1 / 10

Security status

Security status. Joni Hahkala JRA1 All-Hands meeting, Helsinki, June 18 th , 2007. Overview. Build status LCAS/LCMAPS Glexec VOMS Delegation, ssl error messages Trustmanager/util-java Java authorization framework - gJaf Shib integration. Build Status.

brody
Download Presentation

Security status

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security status Joni Hahkala JRA1 All-Hands meeting, Helsinki, June 18th, 2007

  2. Overview • Build status • LCAS/LCMAPS • Glexec • VOMS • Delegation, ssl error messages • Trustmanager/util-java • Java authorization framework - gJaf • Shib integration Security status, All-hands meeting Helsinki June 18th, 2007

  3. Build Status • Everything builds on SLC3 and SLC4 32bit • On SLC4 64 bit only voms-oracle fails, Header file problems? • Restructuring • LCMAPS still need to be restructured to remove circular dep etc. • Otherwise waiting for any challenges Security status, All-hands meeting Helsinki June 18th, 2007

  4. LCAS/LCMAPS • End of life for EDG-variants, they are very old • New versions should be deployed soon • Configuration changes, security fixes etc • Site central service • Waiting for the finalization of the WSDL, with OSG, Globus (june/july?) • SAML with XACML obligations • Waiting for the Globus library that handles the SAML/XACML (july/august?) • After that should be simple to put the pieces together and write the glue code (4-6 weeks)? Security status, All-hands meeting Helsinki June 18th, 2007

  5. Glexec • Endorsement from TCG • Will need the site central LCAS/LCMAPS to be useful • Version that uses GUMS deployed on OSG • Included into VDT Security status, All-hands meeting Helsinki June 18th, 2007

  6. VOMS • New version 1.7.17.1 being deployed • Big update to the old version • Generic attributes • New version 1.7.18.1 being developed to address bugs found by DM group and VDT • Voms-admin 2.0.2-3 being certified • Globus free version of the api available • Need to harmonize the way the attributes are used/interpreted Security status, All-hands meeting Helsinki June 18th, 2007

  7. Delegation, ssl error messages Delegation • Java client available • Have to add the support for the rfc3820 proxies SSL error messages in GSI • Looking into this, may need to create a patch for globus Security status, All-hands meeting Helsinki June 18th, 2007

  8. Trustmanager/util-java • Deprecation and eventual removal of voms parser • New version will be available in the voms-java package • Support for Axis2 should be added • Insides of axis changed from axis to axis2, so need to reintegrate • Upgrade to bouncycastle =>1.3x Security status, All-hands meeting Helsinki June 18th, 2007

  9. gJaf • Tutorial done • SAML test cases • Development done, need to commit to CVS • XACML local/simple PDP (PDPXACML) • Tested standalone/local, need to be integrated into PDP chain • External XACML PDP callout • In course of integration with (GT based XACML-PDP) Site Central AuthZ service • VOMS Generic attributes support • Todo • PDP chain redesign to support obligations Security status, All-hands meeting Helsinki June 18th, 2007

  10. Shib integration • SLCS in production (Switch) • Vash, VOMS Attributes from Shibboleth • Developed • Plugin for LCAS/LCMAPS to interpret these in finishing stages • SAML support in services under investigation Security status, All-hands meeting Helsinki June 18th, 2007

More Related