1 / 12

MyProxy NMI Integration

MyProxy is an online repository offering secure credential storage, convenient access, and flexible management. Examples include credential mobility, grid portals, proxy renewal, and long-term storage. It integrates with NMI, is packaged with GPT, and leverages OGSI functionality.

joanmartin
Download Presentation

MyProxy NMI Integration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MyProxy NMI Integration Jim Basney, NCSA Marty Humphrey, University of Virginia http://myproxy.ncsa.uiuc.edu/

  2. MyProxy is an online repository for grid credentials. • Secure credential storage • Convenient credential access • Flexible credential management

  3. Examples of MyProxy in use:

  4. Credential mobility: Obtain certificate tg-login.ncsa.teragrid.org ca.ncsa.uiuc.edu Store proxy myproxy.teragrid.org tg-login.caltech.teragrid.org Retrieve proxy tg-login.sdsc.teragrid.org tg-login.uc.teragrid.org

  5. Grid portals: MyProxy server CHEF portal Fetch proxy Login GridFTP server Access data

  6. Proxy renewal: Globus gatekeeper Workload management system Submit job Submit job Refresh proxy MyProxy server Fetch proxy

  7. Long-term credential storage: Certificate authority Accounting system Obtain user’s certificate Request account Username, password Load user’s credentials MyProxy server Retrieve proxy Change password

  8. NMI integration: • MyProxy included in NMI R3 & R4 • Packaged with GPT • Uses Globus Toolkit security libraries • Used by NMI components: • OGCE NMI portal • Condor-G www.ogce.org

  9. MyProxy OGSI implementation: • Initial release this month for GT 3.0 • Designed to leverage OGSI functionality CredentialManagerFactory CredentialManager Instance CredentialManager Instance

  10. Hardware-secured MyProxy: M. Lorch, J. Basney, and D. Kafura, "A Hardware-secured Credential Repository for Grid PKIs," 4th IEEE/ACM International Symposium on Cluster Computing and the Grid, April 2004. MyProxy Server IBM 4758 Proxy request Retrieve proxy Proxy certificate

  11. Ongoing work: • Continued OGSA development • Credential access control (XACML, SAML) • Credential exchange protocols (WS-Trust) • Audit logging, monitoring, and event notification • Additional authentication methods (Kerberos, PAM, OTP, SRP) • Managing multiple credentials

  12. Shiva Chetan Sumin Song Feng Qin Xiao Tu Shaun Arnold Jun Wang Greg Mattes Glenn Wasson Jarek Gawor Daniel Kouril Jason Novotny Miroslav Ruda Benjamin Temko Von Welch Markus Lorch Charles Severance Acknowledgements: Supported by NSF Middleware Initiative

More Related