140 likes | 151 Views
The Roadmap of NAREGI Security Services. Masataka Kanamori NAREGI WP5 2005.4.20. http://www.naregi.org/. NAREGI WPs. WP6 : Grid-Enabled Apps. WP3 : Grid Visualization. WP3 : Grid PSE. WP2 : Grid Programming - Grid RPC - Grid MPI. WP3 : Grid Workflow. WP1 :
E N D
The Roadmap ofNAREGI Security Services Masataka Kanamori NAREGI WP5 2005.4.20 http://www.naregi.org/
NAREGI WPs WP6:Grid-Enabled Apps WP3:Grid Visualization WP3:Grid PSE WP2: Grid Programming - Grid RPC - Grid MPI WP3:Grid Workflow WP1: Distributed Information Service WP4: Packaging WP1: SuperScheduler (Globus,Condor,UNICOREOGSA) WP1: Grid VM WP5: High-Performance & Secure Grid Networking
NAREGI WP5 WP6:Grid-Enabled Apps WP3:Grid Visualization WP3:Grid PSE WP2: Grid Programming - Grid RPC - Grid MPI WP3:Grid Workflow WP1: Distributed Information Service WP4: Packaging WP1: SuperScheduler (Globus,Condor,UNICOREOGSA) WP5: WP1: Grid VM PKI Network
Security Services Architecture Hypothetical OGSA version 2.0 documents scheduleSecurity Services :WG draft publication GGF17(’06/6) Bridge/Translation Services Attribute Services Authorization Services Trust Services Audit/Source-Logging Services Credential Validation Services Credential Conversion Privacy Services VO Policy Authentication Identity Mapping The Open Grid Services Architecture, Version 1.0
Roadmap for NAREGI Security Services (NSS) FS :Feasibility Study, BD :Basic Design, DV :Development, DP :Deployment Core Functions OGSA Security Services Note: `*` means ‘subject to FS’
Authentication : NAREGI - CA VO management cooperation functions Command User Interface WebUser Interface XKMS RA: Registration Functions Web Service Interface LCMP AICA (existing Certificate Authority Free Software) CP/CPS Auth. Policy Extension (multi-domains) Audit PMA Auth. Policy (single domain) NAS(NAREGI AUTHENTICATION SERVICE) Network Infrastructure Development in 2003 Development in 2004 After 2005
WS-based NSS in the future XACML Policyinformationpoint Policydecisionpoint CredentialX.509 Cert Authentication AuthorityXKMS Validate RequestReply ③ ④VO Info ⑤ ⑥ Authentication & AuthorizationService NAREGI-CA SAML extension in XACML ⑦ Authorizationassertion ② ⑧ Policyenforcementpoint ① Service Request MMJFS etc.
NAREGI CA (CD package) • Contents • README (Overview, install, etc..) • LICENSE • Release NOTE • naregi-ca-1.0.tar.gz • Source files • CP/CPS, Administrator Guide, etc.. • naregi-project • naregi_pre.pdf (about NAREGI) • wp5_pre.pdf (about NAREGI Work Package 5) • Contact: • naregi-psg@grid.nii.ac.jp (about CD package) • naregi.pkiwg@grid.nii.ac.jp (NAREGI WP5 ML) • Useful Link • https://www.apgrid.org/CA/AIST/Production/index.htm
Super SINET Super SINET: http://www.sinet.ad.jp/english/super_sinet.html Src: http://www.sinet.ad.jp/english/japan_map_1.html
NAREGI Grid Network connected will be connected Osaka Univ. Kyushu tech Univ. Tokyo tech Univ. NAREGI Grid Network Kyushu Univ. AIST IMS NAREGI NIICluster NII NAREGI NAREGI IMSCluster
NAREGI Grid Network(in the future) connected Hokkaido Univ. Tokyo Univ. Tohoku Univ. will be connected Kyoto Univ. Osaka Univ. Universities Grid Network Nagoya Univ. Osaka Univ. Doshisha Univ. Kyushu Univ. Kyushu tech Univ. Tokyo tech Univ. NAREGI Grid Network Kyushu Univ. AIST IMS NAREGI NIICluster NII NAREGI NAREGI IMSCluster
Features of NAREGI CA • separates CA server and RA (web enroll). Nobody can access a CA server directly from the Net. • OpenCA is not separated • can use a license ID for OneTime authentication. • provides two types of interfaces • command-based • web-based.