uscgrid a (very quick) introduction to authn/authz

USCGridUSCGridA (Very Quick) IntroductionA (Very Quick) Introduction

To Authn/AuthzTo Authn/Authz

http://www.usc.edu/isd/services/uscgrid

April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 22

USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz

Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View AuthnAuthn AuthzAuthz ReferencesReferences


Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View

Everybody wants a secure network.Q:




Everybody wants a secure network. Nobody wants servers broken into.

Q:




Everybody wants a secure network. Nobody wants servers broken into. How do the NMI components address security?

Q:




There are several aspects to security.A:




There are several aspects to security.

Authentication

A:





Authentication – which concerns itself with verifying identity.

A:






Authorization

A:






Authorization – which determines what an authenticated user (or program) is allowed to do.

A:





Confidentiality

A:





Confidentiality – which ensures that no one except the intended parties can gain access to information.

A:






Data integrity

A:






Data integrity – which guards against tampering.

A:





Auditing

A:





Auditing – which logs information as things happen.

A:






Intrusion detection

A:






Intrusion detection – which notices break-ins.

A:





We’re only going to look at Authentication – authn in security lingo – and Authorization – authz in security lingo.

A:



AuthnAuthn

Authn concerns itself with verifying identity. It’s the soldier’s challenge – and his comrade’s response.

Q:



AuthnAuthn

Authn concerns itself with verifying identity. It’s the soldier’s challenge – and his comrade’s response. How does NMI handle authn?

Q:



AuthnAuthn

There are a couple of different mechanisms used by NMI for authn.

A:



AuthnAuthn


Public Key Infrastructure (PKI) technology is used by the Globus Toolkit.

A:



AuthnAuthn


Public Key Infrastructure (PKI) technology is used by the Globus Toolkit.

However, this segment will instead look at PubCookie, a component that uses passwords.

A:



AuthzAuthz

Authz determines what an authenticated user (or program) is allowed to do.

Q:



AuthzAuthz

Authz determines what an authenticated user (or program) is allowed to do. How does NMI handle authz?

Q:



AuthzAuthz

There are a couple of different mechanisms used by NMI for authz.

A:



AuthzAuthz

There are a couple of different mechanisms used by NMI for authz.

However, this segment will look at Shibboleth, a component that can grant authorization without knowing the identity of the person requesting authorization.

A:




ReferencesReferences

Kerberos: A Network Authentication Kerberos: A Network Authentication SystemSystem. Brian Tung. Addison-Wesley. . Brian Tung. Addison-Wesley. 1999.1999.

SSH: The Secure Shell: The Definitive SSH: The Secure Shell: The Definitive GuideGuide. Daniel J. Barret & Richard E. . Daniel J. Barret & Richard E. Silverman. O’Reilly & Associates. 2001.Silverman. O’Reilly & Associates. 2001.



ReferencesReferences

Practical Unix & Internet SecurityPractical Unix & Internet Security. Simson . Simson Garfinkel & Gene Spafford. O’Reilly & Garfinkel & Gene Spafford. O’Reilly & Associates. 1996.Associates. 1996.

Shibboleth Project. Shibboleth Project. http://shibboleth.internet2.eduhttp://shibboleth.internet2.edu

PubCookie.PubCookie.http://www.washington.edu/pubcookiehttp://www.washington.edu/pubcookie

uscgrid a (very quick) introduction to authn/authz

Documents

authnauthz security

authnauthz slide

internet22 uscgrid

internet23 uscgrid

internet25 security

internet26 security

internet27 security

internet28 security