1 / 14

AuthN and AuthR Where we have come from… Where we are going to…

AuthN and AuthR Where we have come from… Where we are going to…. C ándido Rodríguez candido.rodriguez@rediris.es. Agenda. Status of the authN A brief overview of the authR Impact analysis. Status of the AuthN. AuthN is available in MDM perfSONAR 3.0. Status of the AuthN.

kiri
Download Presentation

AuthN and AuthR Where we have come from… Where we are going to…

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AuthN and AuthR Where we have come from… Where we are going to… Cándido Rodríguez candido.rodriguez@rediris.es

  2. Agenda • Status of the authN • A brief overview of the authR • Impact analysis

  3. Status of the AuthN • AuthN is available in MDM perfSONAR 3.0

  4. Status of the AuthN • Client from USA • Services in USA don’t need authn information -> OK • Services in Europe require authn -> NO

  5. Status of the AuthN • Client from Europe • Services in USA don’t need authn information -> OK • Services in Europe require authn -> OK

  6. Status of the AuthN • Summarizing • USA teams cannot send messages to European perfSONAR services • Workaround: accounts in the GIdP • When Internet2 and ESnet in eduGAIN? • RNP has started to join to eduGAIN • Adding its own CA • EU teams can send messages to any perfSONAR service • The authN doesn’t affect the NMWG message!

  7. Agenda • Status of the authN • A brief overview of the authR • Impact analysis

  8. A brief overview of the AuthR • pSRs want to check if a user/client is allowed to do the requested action • The AuthR process implies the AuthN process • An AuthR request contains • Subject: specifies which user is doing an action • Action: specifies which action the user is trying to do • Resource: specifies in which place the user is trying to do the action • An AuthR response contains • Status code • [Optionally] User’s attributes in a SAML assertion

  9. A brief overview of the AuthR • Authorization scenario • Subject: who has sent the message to the pSR. It’s an URN • urn:geant:edugain:component:be:%fed%:user:%username% • Resource: which pSR has received the message . It’s an URN • …:component:perfsonarresource:%fed%:%id_resource%:%uri_service% • Action: who has sent the message to the pSR . It’s an URI • http://schemas.perfsonar.net/tools/admin/echo/2.0

  10. A brief overview of the AuthR • Delegated-based authorization scenario • Subjects: who has sent the message to the pSR and using which client. They are URNs • urn:geant:edugain:component:be:%fed%:user:%username% • …:component:perfsonarclient:%fed%:%id_client% • Resource: which pSR has received the message . It’s an URN • Action: who has sent the message to the pSR . It’s an URI

  11. Agenda • Status of the authN • A brief overview of the authR • Impact analysis

  12. Impact analysis • AS with authR support • Available by the end of June • Need a powerful policy editor in the webadmin • After finishing all authR developments • perfSONAR service’s perspective • AuthR component and the authR library by summer • From authN component to authR component • Minimal impact: only new line in service.properties • Using the authR library • As complicated as the authN one

  13. Impact analysis • Client’s perspective • If the client doesn’t need attributes • No change • If the client need attributes • A authR library will be released by fall

  14. Edificio CICA, Campus Universitario Avenida Reina Mercedes s/n 41012 Sevilla. España Tel.: 95 505 66 00 Fax: 95 505 66 51 www.red.es www.rediris.es

More Related