columbus Ohio
 
F1041028_George_Chen_Resume_9_with_Publications_Training
F1041028_George_Chen_Resume_9_with_Publications_TrainingF1041028_George_Chen_Resume_9_with_Publications_Training
F1041028_George_Chen_Resume_9_with_Publications_Training
 
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...
 

Plus de Information Security Awareness Group

Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...Information Security Awareness Group
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Information Security Awareness Group
 
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...Information Security Awareness Group
 
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...Information Security Awareness Group
 
Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun Li
Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun LiDigital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun Li
Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun LiInformation Security Awareness Group
 

Plus de Information Security Awareness Group (20)

Big data analysis concepts and references
Big data analysis concepts and referencesBig data analysis concepts and references
Big data analysis concepts and references
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene Itkis
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...
 
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
 
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
 
THE OPEN SCIENCE GRID Ruth Pordes
THE OPEN SCIENCE GRID Ruth PordesTHE OPEN SCIENCE GRID Ruth Pordes
THE OPEN SCIENCE GRID Ruth Pordes
 
Open Science Grid security-atlas-t2 Bob Cowles
Open Science Grid security-atlas-t2 Bob CowlesOpen Science Grid security-atlas-t2 Bob Cowles
Open Science Grid security-atlas-t2 Bob Cowles
 
Security Open Science Grid Doug Olson
Security Open Science Grid Doug OlsonSecurity Open Science Grid Doug Olson
Security Open Science Grid Doug Olson
 
Open Science Group Security Kevin Hill
Open Science Group Security Kevin HillOpen Science Group Security Kevin Hill
Open Science Group Security Kevin Hill
 
Xrootd proxies Andrew Hanushevsky
Xrootd proxies Andrew HanushevskyXrootd proxies Andrew Hanushevsky
Xrootd proxies Andrew Hanushevsky
 
DES Block Cipher Hao Qi
DES Block Cipher Hao QiDES Block Cipher Hao Qi
DES Block Cipher Hao Qi
 
Cache based side_channel_attacks Anestis Bechtsoudis
Cache based side_channel_attacks Anestis BechtsoudisCache based side_channel_attacks Anestis Bechtsoudis
Cache based side_channel_attacks Anestis Bechtsoudis
 
Rakesh kumar srirangam
Rakesh kumar srirangamRakesh kumar srirangam
Rakesh kumar srirangam
 
Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun Li
Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun LiDigital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun Li
Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun Li
 
Proxy cryptography Anca-Andreea Ivan , Yevgeniy Dodis
Proxy cryptography Anca-Andreea Ivan , Yevgeniy DodisProxy cryptography Anca-Andreea Ivan , Yevgeniy Dodis
Proxy cryptography Anca-Andreea Ivan , Yevgeniy Dodis
 
Quan nguyen symmetric versus asymmetric cryptography
Quan nguyen symmetric versus asymmetric cryptographyQuan nguyen symmetric versus asymmetric cryptography
Quan nguyen symmetric versus asymmetric cryptography
 
Elliptic curvecryptography Shane Almeida Saqib Awan Dan Palacio
Elliptic curvecryptography Shane Almeida Saqib Awan Dan PalacioElliptic curvecryptography Shane Almeida Saqib Awan Dan Palacio
Elliptic curvecryptography Shane Almeida Saqib Awan Dan Palacio
 

Dernier

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Dernier (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Privilege Project Vikram Andem

  • 1. MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Project Recent Updates MWSG Meeting June 5-6, 2006 Stanford Linear Accelerator Laboratory Vikram Reddy Andem 1 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 2. MWSG Meeting, Stanford Linear Accelerator Laboratory Where does Privilege fit in Grid Services Privilege Infrastructure Naturally fits Here. 2 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 3. MWSG Meeting, Stanford Linear Accelerator Laboratory Project Goals The primary goal of the project was to deliver the execution call-out for finer-grained authorization of processing resources 3 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 4. MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture – Compute Element Proposed architecture (Dane Skow, Markus Lorch, Ian Fisk) 04//2004 Vikram Reddy Andem, Fermilab Privilege Management 4 June 06, 2006
  • 5. MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture (continued) VOMS Execution site Compute Element Gatekeeper GRAM gridFTP PRIMA SAZ site GUMS Server Storage Element SRM/ dCache gPLAZMA Storage Authorization Service 5 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 6. MWSG Meeting, Stanford Linear Accelerator Laboratory Project Achievements • Privilege has delivered an infrastructure that has been deployed on OSG - The authorization system has been deployed on all CMS-T2 centers, the T1 at FNAL, FermiGrid, BNL, etc. - CMS and ATLAS have defined roles that can be implemented within VOMS - VOMS extended proxy is parsed by the callout and given to GUMS for authentication • The release for the pre-web service globus-gatekeeper callout is stable - Relatively light operations support - A couple of tickets a month, so far rapidly solved 6 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 7. MWSG Meeting, Stanford Linear Accelerator Laboratory Recent Advances and News • Prima Web services callout for GT4 has been developed and is currently distributed with VDT 1.3.9 • Prima 64-bit callout version has been developed and is currently distributed with VDT 1.3.9 • As a part of the Policy, Publication and Trust Project we delivered - VO Policy Template for Open Science Grid - Site Policy Template for Open Science Grid • Transition of Privilege Project leadership (Gabriele Garzoglio) - gPLAZMA (Abhishek Rana, UCSD / Ted Hesselroth, FNAL) - GUMS (John Hover, BNL) - PRIMA (Vikram Andem) - SAZ (Valery Sergeev, FNAL) - SRM/d-Cache (DESY/FNAL teams) - VOMS (INFN team, Italy) • Working with Igor Sfiligoi (INFN) on Glexec SAML callout to GUMS 7 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 8. MWSG Meeting, Stanford Linear Accelerator Laboratory Current Activities • Support PRIMA and GUMS code for 32/64 bits for GT2 and GT4 for CMS T1&2 + OSG VO (best effort) (50% Vikram) • Deploy and support gPlazma infrastructure for CMS Tier 1&2 (important for SRM v2 deployment) (50% Ted for 3 mo) • Fix GUMS memory management problems (John Hover et al.: up to .5 FTE for 3 weeks) • Stress test of the GT4 PRIMA call-out (John W.: 5 FTE days) • Integration of gLexec with Privilege (8.5 FTE weeks) • Integrate GUMS with a monitoring/alarm infrastructure (.2 FTE/2 mo) 8 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 9. MWSG Meeting, Stanford Linear Accelerator Laboratory Future Plans – Ideas ? • Simplify / Aggregate architecture - Update communication protocols (from extended SAML v1.1 to SAML v2.0) - Improve PRIMA build process • Publication of role-based privilege policy (with EGEE) • Extend privilege enforcing to network management • Long term directions - Investigate direct DN rights enforcement (no UID mapping) - Integrate Privilege Project with Policy Discovery Services 9 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • 10. MWSG Meeting, Stanford Linear Accelerator Laboratory Questions ? 10 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006