Auth N and Auth R Where we have

  • Slides: 14
Download presentation
Auth. N and Auth. R Where we have come from… Where we are going

Auth. N and Auth. R Where we have come from… Where we are going to… Cándido Rodríguez candido. [email protected] es perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 1. 14

Agenda 1. Status of the auth. N 2. A brief overview of the auth.

Agenda 1. Status of the auth. N 2. A brief overview of the auth. R 3. Impact analysis perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 2. 14

Status of the Auth. N is available in MDM perf. SONAR 3. 0 perf.

Status of the Auth. N is available in MDM perf. SONAR 3. 0 perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 3. 14

Status of the Auth. N Client from USA Services in USA don’t need authn

Status of the Auth. N Client from USA Services in USA don’t need authn information -> OK Services in Europe require authn -> NO perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 4. 14

Status of the Auth. N Client from Europe Services in USA don’t need authn

Status of the Auth. N Client from Europe Services in USA don’t need authn information -> OK Services in Europe require authn -> OK perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 5. 14

Status of the Auth. N Summarizing USA teams cannot send messages to European perf.

Status of the Auth. N Summarizing USA teams cannot send messages to European perf. SONAR services Workaround: accounts in the GId. P When Internet 2 and ESnet in edu. GAIN? RNP has started to join to edu. GAIN Adding its own CA EU teams can send messages to any perf. SONAR service The auth. N doesn’t affect the NMWG message! perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 6. 14

Agenda 1. Status of the auth. N 2. A brief overview of the auth.

Agenda 1. Status of the auth. N 2. A brief overview of the auth. R 3. Impact analysis perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 7. 14

A brief overview of the Auth. R p. SRs want to check if a

A brief overview of the Auth. R p. SRs want to check if a user/client is allowed to do the requested action The Auth. R process implies the Auth. N process An Auth. R request contains Subject: specifies which user is doing an action Action: specifies which action the user is trying to do Resource: specifies in which place the user is trying to do the action An Auth. R response contains Status code [Optionally] User’s attributes in a SAML assertion perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 8. 14

A brief overview of the Auth. R Authorization scenario Subject: who has sent the

A brief overview of the Auth. R Authorization scenario Subject: who has sent the message to the p. SR. It’s an URN urn: geant: edugain: component: be: %fed%: user: %username% Resource: which p. SR has received the message. It’s an URN …: component: perfsonarresource: %fed%: %id_resource%: %uri_service% Action: who has sent the message to the p. SR. It’s an URI http: //schemas. perfsonar. net/tools/admin/echo/2. 0 perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 9. 14

A brief overview of the Auth. R Delegated-based authorization scenario Subjects: who has sent

A brief overview of the Auth. R Delegated-based authorization scenario Subjects: who has sent the message to the p. SR and using which client. They are URNs urn: geant: edugain: component: be: %fed%: user: %username% …: component: perfsonarclient: %fed%: %id_client% Resource: which p. SR has received the message. It’s an URN Action: who has sent the message to the p. SR. It’s an URI perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 10. 14

Agenda 1. Status of the auth. N 2. A brief overview of the auth.

Agenda 1. Status of the auth. N 2. A brief overview of the auth. R 3. Impact analysis perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 11. 14

Impact analysis AS with auth. R support Available by the end of June Need

Impact analysis AS with auth. R support Available by the end of June Need a powerful policy editor in the webadmin After finishing all auth. R developments perf. SONAR service’s perspective Auth. R component and the auth. R library by summer From auth. N component to auth. R component Minimal impact: only new line in service. properties Using the auth. R library As complicated as the auth. N one perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 12. 14

Impact analysis Client’s perspective If the client doesn’t need attributes No change If the

Impact analysis Client’s perspective If the client doesn’t need attributes No change If the client need attributes A auth. R library will be released by fall perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 13. 14

Edificio CICA, Campus Universitario Avenida Reina Mercedes s/n 41012 Sevilla. España perf. SONAR developer

Edificio CICA, Campus Universitario Avenida Reina Mercedes s/n 41012 Sevilla. España perf. SONAR developer workshop - Zagreb, 7 th-9 th April 08 14. 14 Tel. : 95 505 66 00 Fax: 95 505 66 51 www. red. es www. rediris. es