SlideShare a Scribd company logo

E Snet Authentication Fabric Pilot

Download as PPT, PDF
F
FNian

Fashion, apparel, textile, merchandising, garments

BusinessLifestyle
1 of 38
ESnet RADIUS Authentication Fabric Michael Helm ESnet/LBNL GGF-12 Sec Workshop 18 Sep 2004
What Does the RAF Do? NERSC r ANL r OTP Service ORNL r PNNL OTP Service OTP Service OTP Service ,[object Object],[object Object],[object Object],[object Object],[object Object],Realms R ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],r ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],ESnet RAF Federation anl.gov nersc.gov pnnl.gov ornl.gov App r RADIUS
What Is the Grid Integrated RAF? ESnet Radius Auth DB ESnet Root CA MyProxy Credentials PAM 1 Log in 2 Ask AuthN; hint OTP 5 Receive Proxy Cert Manage myProxy 6 (Opt) Store Proxy 7 Execute OTP Services OCSP HSM Subordinate CA Engine 4. Auth OK; Namestring 3 OTP verification 4 Sign Proxy Sign Subordinate CA SIPS Proposal Apr 2004 Special case of GridLogon
RAF Benefits & Features ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ESnet RAF Architecture Repli- cation Network (IP) VPN (IPsec) RADIUS Proxy router RADIUS Proxy router RADIUS Proxy router RADIUS Proxy router ESnet RAF Site ESnet AuthN Authority ( OTP ) Appli- cation 1 Rc Site n RADIUS AuthN Authority ( OTP ) Appli- cation 1 Rc Site 1 RADIUS AuthN Authority ( OTP ) Appli- cation 1 Rc Site 2 RADIUS
RAF Current Issues ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
RAF Current Issues NERSC r ANL r OTP Service ORNL r PNNL OTP Service OTP Service OTP Service R ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],r ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],ESnet RAF Federation anl.gov nersc.gov pnnl.gov ornl.gov Reliability/Replication Integrity/Security OTP/C&R Federation Transit time Application Integration
RAF Long Term Issues ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
AuthA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
RAF Collaboration Introduction ,[object Object],[object Object],[object Object]
Collaboration Introduction (3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Grid Integrated RADIUS Authentication Fabric ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Collaboration Introduction (4) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Collaboration Introduction (5) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What Does the RAF Do? NERSC r ANL r OTP Service ORNL r PNNL OTP Service OTP Service OTP Service ,[object Object],[object Object],[object Object],[object Object],[object Object],Realms R ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],r ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],ESnet RAF Federation anl.gov nersc.gov pnnl.gov ornl.gov r RADIUS
What Does the RAF Do? (2) Local Exclusion of a Realm NERSC r ANL r OTP Service ORNL r PNNL OTP Service OTP Service OTP Service ,[object Object],[object Object],[object Object],[object Object],[object Object],Realms R ESnet RAF Federation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],r ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What Does the RAF Do? (3) goodlab.org Joins the Federation NERSC r ANL r OTP Service ORNL r PNNL OTP Service OTP Service OTP Service ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Realms R ESnet RAF Federation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],r ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],r OTP Service ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What Does the RAF Do? (4) Site Manages Separate Relationship XAuth Service NERSC r ANL r OTP Service ORNL r PNNL OTP Service OTP Service OTP Service ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Realms R ESnet RAF Federation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],r ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],r OTP Service ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],r ,[object Object]
ESnet RAF Architecture Repli- cation Network (IP) VPN (IPsec) RADIUS Proxy router RADIUS Proxy router RADIUS Proxy router RADIUS Proxy router ESnet RAF Site ESnet AuthN Authority ( OTP ) Appli- cation 1 Rc Site n RADIUS AuthN Authority ( OTP ) Appli- cation 1 Rc Site 1 RADIUS AuthN Authority ( OTP ) Appli- cation 1 Rc Site 2 RADIUS
RAF Benefits & Features ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
RAF Current Issues NERSC r ANL r OTP Service ORNL r PNNL OTP Service OTP Service OTP Service Realms R ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],r ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],ESnet RAF Federation anl.gov nersc.gov pnnl.gov ornl.gov Reliability/Replication Integrity/Security OTP/C&R Federation Transit time Application Integration
RAF Current Issues ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What Is the Grid Integrated RAF? ESnet Radius Auth DB ESnet Root CA MyProxy Credentials PAM 1 Log in 2 Ask AuthN; hint OTP 5 Receive Proxy Cert Manage myProxy 6 (Opt) Store Proxy 7 Execute OTP Services OCSP HSM Subordinate CA Engine 4. Auth OK; Namestring 3 OTP verification 4 Sign Proxy Sign Subordinate CA SIPS Proposal Apr 2004 Special case of GridLogon
RAF Long Term Issues ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Password-based Authentication Technology ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
OTP-based Authenticated Key-Exchange ,[object Object],[object Object],[object Object],Encrypt ( pw’, g y ) Derive one-time password pw’ from pass-phrase Compute session key: sk = g xy Encrypt ( pw’ , g x ) Derive one-time password pw’ from stored password pw Compute session key: sk = g xy Encrypt ( sk, pw’) Update the stored password: pw= pw’ Client Server
Accomplishments ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Work in Progress ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Radius Software availability ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Open Issues ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Radius Security and Operation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Issues: OTP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Demo ,[object Object],[object Object]
Fusion Grid Firewall Issues Michael Helm ESnet/LBNL GGF-12 Sec Workshop 18 Sep 2004
FusionGrid Use Case
Comments Each site is protected by a firewall Different firewall technology OTP is probably a feature Need single sign-on, delegation, autonomous processes….
Fusion Grid ,[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

" Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on..." Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on...
PROIDEA
 
Tech f42
Tech f42Tech f42
Tech f42
SelectedPresentations
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2
Warren Bent
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP address
Bangladesh Network Operators Group
 
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricLet's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Bangladesh Network Operators Group
 
Make the internet safe with DNS Firewall
Make the internet safe with DNS FirewallMake the internet safe with DNS Firewall
Make the internet safe with DNS Firewall
Bangladesh Network Operators Group
 
NAT Scneario
NAT ScnearioNAT Scneario
NAT Scneario
Mansour Naslcheraghi
 
I psec
I psecI psec
I psec
ahmad1986jor
 

Recommended

" Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on..." Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on...
PROIDEA
 
Tech f42
Tech f42Tech f42
Tech f42
SelectedPresentations
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2
Warren Bent
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP address
Bangladesh Network Operators Group
 
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricLet's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Bangladesh Network Operators Group
 
Make the internet safe with DNS Firewall
Make the internet safe with DNS FirewallMake the internet safe with DNS Firewall
Make the internet safe with DNS Firewall
Bangladesh Network Operators Group
 
NAT Scneario
NAT ScnearioNAT Scneario
NAT Scneario
Mansour Naslcheraghi
 
I psec
I psecI psec
I psec
ahmad1986jor
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
Swiss IPv6 Council
 
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlSSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath Control
Mike Thompson
 
Caffe Latte Attack Presented In Toorcon
Caffe Latte Attack Presented In ToorconCaffe Latte Attack Presented In Toorcon
Caffe Latte Attack Presented In Toorcon
Md Sohail Ahmad
 
Lync 2010 deep dive edge
Lync 2010 deep dive edgeLync 2010 deep dive edge
Lync 2010 deep dive edge
Harold Wong
 
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0
Fred Bovy
 
SIPCORE - presentation of SIP and DANE (IETF #89)
SIPCORE - presentation of SIP and DANE (IETF #89)SIPCORE - presentation of SIP and DANE (IETF #89)
SIPCORE - presentation of SIP and DANE (IETF #89)
Olle E Johansson
 
Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccna
robertoxe
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
AirTight Networks
 
MUM Middle East 2016 - System Integration Analyst
MUM Middle East 2016 - System Integration AnalystMUM Middle East 2016 - System Integration Analyst
MUM Middle East 2016 - System Integration Analyst
Fajar Nugroho
 
MUM Europe 2017 - Traffic Generator Case Study
MUM Europe 2017 - Traffic Generator Case StudyMUM Europe 2017 - Traffic Generator Case Study
MUM Europe 2017 - Traffic Generator Case Study
Fajar Nugroho
 
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Bruno Teixeira
 
5 ip security dataplace security
5 ip security dataplace security5 ip security dataplace security
5 ip security dataplace security
SagarR24
 
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
Mark Smith
 
Latency tracing in distributed Java applications
Latency tracing in distributed Java applicationsLatency tracing in distributed Java applications
Latency tracing in distributed Java applications
Constantine Slisenka
 
