This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 4 of 10
This Webinar focuses on Boundary Defense Mechanisms
• Denying communications with known malicious IP addresses
• Rapidly deployment of filters on internal networks
• Deploying network-based IDS sensors on Internet and extranet DMZ systems
• Seeking unusual attack mechanisms
• Implementing Network-based IPS devices
• Implementing a secure Network Architecture
• Implementing two-factor authentication
• Designing internal network segmentation
• Designing and implementing network perimeter proxy servers
• Denying communications with known malicious IP addresses
Identity and Access Management for User login and departmental level and federation level. User can be easily manageable through identity and access Management
'Cyber in the Liverpool City Region' hosted by the North West Cyber Security Cluster on Thursday 24th March 2022 in Liverpool. Three guest speakers discussing Cyber Security careers and university courses, How does the Digital Tech Cluster help tech start-ups and scale-ups?, and Cyber Security and Space.
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 4 of 10
This Webinar focuses on Boundary Defense Mechanisms
• Denying communications with known malicious IP addresses
• Rapidly deployment of filters on internal networks
• Deploying network-based IDS sensors on Internet and extranet DMZ systems
• Seeking unusual attack mechanisms
• Implementing Network-based IPS devices
• Implementing a secure Network Architecture
• Implementing two-factor authentication
• Designing internal network segmentation
• Designing and implementing network perimeter proxy servers
• Denying communications with known malicious IP addresses
Identity and Access Management for User login and departmental level and federation level. User can be easily manageable through identity and access Management
'Cyber in the Liverpool City Region' hosted by the North West Cyber Security Cluster on Thursday 24th March 2022 in Liverpool. Three guest speakers discussing Cyber Security careers and university courses, How does the Digital Tech Cluster help tech start-ups and scale-ups?, and Cyber Security and Space.
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
Presentation by Scott Rea, DigiCert's Sr. PKI Architect, at AppSec California 2015.
Abstract:
Traditional PKI focuses on binding a public key to the keyholder’s identity, which is implicitly assumed to be a well-defined, relatively static thing (such as individual’s full name or email address, or the hostname of a public webserver). However, in the envisioned smart grid, for example, the relevant properties of the keyholder are not just the device’s identity (i.e. this is a meter made by ACME or this is a refrigerator made by GE) but its context: This is a refrigerator in the apartment rented by Alice, who buys power from X.
This context information will not necessarily be known until device installation and also may change dynamically. What if Alice sells her fridge on Craigslist or sublets her apartment to Bob? What if repair personnel replace Alice’s meter? This information may also not be particularly simple. What if Alice’s landlord owns many apartment buildings, and changes power vendors to get a better rate?
If our cryptographic infrastructure is going to enable relying parties to make the right judgments about IoT devices (such as the example provided using Smart Grid), this additional contextual information needs to be available. We can try to modify a traditional identity-based PKI to attest to these more dynamic kinds of identities, and we can also try to adapt the largely experimental world of attribute certificates to supplement the identity certificates in the smart-grid PKI. Either of these approaches will break new ground.
Alternatively, we can leave the identity PKI in place and use some other method of maintaining and distributing this additional data; which would require supplementing our scalable PKI with a non-scalable database.
In any of these approaches, we also need to think about who is authorized to make these dynamic updates or who is authoritative for making these types of attestations. Who witnesses that Alice has sold her refrigerator? Thinking about this organizational structure IoT devices also complicates the revocation problem. If we can’t quite figure out who it is that speaks for where a device currently lives, how will we figure out who it is who is authorized to say it has been compromised?
In this presentation, all of these issues and more will be explored and actionable guidelines will be proposed to build a secure and scalable system of IDs and attributes for the complex networked world that awaits us all.
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014Kelly Grizzle
A relative "new kid" on the IAM standards block, the Simple Cloud Identity Management (SCIM) specification was designed to be simple and improve manageability and governance for cloud applications. It does not try to cover every provisioning use case, but rather supports the most common situations. Wide-spread adoption of the SCIM standard will, ultimately, simplify cloud-based IAM, making it more convenient and cost-effective for users to move into, out of and around the cloud. In this session, Kelly Grizzle, software architect at SailPoint, will outline why it is not only critical for IAM vendors to support SCIM, but also why SaaS vendors and their customers should support the standard to ensure it is widely available and simplifies how enterprises manage cloud apps as part of their overall IAM program. The presentation will also demonstrate the simplicity of the SCIM specification as well as some of the available open source tools that allow it to easily be integrated into the IAM infrastructure.
