Difference between revisions of "User:Msalle@nikhef.nl"

From PDP/Grid Wiki
Jump to navigationJump to search
 
(38 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
= Projects: =
 
= Projects: =
  
== nl.nikhef.slcshttps ==
+
== Grid middleware security ==
  
=== Method ===
+
This is all kinds of different security related work done within the Nikhef grid-middleware security group. See for example
Method used by the IMDI browser to obtain a certificate, see image below
+
* the [[GLExec|gLExec wiki pages]] (An overview of the different Nikhef tools can be found in the slightly outdated [[Site Access Control]] pages).
 +
* [[SAC software procedures|release process of the Grid Security Middleware]]
  
(mostly) '''User''' point of view:
+
It also covers work on the Risk Assessment Team for the [https://wiki.egi.eu/wiki/SVG:SVG EGI Software Vulnerability Group].
  
# '''User''' clicks/chooses initialization option
+
== User delegation in the CLARIN Metadata Infrastructure ==
# java browser starts a webbrowser...
 
# which via the online CA at SURFnet...
 
# redirects webbrowser to WAYF (Where Are You From) server where '''user''' chooses his ''Identity Provider''.
 
# '''User''' logs in at ''IdP''
 
# Webbrowser redirects back to online CA. '''User''' closes webbrowser.
 
# After confirmation by '''user''', java browser now connects itself to online CA
 
# java browser retrieves certificate from online CA and the '''user''' can use it to authenticate with client side certificates.
 
  
Technical overview:
+
This project was a joined project between CLARIN via the [http://www.mpi.nl/ The Max Planck Institute for Psycholinguistics (MPI)] and [http://www.nikhef.nl/ Nikhef] and supported by [http://www.biggrid.nl/ BiG Grid].
 +
See e.g. the [[CLARIN/OAuth2|project pages]]
  
<ol>
+
== jGridstart ==
<li> Initialization procedure:<ol  style="list-style-type:lower-alpha">
 
<li> javabrowser creates a per-session keypair (i.e. never saved to disk).
 
<li> javabrowser creates a certificate signing request (CSR)</ol>.
 
<li> javabrowser starts a webbrowser...
 
<li> the URL is the online CA + a hash of the CSR.
 
<li> Now the standard Shibboleth trajectory starts: Online CA redirects the browser to a WAYF where the user chooses his IdP.
 
<li> User logs in at his/her IdP.
 
<li> Webbrowser sends the user back to the online CA. The URL is now rewritten using Shibboleth, and the Online CA knows that the user, who send the CSR hash, is authorized. The user now tells the javabrowser that (s)he is finished with the webbrowser.
 
<li> The javabrowser sends the full CSR to the Online CA.
 
<li> The Online CA:
 
<ol style="list-style-type:lower-alpha">
 
<li> calculates the hash
 
<li> checks whether it is known/corresponds to a authorized user.
 
<li> if yes, signs the CSR
 
<li> sends a HTTP reply with the signed certificate.
 
</ol>
 
The signed certificate is stored inside the javabrowser and will be offered as client side certificate upon opening a HTTPS connection.
 
</ol>
 
  
[[Image:Imdi handshake.png||IMDI Browser handshake]]
+
This is a Java webstart application to gently guide (new) Grid user in the process of obtaining their grid certificate.
 +
See e.g. [[JGridstart|project page]] for more information.
  
=== Files: ===
+
== nl.nikhef.slcshttps ==
 
 
*[http://www.nikhef.nl/~msalle/slcshttps/slcshttps_v0.1_full.zip full zip-archive] (Full zip including jar file, build, and javadoc)
 
*[http://www.nikhef.nl/~msalle/slcshttps/slcshttps_v0.1_src.zip zip-archive] (Zip including only sources, run ant to get the rest)
 
*[http://www.nikhef.nl/~msalle/slcshttps/slcshttps_jdk15_v0.1.jar JDK1.5 jarfile]
 
*[http://www.nikhef.nl/~msalle/slcshttps/doc/ Javadoc API]
 
*[https://ndpfsvn.nikhef.nl/cgi-bin/viewvc.cgi/pdpsoft/trunk/nl.nikhef.slcshttps/ SVN repository with source]
 
Talks:
 
*[http://www.nikhef.nl/~msalle/slcshttps/MPI_talk_27052009.pdf Talk at BiGGrid meeting, Nikhef, 27 May 2009]
 
 
 
Note that you also need the [http://www.bouncycastle.org/ BouncyCastle provider].
 
Direct link to the [http://www.bouncycastle.org/download/bcprov-jdk15-143.jar JDK1.5 jarfile]
 
  
=== gLite security ===
+
This project was a joined project between [http://www.mpi.nl/ The Max Planck Institute for Psycholinguistics (MPI)], [http://www.surfnet.nl/ SURFnet] and [http://www.nikhef.nl/ Nikhef] and supported by [http://www.biggrid.nl/ BiG Grid].
  
See e.g. [http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/Site_Access_Control Nikhef Site Access Control pages]
+
See the [[User:Msalle@nikhef.nl/nl.nikhef.slcshttps|project page]] for details.

Latest revision as of 10:05, 8 May 2015

Projects:

Grid middleware security

This is all kinds of different security related work done within the Nikhef grid-middleware security group. See for example

It also covers work on the Risk Assessment Team for the EGI Software Vulnerability Group.

User delegation in the CLARIN Metadata Infrastructure

This project was a joined project between CLARIN via the The Max Planck Institute for Psycholinguistics (MPI) and Nikhef and supported by BiG Grid. See e.g. the project pages

jGridstart

This is a Java webstart application to gently guide (new) Grid user in the process of obtaining their grid certificate. See e.g. project page for more information.

nl.nikhef.slcshttps

This project was a joined project between The Max Planck Institute for Psycholinguistics (MPI), SURFnet and Nikhef and supported by BiG Grid.

See the project page for details.

Retrieved from "https://wiki.nikhef.nl/grid/index.php?title=User:Msalle@nikhef.nl&oldid=9666"