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other ObservationsAusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
Mark Smith
 
Etrance networks Consulting and Services
Etrance networks Consulting and ServicesEtrance networks Consulting and Services
Etrance networks Consulting and Services
Abhijit Chaudhary
 
Networking in Java with NIO and Netty
Networking in Java with NIO and NettyNetworking in Java with NIO and Netty
Networking in Java with NIO and Netty
Constantine Slisenka
 
PLNOG 9: Emil Gągała - Fast Service Restoration
PLNOG 9: Emil Gągała - Fast Service Restoration PLNOG 9: Emil Gągała - Fast Service Restoration
PLNOG 9: Emil Gągała - Fast Service Restoration
PROIDEA
 
Phifer 3 30_04
Phifer 3 30_04Phifer 3 30_04
Phifer 3 30_04
Ayano Midakso
 
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Kentaro Ebisawa
 
Escrito Ayudas Sociales
Escrito Ayudas SocialesEscrito Ayudas Sociales
Escrito Ayudas Sociales
ccoobenalmadena
 
Mentoring Presentation May 05
Mentoring Presentation May 05Mentoring Presentation May 05
Mentoring Presentation May 05
FNian
 

More Related Content

What's hot

Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccna
robertoxe
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
AirTight Networks
 
Latency tracing in distributed Java applications
Latency tracing in distributed Java applicationsLatency tracing in distributed Java applications
Latency tracing in distributed Java applications
Constantine Slisenka
 

What's hot (20)

IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
 
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlSSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath Control
 
Caffe Latte Attack Presented In Toorcon
Caffe Latte Attack Presented In ToorconCaffe Latte Attack Presented In Toorcon
Caffe Latte Attack Presented In Toorcon
 
Lync 2010 deep dive edge
Lync 2010 deep dive edgeLync 2010 deep dive edge
Lync 2010 deep dive edge
 
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0
 
SIPCORE - presentation of SIP and DANE (IETF #89)
SIPCORE - presentation of SIP and DANE (IETF #89)SIPCORE - presentation of SIP and DANE (IETF #89)
SIPCORE - presentation of SIP and DANE (IETF #89)
 
Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccna
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
 
MUM Middle East 2016 - System Integration Analyst
MUM Middle East 2016 - System Integration AnalystMUM Middle East 2016 - System Integration Analyst
MUM Middle East 2016 - System Integration Analyst
 
MUM Europe 2017 - Traffic Generator Case Study
MUM Europe 2017 - Traffic Generator Case StudyMUM Europe 2017 - Traffic Generator Case Study
MUM Europe 2017 - Traffic Generator Case Study
 
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
 
5 ip security dataplace security
5 ip security dataplace security5 ip security dataplace security
5 ip security dataplace security
 
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
 
Latency tracing in distributed Java applications
Latency tracing in distributed Java applicationsLatency tracing in distributed Java applications
Latency tracing in distributed Java applications
 
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other ObservationsAusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
 
Etrance networks Consulting and Services
Etrance networks Consulting and ServicesEtrance networks Consulting and Services
Etrance networks Consulting and Services
 
Networking in Java with NIO and Netty
Networking in Java with NIO and NettyNetworking in Java with NIO and Netty
Networking in Java with NIO and Netty
 
PLNOG 9: Emil Gągała - Fast Service Restoration
PLNOG 9: Emil Gągała - Fast Service Restoration PLNOG 9: Emil Gągała - Fast Service Restoration
PLNOG 9: Emil Gągała - Fast Service Restoration
 
Phifer 3 30_04
Phifer 3 30_04Phifer 3 30_04
Phifer 3 30_04
 
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
 

Viewers also liked

Visuel Kiss
Visuel KissVisuel Kiss
Visuel Kiss
fredox
 
Juanint
JuanintJuanint
Juanint
fredox
 
Andrew-The Course Syllabus In Writing
Andrew-The Course Syllabus In WritingAndrew-The Course Syllabus In Writing
Andrew-The Course Syllabus In Writing
cyutafl
 
Puerto Galera Watersheds
Puerto Galera WatershedsPuerto Galera Watersheds
Puerto Galera Watersheds
netmagus
 
Nuevo Servicio De Colectivos
Nuevo Servicio De ColectivosNuevo Servicio De Colectivos
Nuevo Servicio De Colectivos
Distrito4450
 

Viewers also liked (20)