By the end of this webinar you should be able to understand
Top five skills needed to break into a career in information security analysis
Tips and tricks to study for the CS0-001
IDS, Firewalls, etc CompTIA Cybersecurity Analyst (CSA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CSA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.
The API Primer (OWASP AppSec Europe, May 2015)Greg Patton
API's are everywhere now. SOA, IoT, Mobile, and Thick clients all heavily rely on web services and API's. This talk will present a primer on how to assess these services/interfaces for developers and testers alike. The introduction will include topics such as API identification, common implementations and frameworks. The bulk of the talk will focus on a assessment checklist that anyone can use to test these technologies for security flaws covering topics such as:
Authentication
Verbose-ness
Hidden Functions
Lack of Access Control
Transport Security
Tampering/Trust
Injection
Segmenting your Network for Security - The Good, the Bad and the UglyAlgoSec
Hear expert penetration tester Mark Wolfgang and AlgoSec explain:
* Common network segmentation mistakes organizations make every day
* How to strategically segment your network for security
* How to enforce network segmentation using automated security policy management
This session will cover how operating on the AWS cloud helps you manage risk and remain competitive in an ever changing landscape. We will review how to manage confidentiality, integrity, compliance and availability on AWS.
Speaker: David Kaplan, Security Specialist, Amazon Web Services
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCloudIDSummit
Kelly Grizzle, SailPoint
Why the Simple Cloud Identity Management (SCIM) specification should be supported by IAM vendors and SaaS vendors and their customers to improve manageability and
governance for cloud applications, with demonstration of some of the available open-source tools that allow it to easily be integrated into the IAM infrastructure.
A presentation given at the Glasgow Caledonian University, Digital Forensics Student Conference in 2014 discussing some of the technical challenges we face in cyber forensics and possible research areas.
Certified Ethical Hacking - Book Summaryudemy course
Book summary of the course Certified ethical hacking.
Basic course on Penetration Test:
https://www.udemy.com/basic-professional-penetration-tests/?couponCode=HACKING%408
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaYara Milbes
Discover the transformative power of the WhatsApp API in our latest SlideShare presentation, "Top 7 Unique WhatsApp API Benefits." In today's fast-paced digital era, effective communication is crucial for both personal and professional success. Whether you're a small business looking to enhance customer interactions or an individual seeking seamless communication with loved ones, the WhatsApp API offers robust capabilities that can significantly elevate your experience.
In this presentation, we delve into the top 7 distinctive benefits of the WhatsApp API, provided by the leading WhatsApp API service provider in Saudi Arabia. Learn how to streamline customer support, automate notifications, leverage rich media messaging, run scalable marketing campaigns, integrate secure payments, synchronize with CRM systems, and ensure enhanced security and privacy.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
More Related Content
Similar to Shibboleth Access to Resources on the NGS
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
Presentation by Scott Rea, DigiCert's Sr. PKI Architect, at AppSec California 2015.
Abstract:
Traditional PKI focuses on binding a public key to the keyholder’s identity, which is implicitly assumed to be a well-defined, relatively static thing (such as individual’s full name or email address, or the hostname of a public webserver). However, in the envisioned smart grid, for example, the relevant properties of the keyholder are not just the device’s identity (i.e. this is a meter made by ACME or this is a refrigerator made by GE) but its context: This is a refrigerator in the apartment rented by Alice, who buys power from X.
This context information will not necessarily be known until device installation and also may change dynamically. What if Alice sells her fridge on Craigslist or sublets her apartment to Bob? What if repair personnel replace Alice’s meter? This information may also not be particularly simple. What if Alice’s landlord owns many apartment buildings, and changes power vendors to get a better rate?
If our cryptographic infrastructure is going to enable relying parties to make the right judgments about IoT devices (such as the example provided using Smart Grid), this additional contextual information needs to be available. We can try to modify a traditional identity-based PKI to attest to these more dynamic kinds of identities, and we can also try to adapt the largely experimental world of attribute certificates to supplement the identity certificates in the smart-grid PKI. Either of these approaches will break new ground.
Alternatively, we can leave the identity PKI in place and use some other method of maintaining and distributing this additional data; which would require supplementing our scalable PKI with a non-scalable database.
In any of these approaches, we also need to think about who is authorized to make these dynamic updates or who is authoritative for making these types of attestations. Who witnesses that Alice has sold her refrigerator? Thinking about this organizational structure IoT devices also complicates the revocation problem. If we can’t quite figure out who it is that speaks for where a device currently lives, how will we figure out who it is who is authorized to say it has been compromised?
