Uscgrid
This presentation is the property of its rightful owner.
Sponsored Links
1 / 34

USCGrid PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on
  • Presentation posted in: General

USCGrid. A (Very Quick) Introduction To Authn/Authz. http://www.usc.edu/isd/services/uscgrid. USCGrid: A (Very Quick) Intro to Authn/Authz. Security – The Bird’s-eye View Authn Authz References. USCGrid: A (Very Quick) Intro to Authn/Authz. Security – The Bird’s-eye View Authn Authz

Download Presentation

USCGrid

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Uscgrid

USCGrid

A (Very Quick) Introduction

To Authn/Authz

http://www.usc.edu/isd/services/uscgrid


Uscgrid a very quick intro to authn authz

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

  • Authn

  • Authz

  • References

USCGrid at Internet2


Uscgrid a very quick intro to authn authz1

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

  • Authn

  • Authz

  • References

USCGrid at Internet2


Uscgrid a very quick intro to authn authz2

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

Q:

Everybody wants a secure network.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz3

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

Q:

Everybody wants a secure network. Nobody wants servers broken into.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz4

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

Q:

Everybody wants a secure network. Nobody wants servers broken into. How do the NMI components address security?

USCGrid at Internet2


Uscgrid a very quick intro to authn authz5

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz6

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Authentication

USCGrid at Internet2


Uscgrid a very quick intro to authn authz7

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Authentication – which concerns itself with verifying identity.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz8

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Authentication – which concerns itself with verifying identity.

Authorization

USCGrid at Internet2


Uscgrid a very quick intro to authn authz9

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Authentication – which concerns itself with verifying identity.

Authorization – which determines what an authenticated user (or program) is allowed to do.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz10

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Confidentiality

USCGrid at Internet2


Uscgrid a very quick intro to authn authz11

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Confidentiality – which ensures that no one except the intended parties can gain access to information.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz12

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Confidentiality – which ensures that no one except the intended parties can gain access to information.

Data integrity

USCGrid at Internet2


Uscgrid a very quick intro to authn authz13

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Confidentiality – which ensures that no one except the intended parties can gain access to information.

Data integrity – which guards against tampering.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz14

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Auditing

USCGrid at Internet2


Uscgrid a very quick intro to authn authz15

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Auditing – which logs information as things happen.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz16

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Auditing – which logs information as things happen.

Intrusion detection

USCGrid at Internet2


Uscgrid a very quick intro to authn authz17

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Auditing – which logs information as things happen.

Intrusion detection – which notices break-ins.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz18

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

We’re only going to look at Authentication – authn in security lingo – and Authorization – authz in security lingo.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz19

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

  • Authn

  • Authz

  • References

USCGrid at Internet2


Uscgrid a very quick intro to authn authz20

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authn

Q:

Authn concerns itself with verifying identity. It’s the soldier’s challenge – and his comrade’s response.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz21

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authn

Q:

Authn concerns itself with verifying identity. It’s the soldier’s challenge – and his comrade’s response. How does NMI handle authn?

USCGrid at Internet2


Uscgrid a very quick intro to authn authz22

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authn

A:

There are a couple of different mechanisms used by NMI for authn.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz23

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authn

A:

There are a couple of different mechanisms used by NMI for authn.

Public Key Infrastructure (PKI) technology is used by the Globus Toolkit.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz24

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authn

A:

There are a couple of different mechanisms used by NMI for authn.

Public Key Infrastructure (PKI) technology is used by the Globus Toolkit.

However, this segment will instead look at PubCookie, a component that uses passwords.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz25

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

  • Authn

  • Authz

  • References

USCGrid at Internet2


Uscgrid a very quick intro to authn authz26

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authz

Q:

Authz determines what an authenticated user (or program) is allowed to do.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz27

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authz

Q:

Authz determines what an authenticated user (or program) is allowed to do. How does NMI handle authz?

USCGrid at Internet2


Uscgrid a very quick intro to authn authz28

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authz

A:

There are a couple of different mechanisms used by NMI for authz.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz29

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authz

A:

There are a couple of different mechanisms used by NMI for authz.

However, this segment will look at Shibboleth, a component that can grant authorization without knowing the identity of the person requesting authorization.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz30

USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

  • Authn

  • Authz

  • References

USCGrid at Internet2


Uscgrid a very quick intro to authn authz31

USCGrid: A (Very Quick) Intro to Authn/Authz

  • References

    Kerberos: A Network Authentication System. Brian Tung. Addison-Wesley. 1999.

    SSH: The Secure Shell: The Definitive Guide. Daniel J. Barret & Richard E. Silverman. O’Reilly & Associates. 2001.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz32

USCGrid: A (Very Quick) Intro to Authn/Authz

  • References

    Practical Unix & Internet Security. Simson Garfinkel & Gene Spafford. O’Reilly & Associates. 1996.

    Shibboleth Project. http://shibboleth.internet2.edu

    PubCookie.http://www.washington.edu/pubcookie

USCGrid at Internet2


  • Login