Escrito Ayudas Sociales
Escrito Ayudas SocialesEscrito Ayudas Sociales
Escrito Ayudas Sociales
 
Mentoring Presentation May 05
Mentoring Presentation May 05Mentoring Presentation May 05
Mentoring Presentation May 05
 
minha familia
minha familiaminha familia
minha familia
 
Manufacturing And Product Design July 07 Briefing Session
Manufacturing And Product Design July 07 Briefing SessionManufacturing And Product Design July 07 Briefing Session
Manufacturing And Product Design July 07 Briefing Session
 
Visuel Kiss
Visuel KissVisuel Kiss
Visuel Kiss
 
Ctfl Seta Careers Guide
Ctfl Seta Careers GuideCtfl Seta Careers Guide
Ctfl Seta Careers Guide
 
Developing Your Marketing Plan
Developing Your Marketing PlanDeveloping Your Marketing Plan
Developing Your Marketing Plan
 
Programma Corso WEB 2.0
Programma Corso WEB 2.0Programma Corso WEB 2.0
Programma Corso WEB 2.0
 
081008 Petra Anttola
081008 Petra Anttola081008 Petra Anttola
081008 Petra Anttola
 
Juanint
JuanintJuanint
Juanint
 
Syndication Pp
Syndication PpSyndication Pp
Syndication Pp
 
Blogs
BlogsBlogs
Blogs
 
Perunacareers2007
Perunacareers2007Perunacareers2007
Perunacareers2007
 
Andrew-The Course Syllabus In Writing
Andrew-The Course Syllabus In WritingAndrew-The Course Syllabus In Writing
Andrew-The Course Syllabus In Writing
 
Crt2000a
Crt2000aCrt2000a
Crt2000a
 
Unite Intervention Study
Unite Intervention StudyUnite Intervention Study
Unite Intervention Study
 
Puerto Galera Watersheds
Puerto Galera WatershedsPuerto Galera Watersheds
Puerto Galera Watersheds
 
Artamblupa
ArtamblupaArtamblupa
Artamblupa
 
Otaku2008 01
Otaku2008 01Otaku2008 01
Otaku2008 01
 
Nuevo Servicio De Colectivos
Nuevo Servicio De ColectivosNuevo Servicio De Colectivos
Nuevo Servicio De Colectivos
 

Similar to E Snet Authentication Fabric Pilot

AusNOG 2016 - The Trouble with NAT
AusNOG 2016 - The Trouble with NATAusNOG 2016 - The Trouble with NAT
AusNOG 2016 - The Trouble with NAT
Mark Smith
 
From MSS to TelScale - Mobicents Summit 2011
From MSS to TelScale - Mobicents Summit 2011From MSS to TelScale - Mobicents Summit 2011
From MSS to TelScale - Mobicents Summit 2011
telestax
 
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted Protocol
Linaro
 
Palo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New FeaturesPalo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New Features
lukky753
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2
Zobair Khan
 

Similar to E Snet Authentication Fabric Pilot (20)

E Snet Raf Essc Jan2005
E Snet Raf Essc Jan2005E Snet Raf Essc Jan2005
E Snet Raf Essc Jan2005
 
AusNOG 2016 - The Trouble with NAT
AusNOG 2016 - The Trouble with NATAusNOG 2016 - The Trouble with NAT
AusNOG 2016 - The Trouble with NAT
 
Summit 16: Open-O Mini-Summit - Architecture & Technology
Summit 16: Open-O Mini-Summit - Architecture & TechnologySummit 16: Open-O Mini-Summit - Architecture & Technology
Summit 16: Open-O Mini-Summit - Architecture & Technology
 
From MSS to TelScale - Mobicents Summit 2011
From MSS to TelScale - Mobicents Summit 2011From MSS to TelScale - Mobicents Summit 2011
From MSS to TelScale - Mobicents Summit 2011
 
Defending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityDefending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep security
 
Cilium:: Application-Aware Microservices via BPF
Cilium:: Application-Aware Microservices via BPFCilium:: Application-Aware Microservices via BPF
Cilium:: Application-Aware Microservices via BPF
 
SOA patterns
SOA patterns SOA patterns
SOA patterns
 
Aruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference GuideAruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference Guide
 
Interoperable Web Services with JAX-WS and WSIT
Interoperable Web Services with JAX-WS and WSITInteroperable Web Services with JAX-WS and WSIT
Interoperable Web Services with JAX-WS and WSIT
 
