Goal with meeting: Update on current global security architecture work. Discuss future global security architecture work.
The meeting is in the Research Office Buildng (ROB) - building
number 48 on the North side of the campus (30-B) on the map
http://www2.slac.stanford.edu/maps/slacarea.html#gridMap
The meeting room is Redwood A-B on the south side of the
building.
(1) gPlazma: quick current design/implementation, future IDP-wall and Auditing extensions.
(2) Auditing: help facilitate discussion with Bob.
(3) SRM CET: I am co-PI on the SciDAC proposal. I can give a brief idea of goals (goal is to build a full-fledged multi-VO-multi-site SRM Security & Policy Framework, contributing to SAML/XACML future specs and thus possibly OGSA-Authz-2 and beyond).
Speaker:
Abhishek Sing Rana
15:00
Coffee
30m
15:30
Auditing requirements1h
What do we want from an auditing system? What information MUST be there, what MAY be there, etc.
The NIST Process and how it informs the OSG Security Process15m
Speaker:
Irwin Gaines(Fermilab, USA)
transparencies
10:15
Open Science Grid VO Trust and AUP30m
Speaker:
Keith Chadwick(Fermilab, USA)
transparencies
11:00
Coffee
30m
11:30
EGEE Security Coordination Group15m
Speaker:
Ake Edlund(KTH)
transparencies
11:45
EGEE and JSPG activities30m
Speaker:
Dave Kelsey(Rutherford Appleton Laboratory)
transparencies
12:15
EGEE Grid Security Vulnerability Group30m
Speaker:
Linda Cornwall (presented by Dave Kelsey)(Rutherford Appleton Laboratory)
transparencies
12:45
gLite 3.0 update and plans15m
Speaker:
John White(CERN)
transparencies
13:00
→
14:00
Lunch
14:00
→
16:00
Authorization - Status and Plans
14:00
Recent Updates in the Privilege Project15m
Speaker:
Vikram Andem(Fermilab, USA)
transparencies
14:15
→
15:45
xrootd
14:15
Dealing with firewalls: xrootd proxy architecture45m
The xrootd data server, part of the Scalla Software Suite, allows external
client access to data protected by firewalls using proxy servers. Since
xrootd is a peer-to-peer architecture servers can be recast as clients,
making it natural to provide a proxy data service. This talk describes the
xrootd proxy mechanism, how proxy clusters can be defined, and future
direction to use proxy services to provision peer cross-domain data
networks.
Speaker:
Andrew Hanushevsky(SLAC)
transparencies
15:00
The Authentication and Authorization Framework used in xrootd45m
The xrootd dataserver, part of the Scalla Software Suite, uses a generic
authentication framework; implemented via dynamic plug-ins. This
architecture provides multi-protocol authentication capabilities and
allows clients to auto-configure themselves to correspond to the authentication
protocols supported by each server. Adding a new authentication protocol
is accomplished by creating and distributing an external
authentication-specific plug-in shared library. Currently, plug-ins exist
for GSI, Kerberos 4 and 5, and simple password authentication. The
server-centric authorization mechanism is implemented in a similar manner.
This talk describes the authentication and authorization frameworks and
how they can be used by other middleware needing comparable facilities.
Speaker:
Andrew Hanushevsky(SLAC)
transparencies
15:45
→
16:00
Round-up, summary, what's next
During this meeting, we'll discuss the attached MWSG-9-Conclusions.txt document: content, names, dates
