We are pleased to announce, in conjunction with the EMI Kick-off meeting, the Security Workshop on 25/26th May.
We hope to have representatives from each of ARC, gLite and UNICORE present to be able to comment on these subjects and provide an authorized position in order to make the first decisions in the Security task.
This workshop is the first milestone of the EMI JRA1 and will cover the following subjects (from the EMI Description of Work):
- The removal of GSI for replacement by SSL/TLS. For this subject it willbe necessary to confirm and tabulate the components that are stilldependent on GSI and which will benefit from this standardization. Thisincludes non-security components.
For the removal of GSI for replacement by SSL/TLS we will need input (presentations) from VOMS, Data management and delegation (for job management), also the exposure and plans of relevant ARC components.
- Common authentication libraries. At this stage we should be able toproject whether the common library should be X.509 only or include SAMLsupport. The use-cases within each stack must be presented.
Here we need input from a representative of each middleware stack.
- The usage of the SAML-enabled VOMS service within ARC/gLite must beunderstood and a medium-term plan for possible replacement orcoexistence of attribute certificates with SAML made.
Related to the above topic. Presentations from VOMS, job management (gLite and ARC) and the projected standard Authorization system, Argus.
- A review of the Authorization decision mechanisms of all job managementsystems. A plan for any necessary integration with the common librariesand security tokens made.
Presentations from gLite WMS, CE(s) (gLite and ARC))
The results of the security workshop will be presented and taken into account in the first deliverable document, Security Area Work Plan and Status Report. This document will present the status of the security infrastructures and components, the integration plan and a work plan for the first year of the project as requested in the Evaluation Report.
An overall goal in the EMI stack is to remove proprietary technology
where possible for replacement by standard components. In particular this session
focuses on the removal of GSI for replacement by SSL/TLS.
Each presenter should indicate the usage of GSI in their overall middleware stack or set of components and outline a plan for removal or reasons why removal is not feasible or beneficial.
GSI Status in VOMS
DrVincenzo Ciaschini(INFN CNAF)
GSI Usage in Data Management
Patrick Fuhrmann(Unknown), DrPatrick Fuhrmann(DESY)
A common set of EMI authentication libraries. At this stage we should be able to
project whether the common library should be X.509 only or include SAML
support. The use-cases within each MW stack will be presented.
Presentations that give a review of the Authorization decision mechanisms of all job management systems. These will form the basis for any integration with the common libraries and security tokens. Presentations from gLite WMS, CE(s) (gLite and ARC))