1 / 6

WP4 Security Update

WP4 Security Update. For WP4: David Groep. hep-proj-grid-fabric-gridify@cern.ch. A Job lifecycle within the Fabric. Some WP4 security components. Plug-able system for authorization (LCAS) plug-in (PAM-like) framework Use as an engine for policy-driven authorization LCMAPS local credentials

boerger
Download Presentation

WP4 Security Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WP4 Security Update For WP4: David Groep hep-proj-grid-fabric-gridify@cern.ch

  2. A Job lifecycle within the Fabric

  3. Some WP4 security components • Plug-able system for authorization (LCAS) • plug-in (PAM-like) framework • Use as an engine for policy-driven authorization • LCMAPS local credentials • Credential generation plug-in framework • Logical place to add role support • Additional modifications to gatekeeper required • error&status handling • Getting a useful message to the user

  4. Authentication control flow EDG gatekeeper NOW 1.3, 1.4, 2+ Gatekeeper Gatekeeper LCAS config TLS auth TLS auth ACL Id timeslot Yes/no LCAS (so) LCAS client gridmap LCMAPS clnt LCMAPS Id assist_gridmap config apply creds * credlist Jobmanager-* Jobmanager-* role2uid role2afs * And store in job repository

  5. More components • Configuration database • The CDB should keep all relevant configuration/policies • Can publish to information services (and integrate with WP3 tools) • High-level description language to be defined in June workshop • Monitoring • Monitoring over unsecure networks • Local ID service • To elimitate confusion: primary role is inside fabric • Secure install services, etc.

  6. Status and plans • Progress on LCAS • Added hook in gatekeeper  edg_gatekeeper • Early prototype in Release 1.2: shipped as shared object with three components (allow, ban, timeslot) • Dynamic plugin frameworknow being unit tested within WP4/gridification • To be released in 1.3 • More plug-in components can be developed independently (is simple) • LCMAPS • Release planning changed to provide it earlier (1.4) • Keep all the useful functionality from Andrew • Extend with role support (interaction with client side TBD)

More Related