In this presentation, all of these issues and more will be explored and actionable guidelines will be proposed to build a secure and scalable system of IDs and attributes for the complex networked world that awaits us all.
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014Kelly Grizzle
A relative "new kid" on the IAM standards block, the Simple Cloud Identity Management (SCIM) specification was designed to be simple and improve manageability and governance for cloud applications. It does not try to cover every provisioning use case, but rather supports the most common situations. Wide-spread adoption of the SCIM standard will, ultimately, simplify cloud-based IAM, making it more convenient and cost-effective for users to move into, out of and around the cloud. In this session, Kelly Grizzle, software architect at SailPoint, will outline why it is not only critical for IAM vendors to support SCIM, but also why SaaS vendors and their customers should support the standard to ensure it is widely available and simplifies how enterprises manage cloud apps as part of their overall IAM program. The presentation will also demonstrate the simplicity of the SCIM specification as well as some of the available open source tools that allow it to easily be integrated into the IAM infrastructure.
By the end of this webinar you should be able to understand
Top five skills needed to break into a career in information security analysis
Tips and tricks to study for the CS0-001
IDS, Firewalls, etc CompTIA Cybersecurity Analyst (CSA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CSA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.
The API Primer (OWASP AppSec Europe, May 2015)Greg Patton
API's are everywhere now. SOA, IoT, Mobile, and Thick clients all heavily rely on web services and API's. This talk will present a primer on how to assess these services/interfaces for developers and testers alike. The introduction will include topics such as API identification, common implementations and frameworks. The bulk of the talk will focus on a assessment checklist that anyone can use to test these technologies for security flaws covering topics such as:
Authentication
Verbose-ness
Hidden Functions
Lack of Access Control
Transport Security
Tampering/Trust
Injection
Segmenting your Network for Security - The Good, the Bad and the UglyAlgoSec
Hear expert penetration tester Mark Wolfgang and AlgoSec explain:
* Common network segmentation mistakes organizations make every day
* How to strategically segment your network for security
* How to enforce network segmentation using automated security policy management
This session will cover how operating on the AWS cloud helps you manage risk and remain competitive in an ever changing landscape. We will review how to manage confidentiality, integrity, compliance and availability on AWS.
Speaker: David Kaplan, Security Specialist, Amazon Web Services
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCloudIDSummit
Kelly Grizzle, SailPoint
Why the Simple Cloud Identity Management (SCIM) specification should be supported by IAM vendors and SaaS vendors and their customers to improve manageability and
governance for cloud applications, with demonstration of some of the available open-source tools that allow it to easily be integrated into the IAM infrastructure.
A presentation given at the Glasgow Caledonian University, Digital Forensics Student Conference in 2014 discussing some of the technical challenges we face in cyber forensics and possible research areas.
Certified Ethical Hacking - Book Summaryudemy course
Book summary of the course Certified ethical hacking.
Basic course on Penetration Test:
https://www.udemy.com/basic-professional-penetration-tests/?couponCode=HACKING%408
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
Similar to Shibboleth Access to Resources on the NGS (20)
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaYara Milbes
Discover the transformative power of the WhatsApp API in our latest SlideShare presentation, "Top 7 Unique WhatsApp API Benefits." In today's fast-paced digital era, effective communication is crucial for both personal and professional success. Whether you're a small business looking to enhance customer interactions or an individual seeking seamless communication with loved ones, the WhatsApp API offers robust capabilities that can significantly elevate your experience.
In this presentation, we delve into the top 7 distinctive benefits of the WhatsApp API, provided by the leading WhatsApp API service provider in Saudi Arabia. Learn how to streamline customer support, automate notifications, leverage rich media messaging, run scalable marketing campaigns, integrate secure payments, synchronize with CRM systems, and ensure enhanced security and privacy.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Launch Your Streaming Platforms in MinutesRoshan Dwivedi
The claim of launching a streaming platform in minutes might be a bit of an exaggeration, but there are services that can significantly streamline the process. Here's a breakdown:
Pros of Speedy Streaming Platform Launch Services:
No coding required: These services often use drag-and-drop interfaces or pre-built templates, eliminating the need for programming knowledge.
Faster setup: Compared to building from scratch, these platforms can get you up and running much quicker.
All-in-one solutions: Many services offer features like content management systems (CMS), video players, and monetization tools, reducing the need for multiple integrations.
