1 / 14

The Roadmap of NAREGI Security Services

The Roadmap of NAREGI Security Services. Masataka Kanamori NAREGI WP5 2005.4.20. http://www.naregi.org/. NAREGI WPs. WP6 : Grid-Enabled Apps. WP3 : Grid Visualization. WP3 : Grid PSE. WP2 : Grid Programming - Grid RPC - Grid MPI. WP3 : Grid Workflow. WP1 :

eliora
Télécharger la présentation

The Roadmap of NAREGI Security Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Roadmap ofNAREGI Security Services Masataka Kanamori NAREGI WP5 2005.4.20 http://www.naregi.org/

  2. NAREGI WPs WP6:Grid-Enabled Apps WP3:Grid Visualization WP3:Grid PSE WP2: Grid Programming - Grid RPC - Grid MPI WP3:Grid Workflow WP1: Distributed Information Service WP4: Packaging WP1: SuperScheduler (Globus,Condor,UNICOREOGSA) WP1: Grid VM WP5: High-Performance & Secure Grid Networking

  3. NAREGI WP5 WP6:Grid-Enabled Apps WP3:Grid Visualization WP3:Grid PSE WP2: Grid Programming - Grid RPC - Grid MPI WP3:Grid Workflow WP1: Distributed Information Service WP4: Packaging WP1: SuperScheduler (Globus,Condor,UNICOREOGSA) WP5: WP1: Grid VM PKI Network

  4. Security Services Architecture Hypothetical OGSA version 2.0 documents scheduleSecurity Services :WG draft publication GGF17(’06/6) Bridge/Translation Services Attribute Services Authorization Services Trust Services Audit/Source-Logging Services Credential Validation Services Credential Conversion Privacy Services VO Policy Authentication Identity Mapping The Open Grid Services Architecture, Version 1.0

  5. Roadmap for NAREGI Security Services (NSS) FS :Feasibility Study, BD :Basic Design, DV :Development, DP :Deployment Core Functions OGSA Security Services Note: `*` means ‘subject to FS’

  6. Authentication : NAREGI - CA VO management cooperation functions Command User Interface WebUser Interface XKMS RA: Registration Functions Web Service Interface LCMP AICA (existing Certificate Authority Free Software) CP/CPS Auth. Policy Extension (multi-domains) Audit PMA Auth. Policy (single domain) NAS(NAREGI AUTHENTICATION SERVICE) Network Infrastructure Development in 2003 Development in 2004 After 2005

  7. WS-based NSS in the future XACML Policyinformationpoint Policydecisionpoint CredentialX.509 Cert Authentication AuthorityXKMS Validate RequestReply ③ ④VO Info ⑤ ⑥ Authentication & AuthorizationService NAREGI-CA SAML extension in XACML ⑦ Authorizationassertion ② ⑧ Policyenforcementpoint ① Service Request MMJFS etc.

  8. NAREGI CA (CD package) • Contents • README (Overview, install, etc..) • LICENSE • Release NOTE • naregi-ca-1.0.tar.gz • Source files • CP/CPS, Administrator Guide, etc.. • naregi-project • naregi_pre.pdf (about NAREGI) • wp5_pre.pdf (about NAREGI Work Package 5) • Contact: • naregi-psg@grid.nii.ac.jp (about CD package) • naregi.pkiwg@grid.nii.ac.jp (NAREGI WP5 ML) • Useful Link • https://www.apgrid.org/CA/AIST/Production/index.htm

  9. NAREGI Testbed

  10. Super SINET Super SINET: http://www.sinet.ad.jp/english/super_sinet.html Src: http://www.sinet.ad.jp/english/japan_map_1.html

  11. NAREGI Grid Network connected will be connected Osaka Univ. Kyushu tech Univ. Tokyo tech Univ. NAREGI Grid Network Kyushu Univ. AIST IMS NAREGI NIICluster NII NAREGI NAREGI IMSCluster

  12. NAREGI Grid Network(in the future) connected Hokkaido Univ. Tokyo Univ. Tohoku Univ. will be connected Kyoto Univ. Osaka Univ. Universities Grid Network Nagoya Univ. Osaka Univ. Doshisha Univ. Kyushu Univ. Kyushu tech Univ. Tokyo tech Univ. NAREGI Grid Network Kyushu Univ. AIST IMS NAREGI NIICluster NII NAREGI NAREGI IMSCluster

  13. Features of NAREGI CA • separates CA server and RA (web enroll). Nobody can access a CA server directly from the Net. • OpenCA is not separated • can use a license ID for OneTime authentication. • provides two types of interfaces • command-based • web-based.

More Related