1 / 10

MyProxy

MyProxy. Nurzhan Kirbassov http://cyberaide.googlecode.com/svn/trunk/lectures/seminar-grid-i-myproxy.ppt. Outline. Some terms What are proxy credentials What is delegation Restrictions before MyProxy How MyProxy solves the restrictions. Proxy credentials.

jon
Download Presentation

MyProxy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MyProxy Nurzhan Kirbassov http://cyberaide.googlecode.com/svn/trunk/lectures/seminar-grid-i-myproxy.ppt Service Oriented Cyberinfrastructure Lab, http://blackrose02.rit.edu

  2. Outline • Some terms • What are proxy credentials • What is delegation • Restrictions before MyProxy • How MyProxy solves the restrictions Service Oriented Cyberinfrastructure Lab, http://grid.rit.edu

  3. Proxy credentials • New set of private key and certificate, signed by the user’s long-term credential • Has short lifetime (usually within several hours or days) • Can be used in place of the long-term credential Service Oriented Cyberinfrastructure Lab, http://grid.rit.edu

  4. Delegation • Passing the right to act on behalf of a user • Same as proxy credential creation • Difference: made over secure network connection • Can be chained • Service that has proxy credential can create a new proxy credential Service Oriented Cyberinfrastructure Lab, http://grid.rit.edu

  5. Restrictions before MyProxy • Credentials had to be stored on user’s computer (from which you login to a web portal) • Some programs do not support proxy credentials delegation (web browsers) • User had to give his credentials every time some service needed it Service Oriented Cyberinfrastructure Lab, http://grid.rit.edu

  6. MyProxy solution • Issue short-term proxy credentials upon request • Store users’ long-term credentials on a secure server (optional) Service Oriented Cyberinfrastructure Lab, http://grid.rit.edu

  7. Step1: Submit credentials MyProxy Credential Repository Cert chain Private key myproxy-init Proxy credentials User ID Password User Service Oriented Cyberinfrastructure Lab, http://grid.rit.edu

  8. Step 2: Ask for credentials Browser (User) MyProxy myproxy-get-delegation User ID Password User ID Password Portal Proxy credential Grid Service Proxy credential Service Oriented Cyberinfrastructure Lab, http://grid.rit.edu

  9. Summary • Allows user credentials storage on a secure server • Enables user credentials delegation over the chain of services • Proxy credentials have limited lifetime (1 week by default) • Allows for better security Service Oriented Cyberinfrastructure Lab, http://grid.rit.edu

  10. References • An Online Credential Repository For The Grid: MyProxy, Jason Novotny, Steven Tuecke, Von Welch • MyProxy and the Globus Toolkit, The Globus Alliance Service Oriented Cyberinfrastructure Lab, http://grid.rit.edu

More Related