1 / 5

WP4 Security Update

This update discusses the WP4 security components for authorization in the Fabric, including a plug-able system for authorization, a PAM-like plug-in framework, and a policy-driven authorization engine. It also covers additional components like a configuration database and local ID service, as well as the status and plans for LCAS and LCMAPS.

bettycooper
Download Presentation

WP4 Security Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WP4 Security Update For WP4: David Groep hep-proj-grid-fabric-gridify@cern.ch

  2. A Job lifecycle within the Fabric

  3. Some WP4 security components • Plug-able system for authorization (LCAS) • plug-in (PAM-like) framework • Use as an engine for policy-driven authorization • LCMAPS local credentials • Credential generation plug-in framework • Logical place to add role support • Additional modifications to gatekeeper required • error&status handling • Getting a useful message to the user

  4. More components • Configuration database • The CDB should keep all relevant configuration/policies • Can publish to information services (and integrate with WP3 tools) • High-level description language to be defined in June workshop • Local ID service • To elimitate confusion: primary role is inside fabric • Secure install services, etc.

  5. Status and plans • Progress on LCAS • Added hook in gatekeeper  edg_gatekeeper • Early prototype in Release 1.2: shipped as shared object with three components (allow, ban, timeslot) • Dynamic plugin frameworknow being unit tested within WP4/gridification • To be released in 1.3 • More plug-in components can be developed independently (is simple) • LCMAPS • Release planning changed to provide it earlier (1.4) • Keep all the useful functionality from Andrew • Extend with role support (interaction with client side TBD)

More Related