1 / 10

Federated Identity Management for HEP

Federated Identity Management for HEP . David Kelsey STFC – RAL Nijmegen workshop 22 June 2012. WLCG. Data processing, storage and analysis for the CERN Large Hadron Collider Experiments Making data equally available to all partners, regardless of their physical location

merlin
Télécharger la présentation

Federated Identity Management for HEP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federated Identity Management for HEP David Kelsey STFC – RALNijmegen workshop 22 June 2012

  2. WLCG • Data processing, storage and analysis for the CERN Large Hadron Collider Experiments • Making data equally available to all partners, regardless of their physical location • WLCG is made up of • more than 140 computing centres • in ~ 35 countries • several * 100K CPU Cores • several * 100 PB Storage • ~10K users Kelsey, HEP FIM

  3. Endorsement of FIM paper • DPK presented the paper to • HEPiX - 26 April 2012 • https://indico.cern.ch/contributionDisplay.py?sessionId=7&contribId=20&confId=160737 • WLCG Grid Deployment Board – 9 May • https://indico.cern.ch/conferenceDisplay.py?confId=155068 • Formally endorsed by WLCG Management Board • Meeting of 5 June 2012 Kelsey, HEP FIM

  4. Federated IdM in HEP • X.509 certificates and VOMS ACs for Grid services • Using TERENA Cert Service in some places • Grid also requires Delegation • But many other services (not just Grid) • Collaboration tools, wikis, mail lists, webs, agenda pages… • Today CERN has to manage thousands of user accounts, many of these are “external” • Which federationsshould we use? • R&E, Moonshot, OpenID, …? • Choice should be based on the required level of assurance Kelsey, HEP FIM

  5. Two proposals for pilot projects for WLCG • Browser based: a pilot using a WLCG collaborative Web application where users authenticate via their home-issued federated credential • Non-browser based: a service enabling access to WLCG Grid resources using home-issued federated credentials Kelsey, HEP FIM

  6. Browser-based • Not decided yet • At CERN or some other site? • Traditional federated service • How do we cope with the scaling issues of joining many federations? Kelsey, HEP FIM

  7. Non-browser • Access to WLCG Grid services • Hide the use of X.509 certificates from end users • Using credential translation techniques • From federated identity credential • To short-lived X.509 certificate (hidden) • For example using the new EMI STS • 2 slides from RomainWartel (CERN) Kelsey, HEP FIM

  8. Questions? Kelsey, HEP FIM

  9. Kelsey, HEP FIM

  10. Questions? Kelsey, HEP FIM

More Related