Auth N and Auth R Where we have
- Slides: 14
Auth. N and Auth. R Where we have come from… Where we are going to… Cándido Rodríguez candido. rodriguez@rediris. es perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 1. 14
Agenda 1. Status of the auth. N 2. A brief overview of the auth. R 3. Impact analysis perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 2. 14
Status of the Auth. N is available in MDM perf. SONAR 3. 0 perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 3. 14
Status of the Auth. N Client from USA Services in USA don’t need authn information -> OK Services in Europe require authn -> NO perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 4. 14
Status of the Auth. N Client from Europe Services in USA don’t need authn information -> OK Services in Europe require authn -> OK perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 5. 14
Status of the Auth. N Summarizing USA teams cannot send messages to European perf. SONAR services Workaround: accounts in the GId. P When Internet 2 and ESnet in edu. GAIN? RNP has started to join to edu. GAIN Adding its own CA EU teams can send messages to any perf. SONAR service The auth. N doesn’t affect the NMWG message! perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 6. 14
Agenda 1. Status of the auth. N 2. A brief overview of the auth. R 3. Impact analysis perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 7. 14
A brief overview of the Auth. R p. SRs want to check if a user/client is allowed to do the requested action The Auth. R process implies the Auth. N process An Auth. R request contains Subject: specifies which user is doing an action Action: specifies which action the user is trying to do Resource: specifies in which place the user is trying to do the action An Auth. R response contains Status code [Optionally] User’s attributes in a SAML assertion perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 8. 14
A brief overview of the Auth. R Authorization scenario Subject: who has sent the message to the p. SR. It’s an URN urn: geant: edugain: component: be: %fed%: user: %username% Resource: which p. SR has received the message. It’s an URN …: component: perfsonarresource: %fed%: %id_resource%: %uri_service% Action: who has sent the message to the p. SR. It’s an URI http: //schemas. perfsonar. net/tools/admin/echo/2. 0 perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 9. 14
A brief overview of the Auth. R Delegated-based authorization scenario Subjects: who has sent the message to the p. SR and using which client. They are URNs urn: geant: edugain: component: be: %fed%: user: %username% …: component: perfsonarclient: %fed%: %id_client% Resource: which p. SR has received the message. It’s an URN Action: who has sent the message to the p. SR. It’s an URI perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 10. 14
Agenda 1. Status of the auth. N 2. A brief overview of the auth. R 3. Impact analysis perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 11. 14
Impact analysis AS with auth. R support Available by the end of June Need a powerful policy editor in the webadmin After finishing all auth. R developments perf. SONAR service’s perspective Auth. R component and the auth. R library by summer From auth. N component to auth. R component Minimal impact: only new line in service. properties Using the auth. R library As complicated as the auth. N one perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 12. 14
Impact analysis Client’s perspective If the client doesn’t need attributes No change If the client need attributes A auth. R library will be released by fall perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 13. 14
Edificio CICA, Campus Universitario Avenida Reina Mercedes s/n 41012 Sevilla. España perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 14. 14 Tel. : 95 505 66 00 Fax: 95 505 66 51 www. red. es www. rediris. es