• Europe/Zurich
  • English
  • Login
Filter
 
Focus on:  Hide Contributions
iCal export

Middleware Security Group Meeting

from to (Europe/Zurich)
at Berkeley
Description 
Logistics

http://www.es.net/hypertext/MWSG/logistics.html


Registration

http://www.es.net/hypertext/MWSG/registration.html


Agenda (Soon)
Go to day
  • Thursday, 6 December 2007
    • 09:00 - 12:35 Session 1: General security topics
      • 09:00 Welcome, discussion of Agenda 15'
        Speaker: Chairs (Bob C., C.Witzig)
      • 09:15 Security Incidents and Countermeasures (was LCAS/LCMAPS concern) 15'
        Speaker: Oscar Koeroo
        Material: Slides powerpoint file pdf file
      • 09:30 How to leverage an existing SSH-PKI for our ssl-based grid security middleware 15'
        Speaker: Frank Siebenlist
        Material: Slides powerpoint file pdf file
      • 09:45 Proxy restriction 30'
        Speaker: Joni Hahkala
        Material: Slides presentation file pdf file
      • 10:15 break 30'
      • 10:45 Pseudonymity Service - First Prototype Implementation 30'
        Speaker: Henri Mikkonen
        Material: Slides pdf file
      • 11:15 End-to-end security 30' 
        Goal of the presentation:
We want to draw attention to the problems the current trust model poses;  i.e. the fact that all the middleware needs to be trusted.
We will present our current view on how this could be changed, so that only the end points, i.e. the user and the execution machine, need to be trusted. We will have a proposal for a prototype implementation, and we would like to have a discussion with the other middleware developers.
        Speakers: Igor Sfilioi, Ian Aldermann
        Material: Slides pdf file
      • 11:45 Email break 30'
    • 12:15 - 13:30 lunch break
    • 13:30 - 17:30 Session 2: Authorization 
      Goals of the Authorization sessions:

1. For end-to-end study: 
a) Presentation of ideas based on end-to-end authorization study for EGEE-III
b) Input of OSG to these ideas
c) Identification of possible problems

2. For authZ interoperability:
a) reviewing all fundamental areas of the work (even the ones settled and not discussed in several months) and reassuring ourselves that we are still on the same page everywhere
b) discuss the scope and release schedule for the development work in OpenSAML 2. The goal is gathering enough information to update our plans. After the MWSG, we will need to carefully evaluate if these changes of scope and schedule make the joint project still cost effective.
c) discuss communication channels w/ new development team and its management; discuss expectations for participation, response time, quality, etc.
d) agree on the draft profile to be distributed by Chad on Nov 30 (note: this will be done in a smaller group in a parallel session on Thu morning and Fri afternoon)
      • 13:30 Authorization end-to-end study 1h30'
        Speaker: Christoph Witzig
        Material: Slides powerpoint file pdf file
      • 15:00 break 30'
      • 15:30 AuthZ Interop: Requirements, Plans and Milestones 20'
        Speaker: Gabriele Garzogolio
        Material: Slides powerpoint file pdf file
      • 15:50 AuthZ Interop: A common XACML Profile and its current implementation 20'
        Speaker: Oscar Koeroo
        Material: Slides powerpoint file pdf file
      • 16:10 AuthZ Interop: G-PBox and gJAF experience with the GT XACML library(Java version) 20'
        Speaker: Hakon Sagehaug
        Material: Slides pdf file
      • 16:30 AuthZ Interop: GT XACML library implementation and future plans 20'
        Speaker: Rachana Ananthakrishnan
        Material: Slides powerpoint file pdf file
      • 16:50 AuthZ Interop: Discussion 40'
        Speaker: all
  • Friday, 7 December 2007
    • 09:00 - 13:15 Session 3: Authorization continued
      • 09:00 GP-Box: current role and future development 30'
        Speaker: Alberto Forti
        Material: Slides pdf filedown arrow
      • 09:30 Discussion on authorization service 45'
        Speaker: all
        Material: pictures unknown type file
      • 10:15 break 30'
      • 10:45 COmanage and GridGrouper 1h0'
        Speaker: Tom Barton
        Material: Slides powerpoint file pdf file
      • 11:45 How virtual machine technology could make our client and server deployments more secure and resilient 30'
        Speaker: Frank Siebenlist
        Material: Slides powerpoint file pdf file
    • 12:15 - 13:30 lunch break
    • 13:30 - 16:00 Session 4: General security topics
      • 13:30 CO-Manage and GridGrouper (cont) 30'
        Speaker: Tom Barton
      • 14:00 VOMS migration to openSSL 15'
        Speaker: Andrea Ceccanti
        Material: Slides pdf file
      • 14:15 Security of VO schedulers 15' 
        Large VOs are deploying their own schedulers which interact directly with Worker Nodes. This raises the question whether these schedulers should be considered as part of the core middleware.
The goal of this presentation is to find out whether the MWSG should investigate the security implications of VO specific schedulers. If so, how should the group proceed?
There was a long discussion of how to control connections between the worker nodes and the Internet. Christoph asked for reactions to some standardization of a sort of proxy facility that schedulers would go through to fetch jobs. Oscar dug up his slides from 2004 were he had proposed a facility for controlling connections to the Internet. Those slides are attached.
        Speaker: Christoph Witzig
        Material: Slides powerpoint file pdf file
      • 14:30 Proxy lifetime restrictions 30'
        Speaker: Mine Altunay
      • 15:00 Update on Security Token Service (STS) 15'
        Speaker: Chad La Joie
        Material: Slides powerpoint filedown arrow pdf file
      • 15:15 Discussion, AOB 15'