Introduction to Diameter Protocol - Part1
Introduction to Diameter Protocol - Part1Introduction to Diameter Protocol - Part1
Introduction to Diameter Protocol - Part1
 
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted Protocol
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
 
HP Helion Webinar #5 - Security Beyond Firewalls
HP Helion Webinar #5 - Security Beyond FirewallsHP Helion Webinar #5 - Security Beyond Firewalls
HP Helion Webinar #5 - Security Beyond Firewalls
 
2016 06-10-ieee-sdn (1)
2016 06-10-ieee-sdn (1)2016 06-10-ieee-sdn (1)
2016 06-10-ieee-sdn (1)
 
Summit 16: Open-O Mini-Summit - VF Event Streaming Project Proposal
Summit 16: Open-O Mini-Summit - VF Event Streaming Project ProposalSummit 16: Open-O Mini-Summit - VF Event Streaming Project Proposal
Summit 16: Open-O Mini-Summit - VF Event Streaming Project Proposal
 
Using Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your ServicesUsing Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your Services
 
Active network
Active networkActive network
Active network
 
Palo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New FeaturesPalo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New Features
 
Software defined network and Virtualization
Software defined network and VirtualizationSoftware defined network and Virtualization
Software defined network and Virtualization
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2
 

More from FNian

Wipro Media Q1 0809
Wipro Media Q1 0809Wipro Media Q1 0809
Wipro Media Q1 0809
FNian
 
Watts Brief
Watts BriefWatts Brief
Watts Brief
FNian
 
The Role Of Business In Society Presentation At
The Role Of Business In Society Presentation AtThe Role Of Business In Society Presentation At
The Role Of Business In Society Presentation At
FNian
 
Unit C Eco Toolbox
Unit C Eco ToolboxUnit C Eco Toolbox
Unit C Eco Toolbox
FNian
 
Singapore Jakarta Conf
Singapore Jakarta ConfSingapore Jakarta Conf
Singapore Jakarta Conf
FNian
 
Syndication Pp
Syndication PpSyndication Pp
Syndication Pp
FNian
 
Integration of internal database system
Integration of internal database systemIntegration of internal database system
Integration of internal database system
FNian
 
Analyse sourcing and manufacturing strategies
Analyse sourcing and manufacturing strategiesAnalyse sourcing and manufacturing strategies
Analyse sourcing and manufacturing strategies
FNian
 
Scitc 2006 India 2005 And Future
Scitc 2006 India 2005 And FutureScitc 2006 India 2005 And Future
Scitc 2006 India 2005 And Future
FNian
 
Miller China Trade
Miller China TradeMiller China Trade
Miller China Trade
FNian
 
Developing a market plan
Developing a market planDeveloping a market plan
Developing a market plan
FNian
 
Gianelle Tattara
Gianelle TattaraGianelle Tattara
Gianelle Tattara
FNian
 
Gp Industry
Gp IndustryGp Industry
Gp Industry
FNian
 
House
HouseHouse
House
FNian
 
How To Biuld Internal Rating System For Basel Ii
How To Biuld Internal Rating System For Basel IiHow To Biuld Internal Rating System For Basel Ii
How To Biuld Internal Rating System For Basel Ii
FNian
 
Gujarat
GujaratGujarat
Gujarat
FNian
 
Ietp Session 2 June 28
Ietp Session 2 June 28Ietp Session 2 June 28
Ietp Session 2 June 28
FNian
 
India An Overview
India An OverviewIndia An Overview
India An Overview
FNian
 
Intra Industry
Intra IndustryIntra Industry
Intra Industry
FNian
 
Innovation Class 6
Innovation Class 6Innovation Class 6
Innovation Class 6
FNian
 

More from FNian (20)

Wipro Media Q1 0809
Wipro Media Q1 0809Wipro Media Q1 0809
Wipro Media Q1 0809
 
Watts Brief
Watts BriefWatts Brief
Watts Brief
 
The Role Of Business In Society Presentation At
The Role Of Business In Society Presentation AtThe Role Of Business In Society Presentation At
The Role Of Business In Society Presentation At
 
Unit C Eco Toolbox
Unit C Eco ToolboxUnit C Eco Toolbox
Unit C Eco Toolbox
 
Singapore Jakarta Conf
Singapore Jakarta ConfSingapore Jakarta Conf
Singapore Jakarta Conf
 