Things to Consider:
Limited customization: These platforms may offer less flexibility in design and functionality compared to custom-built solutions.
Scalability: As your audience grows, you might need to upgrade to a more robust platform or encounter limitations with the "quick launch" option.
Features: Carefully evaluate which features are included and if they meet your specific needs (e.g., live streaming, subscription options).
Examples of Services for Launching Streaming Platforms:
Muvi [muvi com]
Uscreen [usencreen tv]
Alternatives to Consider:
Existing Streaming platforms: Platforms like YouTube or Twitch might be suitable for basic streaming needs, though monetization options might be limited.
Custom Development: While more time-consuming, custom development offers the most control and flexibility for your platform.
Overall, launching a streaming platform in minutes might not be entirely realistic, but these services can significantly speed up the process compared to building from scratch. Carefully consider your needs and budget when choosing the best option for you.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
3. 3
#NGSSEM
User Focus
• Remove certificates
– not gone but hidden
• Familiar Log-on
– Inherited from UK Federated Access
• Use Portals
– Remove tooling from user maintenance
– Opportunity for VO hosted Portals
4. 4
#NGSSEM
• Outsource Identity
Management
– We're doing it anyhow
(Matriculation)
– Reduce support costs
• Systems already exist at
institutes
– Increase Security
• Phishing harder (familiar
URL, branding,
distributed, etc.)
• Identity checked more
regularly
• Less ad-hoc than normal
RA-CA operations
UK Federation
UK Federation
5. 5
#NGSSEM
Grid Authentication
• Need robust security
– Risks
• IP, data and Identity theft
• Meeting SLA
• Licensing
– Impact
• Inconvenience, Litigation, Publicity,
Reputation.
→ Need to be very secure
6. 6
#NGSSEM
Virtual
Organisations
• VOs grid's answer to scaling
• Shibboleth doesn't do this well
– IdP can assert role inside organisation
– Can IdP assert role inside VO?
• SARoNGS has VO tooling
– Attributes specific to Federation via Shib
– Attributes directly from VO too
SARoNGS proxy-ing
8. 8
#NGSSEM
Portals
• Users don't have the grid tools
• Users usually have browsers
– So we make Portals
• Use Browsers
• Provide grid tools
• Shibboleth is browser based
22. 22
#NGSSEM
Applying it
• Put in your portals
• “Login via NGS” button
• Use grid enabled services
• Accept UK eScience SARoNGS CA
• Accept UK NGS hosted VOs
• or Accept ukfederation.ngs.ac.uk VO
23. 23
#NGSSEM
•ukfederation.ngs.ac.uk
• Says you logged-in via the UK
federation
• you have a valid UK account
• Can assert your scope
• (the institution you came from)
• Can assert your affiliation
• role: (staff, member, alum, academic)
24. 24
#NGSSEM
APIs
• We don't really know the VO-scape
• Portals have a better idea
– They know where you're going
– They know what you're doing
– They may be able to guess required
credentials
• Documentation via NeISS and ETF
• http://bit.ly/NeISSSARoNGS
• Further functionality negotiable
25. 25
#NGSSEM
Some API Examples
• External VOMS
– https://cts.ngs.ac.uk/API
– VO=vomss://voms.ngs.ac.uk:15017/manchester.
ac.uk
– RetURL=http://www.yourportal.login
• Internal VOMS from
– https://cts.ngs.ac.uk/API
– VO=vomss://cts.ngs.ac.uk:443/ukfederation.ngs.
ac.uk/manchester.ac.uk
– RetURL=http://www.yourportal.login
26. 26
#NGSSEM
Trust
• Federation
– Names – get EduPersonTargetedID
– Roles – member, staff, alum, faculty, ...
– Audit
• CA
– IGTF – realistic name, record retention reuse policy
– MyProxy
• VOMS
– AUP
– Third party control
– VOMS Hosting
28. 28
#NGSSEM
Experiences
• Even experts have certificate problems
• Cannot debug a federation
• Difficult to convince Resource
providers to trust us and UK-Fed
• International trust difficult
29. 29
#NGSSEM
Future
• Upgrade to Shibboleth 2
• Short JISC funded project “CONSENT”
• To explore and enhance community
usage with NSCCS
• To provide Labs space for
experimental integration
30. 30
#NGSSEM
Summary
• Authentication based on UK Federation
• Outsourcing trust and support
• Long but trustable audit trail
• User Focussed and easy to use
• Elimination of bad security practices
• Alignment with community needs