Security in the wider world
David Kelsey (STFC-RAL)
GridPP37 – Ambleside
2 Sep 2016
Overview
• Reminder - EGI CSIRT continues to be the operational
security body for WLCG (in Europe)
– The UK NGI Security team plays a leading role
– Funding for security coordination from the EGI Foundation
• Many different activities – just show a few today
– Policies, Procedures, Monitoring, Training, Dissemination …
• EU H2020 projects - development
– EGI-Engage
– AARC (Authentication and Authorisation for Research & Collaboration)
• “Wise Information Security for Einfrastructures” (WISE)
• Future H2020 proposals
– AARC2 now approved: ? May 2017 – April 2019
– EINFRA12 call (EGI-Engage follow-on): ? Jan 2018 – Dec 2020
2 Sep 2016
Kelsey/Security
2
EGI-Engage SA1.2
2 Sep 2016
Kelsey/Security
3
EGI SVG
2 Sep 2016
Kelsey/Security
4
2 Sep 2016
Kelsey/Security
5
AARC
2 Sep 2016
Kelsey/Security
6
2 Sep 2016
Kelsey/Security
7
EGI-Engage JRA1.1 – slides from Diego Scardaci
The new EGI AAI infrastructure
TJRA1.1
JRA1 E-Infrastructure
Commons
Core requirements for the AAI
• Credentials/Tokens
– Users access EGI services with credentials released by his/her
home organisation (eduGAIN support)
– Take into account the so-called homeless users
– Level Of Assurance (LoA) for each credential type
• Open architecture
– Support the most common technologies to manage federated
identities: SAML, OpenID Connect, X.509, etc.
– Support several attributes sources
– Easily extensible and interoperable with other infrastructures
• Hide the complexity to the Service providers
– Token Translator Services (TTSs)
• Convert a credential to be recognised by the service
JRA1 E-Infrastructure
Commons
New EGI AAI and trust model
Level of
Assurance
Information sent to service providers
Community
attributes
“User A”
User
Community
Attribute
Authority
JRA1 E-Infrastructure
Commons
EGI
Services
Liaison with AARC &
Requirements gathering
• Collaboration established with the AARC project:
– Adopt AAI policies, solutions and best practices defined
at European level
– Deal with problems that require a larger scope to be
resolved (e.g. global unique identifiers, levels of
assurance, etc.)
– The AARC Blueprint
• IdP/SP proxy model, TTS based on CILogon
• Requirements gathering
– EGI-Engage Competence Centers
– Other EGI communities and RIs
– EGI Tools
JRA1 E-Infrastructure
Commons
EGI AAI
WP3 E-Infrastructure Commons
EGI AAI
WP3 E-Infrastructure Commons
EGI AAI
WP3 E-Infrastructure Commons
IGTF/AARC
2 Sep 2016
Kelsey/Security
15
USA - CILogon
2 Sep 2016
Kelsey/Security
16
AARC IOTA CA
2 Sep 2016
Kelsey/Security
17
WISE
2 Sep 2016
Kelsey/Security
18
2 Sep 2016
Kelsey/Security
19
WISE
2 Sep 2016
Kelsey/Security
20
WISE
2 Sep 2016
Kelsey/Security
21
WISE
2 Sep 2016
Kelsey/Security
22
Next WISE Workshop
• Tuesday 27 Sep 2016
• Before the Digital Infrastructures for Research (DI4R)
conference in Krakow, Poland
2 Sep 2016
Kelsey/Security
23
QUESTIONS?
2 Sep 2016
Kelsey/Security
24