Uscgrid
Download
1 / 34

USCGrid - PowerPoint PPT Presentation


  • 108 Views
  • Uploaded on

USCGrid. A (Very Quick) Introduction To Authn/Authz. http://www.usc.edu/isd/services/uscgrid. USCGrid: A (Very Quick) Intro to Authn/Authz. Security – The Bird’s-eye View Authn Authz References. USCGrid: A (Very Quick) Intro to Authn/Authz. Security – The Bird’s-eye View Authn Authz

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' USCGrid' - miriam


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Uscgrid

USCGrid

A (Very Quick) Introduction

To Authn/Authz

http://www.usc.edu/isd/services/uscgrid


Uscgrid a very quick intro to authn authz
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

  • Authn

  • Authz

  • References

USCGrid at Internet2


Uscgrid a very quick intro to authn authz1
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

  • Authn

  • Authz

  • References

USCGrid at Internet2


Uscgrid a very quick intro to authn authz2
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

Q:

Everybody wants a secure network.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz3
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

Q:

Everybody wants a secure network. Nobody wants servers broken into.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz4
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

Q:

Everybody wants a secure network. Nobody wants servers broken into. How do the NMI components address security?

USCGrid at Internet2


Uscgrid a very quick intro to authn authz5
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz6
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Authentication

USCGrid at Internet2


Uscgrid a very quick intro to authn authz7
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Authentication – which concerns itself with verifying identity.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz8
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Authentication – which concerns itself with verifying identity.

Authorization

USCGrid at Internet2


Uscgrid a very quick intro to authn authz9
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Authentication – which concerns itself with verifying identity.

Authorization – which determines what an authenticated user (or program) is allowed to do.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz10
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Confidentiality

USCGrid at Internet2


Uscgrid a very quick intro to authn authz11
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Confidentiality – which ensures that no one except the intended parties can gain access to information.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz12
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Confidentiality – which ensures that no one except the intended parties can gain access to information.

Data integrity

USCGrid at Internet2


Uscgrid a very quick intro to authn authz13
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Confidentiality – which ensures that no one except the intended parties can gain access to information.

Data integrity – which guards against tampering.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz14
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Auditing

USCGrid at Internet2


Uscgrid a very quick intro to authn authz15
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Auditing – which logs information as things happen.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz16
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Auditing – which logs information as things happen.

Intrusion detection

USCGrid at Internet2


Uscgrid a very quick intro to authn authz17
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

Auditing – which logs information as things happen.

Intrusion detection – which notices break-ins.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz18
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

A:

There are several aspects to security.

We’re only going to look at Authentication – authn in security lingo – and Authorization – authz in security lingo.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz19
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

  • Authn

  • Authz

  • References

USCGrid at Internet2


Uscgrid a very quick intro to authn authz20
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authn

Q:

Authn concerns itself with verifying identity. It’s the soldier’s challenge – and his comrade’s response.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz21
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authn

Q:

Authn concerns itself with verifying identity. It’s the soldier’s challenge – and his comrade’s response. How does NMI handle authn?

USCGrid at Internet2


Uscgrid a very quick intro to authn authz22
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authn

A:

There are a couple of different mechanisms used by NMI for authn.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz23
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authn

A:

There are a couple of different mechanisms used by NMI for authn.

Public Key Infrastructure (PKI) technology is used by the Globus Toolkit.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz24
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authn

A:

There are a couple of different mechanisms used by NMI for authn.

Public Key Infrastructure (PKI) technology is used by the Globus Toolkit.

However, this segment will instead look at PubCookie, a component that uses passwords.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz25
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

  • Authn

  • Authz

  • References

USCGrid at Internet2


Uscgrid a very quick intro to authn authz26
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authz

Q:

Authz determines what an authenticated user (or program) is allowed to do.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz27
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authz

Q:

Authz determines what an authenticated user (or program) is allowed to do. How does NMI handle authz?

USCGrid at Internet2


Uscgrid a very quick intro to authn authz28
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authz

A:

There are a couple of different mechanisms used by NMI for authz.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz29
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Authz

A:

There are a couple of different mechanisms used by NMI for authz.

However, this segment will look at Shibboleth, a component that can grant authorization without knowing the identity of the person requesting authorization.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz30
USCGrid: A (Very Quick) Intro to Authn/Authz

  • Security – The Bird’s-eye View

  • Authn

  • Authz

  • References

USCGrid at Internet2


Uscgrid a very quick intro to authn authz31
USCGrid: A (Very Quick) Intro to Authn/Authz

  • References

    Kerberos: A Network Authentication System. Brian Tung. Addison-Wesley. 1999.

    SSH: The Secure Shell: The Definitive Guide. Daniel J. Barret & Richard E. Silverman. O’Reilly & Associates. 2001.

USCGrid at Internet2


Uscgrid a very quick intro to authn authz32
USCGrid: A (Very Quick) Intro to Authn/Authz

  • References

    Practical Unix & Internet Security. Simson Garfinkel & Gene Spafford. O’Reilly & Associates. 1996.

    Shibboleth Project. http://shibboleth.internet2.edu

    PubCookie.http://www.washington.edu/pubcookie

USCGrid at Internet2