Download - Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester
![Page 1: Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester](https://reader030.vdocuments.site/reader030/viewer/2022012919/56649e885503460f94b8c970/html5/thumbnails/1.jpg)
Grid Security work in 2006
Andrew McNabGrid Security Research Fellow
University of Manchester
![Page 2: Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester](https://reader030.vdocuments.site/reader030/viewer/2022012919/56649e885503460f94b8c970/html5/thumbnails/2.jpg)
21 December 2006 A.McNab – Grid Security
December 2005
• Security Group had started GridPP2 and JISC funded work
• GridSite had been taken up by several HEP / Grid projects for managing web pages
• GridSiteWiki in use by GridPP (New Scientist mention etc)
• Big push was still to get GridSite into “programmatic” use.
• GridSite web service hosting and delegation taken up by EGEE Workload Management
• htcp bulk file transfers used by EGEE WMS
• Had designed SiteCast file location system
![Page 3: Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester](https://reader030.vdocuments.site/reader030/viewer/2022012919/56649e885503460f94b8c970/html5/thumbnails/3.jpg)
21 December 2006 A.McNab – Grid Security
GridSite
● GridSite is our key piece of grid security technology● Adds support for grid security “objects” to Apache web server● Identity certificates and GSI proxies● VOMS attribute certificates for group membership● GACL policy language● Credentials from Shibboleth
● Allows Apache to host Web Services for Grids.● Library functions can be reused in other services– including GridSite proxy delegation used by EGEE
![Page 4: Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester](https://reader030.vdocuments.site/reader030/viewer/2022012919/56649e885503460f94b8c970/html5/thumbnails/4.jpg)
21 December 2006 A.McNab – Grid Security
“New for 2006”
• EGEE File Transfer System has taken up GridSite delegation protocol and library for C/C++ components
• SlashGrid resurrected and rewritten– provides an HTTP(S) network filesystem, with the
option to use multicast to find replicas of files.
• With Joseph, Shibboleth added to credentials framework– Distributed password-based authentication– NIST Level of Assurance added to policy language
• Support for access control for 3rd party virtual “websites” – eg the Subversion version control system
![Page 5: Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester](https://reader030.vdocuments.site/reader030/viewer/2022012919/56649e885503460f94b8c970/html5/thumbnails/5.jpg)
21 December 2006 A.McNab – Grid Security
Summary
• Continue to support GridPP website and Wiki– Also used by other Grid websites, and NGS Wiki
• Continue to track agreed changes in delegation protocol, VOMS attributes etc and update library in response
• EGEE FTS has adopted GridSite components– WMS continues to use GridSite to host services
• SlashGrid bulk file storage system produced and being finalised
• Shibboleth support added to GridSite framework– for when JISC uses Shibboleth to replace ATHENS