Syndication Pp
Syndication PpSyndication Pp
Syndication Pp
 
Integration of internal database system
Integration of internal database systemIntegration of internal database system
Integration of internal database system
 
Analyse sourcing and manufacturing strategies
Analyse sourcing and manufacturing strategiesAnalyse sourcing and manufacturing strategies
Analyse sourcing and manufacturing strategies
 
Scitc 2006 India 2005 And Future
Scitc 2006 India 2005 And FutureScitc 2006 India 2005 And Future
Scitc 2006 India 2005 And Future
 
Miller China Trade
Miller China TradeMiller China Trade
Miller China Trade
 
Developing a market plan
Developing a market planDeveloping a market plan
Developing a market plan
 
Gianelle Tattara
Gianelle TattaraGianelle Tattara
Gianelle Tattara
 
Gp Industry
Gp IndustryGp Industry
Gp Industry
 
House
HouseHouse
House
 
How To Biuld Internal Rating System For Basel Ii
How To Biuld Internal Rating System For Basel IiHow To Biuld Internal Rating System For Basel Ii
How To Biuld Internal Rating System For Basel Ii
 
Gujarat
GujaratGujarat
Gujarat
 
Ietp Session 2 June 28
Ietp Session 2 June 28Ietp Session 2 June 28
Ietp Session 2 June 28
 
India An Overview
India An OverviewIndia An Overview
India An Overview
 
Intra Industry
Intra IndustryIntra Industry
Intra Industry
 
Innovation Class 6
Innovation Class 6Innovation Class 6
Innovation Class 6
 

Recently uploaded

The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
lizamodels9
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Damini Dixit
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Anamikakaur10
 

Recently uploaded (20)

The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 

E Snet Authentication Fabric Pilot

  • 1. ESnet RADIUS Authentication Fabric Michael Helm ESnet/LBNL GGF-12 Sec Workshop 18 Sep 2004
  • 2.
  • 3. What Is the Grid Integrated RAF? ESnet Radius Auth DB ESnet Root CA MyProxy Credentials PAM 1 Log in 2 Ask AuthN; hint OTP 5 Receive Proxy Cert Manage myProxy 6 (Opt) Store Proxy 7 Execute OTP Services OCSP HSM Subordinate CA Engine 4. Auth OK; Namestring 3 OTP verification 4 Sign Proxy Sign Subordinate CA SIPS Proposal Apr 2004 Special case of GridLogon
  • 4.
  • 5. ESnet RAF Architecture Repli- cation Network (IP) VPN (IPsec) RADIUS Proxy router RADIUS Proxy router RADIUS Proxy router RADIUS Proxy router ESnet RAF Site ESnet AuthN Authority ( OTP ) Appli- cation 1 Rc Site n RADIUS AuthN Authority ( OTP ) Appli- cation 1 Rc Site 1 RADIUS AuthN Authority ( OTP ) Appli- cation 1 Rc Site 2 RADIUS
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. ESnet RAF Architecture Repli- cation Network (IP) VPN (IPsec) RADIUS Proxy router RADIUS Proxy router RADIUS Proxy router RADIUS Proxy router ESnet RAF Site ESnet AuthN Authority ( OTP ) Appli- cation 1 Rc Site n RADIUS AuthN Authority ( OTP ) Appli- cation 1 Rc Site 1 RADIUS AuthN Authority ( OTP ) Appli- cation 1 Rc Site 2 RADIUS
  • 20.
  • 21.
  • 22.
  • 23. What Is the Grid Integrated RAF? ESnet Radius Auth DB ESnet Root CA MyProxy Credentials PAM 1 Log in 2 Ask AuthN; hint OTP 5 Receive Proxy Cert Manage myProxy 6 (Opt) Store Proxy 7 Execute OTP Services OCSP HSM Subordinate CA Engine 4. Auth OK; Namestring 3 OTP verification 4 Sign Proxy Sign Subordinate CA SIPS Proposal Apr 2004 Special case of GridLogon
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35. Fusion Grid Firewall Issues Michael Helm ESnet/LBNL GGF-12 Sec Workshop 18 Sep 2004
  • 37. Comments Each site is protected by a firewall Different firewall technology OTP is probably a feature Need single sign-on, delegation, autonomous processes….
  • 38.