EMI Security Workshop

Europe/Zurich
CERN

CERN

Description

The EMI Security Workshop will take place on

25th May 14:00 to 18:00: Building 32, 1st Floor, Room A24 (32-1-A24) and

26th May 9:00 to 12:00: Building 31, 3rd Floor, Room 004 (31-3-04) .

 

We are pleased to announce, in conjunction with the EMI Kick-off meeting, the Security Workshop on 25/26th May.
 
We hope to have representatives from each of ARC, gLite and UNICORE present to be able to comment on these subjects and provide an authorized position in order to make the first decisions in the Security task.
 
This workshop is the first milestone of the EMI JRA1 and will cover the following subjects (from the EMI Description of Work):
 
- The removal of GSI for replacement by SSL/TLS. For this subject it will be necessary to confirm and tabulate the components that are still dependent on GSI and which will benefit from this standardization. This includes non-security components.
 
For the removal of GSI for replacement by SSL/TLS we will need input (presentations) from VOMS, Data management and delegation (for job management), also the exposure and plans of relevant ARC components.
 
- Common authentication libraries. At this stage we should be able to project whether the common library should be X.509 only or include SAML support. The use-cases within each stack must be presented.
 
Here we need input from a representative of each middleware stack.
 
- The usage of the SAML-enabled VOMS service within ARC/gLite must be understood and a medium-term plan for possible replacement or coexistence of attribute certificates with SAML made.
 
Related to the above topic. Presentations from VOMS, job management (gLite and ARC) and the projected standard Authorization system, Argus.
 
- A review of the Authorization decision mechanisms of all job management systems. A plan for any necessary integration with the common libraries and security tokens made.
 
Presentations from gLite WMS, CE(s) (gLite and ARC))
 
 The results of the security workshop will be presented and taken into account in the first deliverable document, Security Area Work Plan and Status Report. This document will present the status of the security infrastructures and components, the integration plan and a work plan for the first year of the project as requested in the Evaluation Report.
 
 
Related Information:
* How to reach CERN
* CERN Hostel offers basic rooms with shower and WC on the CERN campus. Please make sure you book early, as these rooms are often fully booked. Should the CERN Hostel ask for contact person at CERN, please indicate Yasemin Hauser.
* Hotels in the local area
* A dinner is organised on 27 May at Auberge Communale de Satigny. For registration, go to the EMI Kick-off Meeting event page.

CERN is closed on Monday 24th May. Contact
project-eu-emi-po@cern.ch if you need a CERN pass for the 24th, or other information.
 


 

<o:p></o:p>


 


 

 
 

Participants
  • Aleksandr Konstantinov
  • Andrea Ceccanti
  • Cecchi Marco
  • Christoph Witzig
  • Daniel Kouril
  • John White White
  • Krzysztof Benedyczak
  • Linda Cornwall
  • Mattias Ellert
  • Miika Tuisku
  • Oliver Keeble
  • Oscar Koeroo
  • Paolo Andreetto
  • Ricardo Rocha
  • sara bertocco
  • Vincenzo Ciaschini
  • Zsolt Molnár
    • 1
      Welcome and Objectives 32/1-A24

      32/1-A24

      CERN

      40
      Show room on map
      Speaker: Dr Alberto Di Meglio (CERN)
      Slides
    • GSI in EMI 32/1-A24

      32/1-A24

      CERN

      40
      Show room on map

      An overall goal in the EMI stack is to remove proprietary technology
      where possible for replacement by standard components. In particular this session
      focuses on the removal of GSI for replacement by SSL/TLS.

      Each presenter should indicate the usage of GSI in their overall middleware stack or set of components and outline a plan for removal or reasons why removal is not feasible or beneficial.

      • 2
        GSI Status in VOMS
        Speaker: Dr Vincenzo Ciaschini (INFN CNAF)
        Slides
      • 3
        GSI Usage in Data Management
        Speakers: Patrick Fuhrmann (Unknown), Dr Patrick Fuhrmann (DESY)
        Slides
      • 4
        Delegation and Proxy-Renewal
        Speaker: Daniel Kouril (Unknown)
        Slides
      • 5
        GSI in ARC
        Speaker: Mr Aleksandr Konstantinov (VILNIUS UNIVERSITY)
        Slides
    • 3:50 PM
      Coffee
    • SAML usage in EMI 32/1-A24

      32/1-A24

      CERN

      40
      Show room on map

      A medium-term plan for possible replacement or coexistence of attribute certificates with SAML should be made. The current SAML usage capabilities and experience/needs
      should be outlined.

      • 6
        Status of VOMS-SAML
        Speaker: Andrea Ceccanti (Unknown)
        Slides
      • 7
        SAML and ARC
        Speaker: Mr Aleksandr Konstantinov (VILNIUS UNIVERSITY)
        Slides
      • 8
        SAML and UNICORE
        Speaker: Mr Krzysztof Benedyczak
        Slides
      • 9
        SAML and Argus
        Speakers: Andrea Ceccanti (Unknown), Andrea Ceccanti (Unknown)
        Slides
    • Common EMI authentication libraries. 32/1-A24

      32/1-A24

      CERN

      40
      Show room on map

      A common set of EMI authentication libraries. At this stage we should be able to
      project whether the common library should be X.509 only or include SAML
      support. The use-cases within each MW stack will be presented.

      • 10
        Common AuthN in gLite
        Speaker: Dr Vincenzo Ciaschini (INFN CNAF)
        Slides
      • 11
        ARC
        Postponed to next session.
        Speaker: Mr Aleksandr Konstantinov (VILNIUS UNIVERSITY)
      • 12
        UNICORE
        Speaker: Mr Krzysztof Benedyczak
        Slides
      • 13
        Discussion
    • 10:20 AM
      Coffee
    • Job management AuthZ IT Auditorium

      IT Auditorium

      CERN

      Presentations that give a review of the Authorization decision mechanisms of all job management systems. These will form the basis for any integration with the common libraries and security tokens. Presentations from gLite WMS, CE(s) (gLite and ARC))

      • 14
        ARC CE
        Speaker: Mr Aleksandr Konstantinov (VILNIUS UNIVERSITY)
        Slides
      • 15
        UNICORE AuthZ
        Speaker: Mr Krzysztof Benedyczak
        Slides
      • 16
        gLite CREAM
        Speaker: Paolo Andreetto (Unknown)
        Slides
      • 17
        gLite WMS
        Speaker: Marco Cecchi (Unknown)
        Slides
      • 18
        Argus AuthZ Service
        Speakers: Andrea Ceccanti (Unknown), Andrea Ceccanti (Unknown)
        Slides
      • 19
        Discussion
    • Summary IT Auditorium

      IT Auditorium

      CERN

      A summary of any decisions reached and also where more work needs to be done.

      • 20
        Security Vulnerabilities in EGI
        Speaker: Linda Ann Cornwall (Particle Physics-Rutherford Appleton Laboratory-STFC - Science &)
        Slides
      • 21
        Summary
        Speaker: John White White (Helsinki Institute of Physics HIP)