USCGridUSCGridA (Very Quick) IntroductionA (Very Quick) Introduction
To Authn/AuthzTo Authn/Authz
http://www.usc.edu/isd/services/uscgrid
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 22
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View AuthnAuthn AuthzAuthz ReferencesReferences
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 33
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View AuthnAuthn AuthzAuthz ReferencesReferences
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 44
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
Everybody wants a secure network.Q:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 55
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
Everybody wants a secure network. Nobody wants servers broken into.
Q:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 66
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
Everybody wants a secure network. Nobody wants servers broken into. How do the NMI components address security?
Q:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 77
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 88
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.
Authentication
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 99
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.
Authentication – which concerns itself with verifying identity.
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 1010
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.
Authentication – which concerns itself with verifying identity.
Authorization
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 1111
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.
Authentication – which concerns itself with verifying identity.
Authorization – which determines what an authenticated user (or program) is allowed to do.
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 1212
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.
Confidentiality
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 1313
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.
Confidentiality – which ensures that no one except the intended parties can gain access to information.
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 1414
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.
Confidentiality – which ensures that no one except the intended parties can gain access to information.
Data integrity
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 1515
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.
Confidentiality – which ensures that no one except the intended parties can gain access to information.
Data integrity – which guards against tampering.
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 1616
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.
Auditing
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 1717
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.
Auditing – which logs information as things happen.
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 1818
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.
Auditing – which logs information as things happen.
Intrusion detection
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 1919
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.
Auditing – which logs information as things happen.
Intrusion detection – which notices break-ins.
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 2020
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View
There are several aspects to security.
We’re only going to look at Authentication – authn in security lingo – and Authorization – authz in security lingo.
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 2121
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View AuthnAuthn AuthzAuthz ReferencesReferences
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 2222
AuthnAuthn
Authn concerns itself with verifying identity. It’s the soldier’s challenge – and his comrade’s response.
Q:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 2323
AuthnAuthn
Authn concerns itself with verifying identity. It’s the soldier’s challenge – and his comrade’s response. How does NMI handle authn?
Q:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 2424
AuthnAuthn
There are a couple of different mechanisms used by NMI for authn.
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 2525
AuthnAuthn
There are a couple of different mechanisms used by NMI for authn.
Public Key Infrastructure (PKI) technology is used by the Globus Toolkit.
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 2626
AuthnAuthn
There are a couple of different mechanisms used by NMI for authn.
Public Key Infrastructure (PKI) technology is used by the Globus Toolkit.
However, this segment will instead look at PubCookie, a component that uses passwords.
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 2727
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View AuthnAuthn AuthzAuthz ReferencesReferences
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 2828
AuthzAuthz
Authz determines what an authenticated user (or program) is allowed to do.
Q:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 2929
AuthzAuthz
Authz determines what an authenticated user (or program) is allowed to do. How does NMI handle authz?
Q:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 3030
AuthzAuthz
There are a couple of different mechanisms used by NMI for authz.
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 3131
AuthzAuthz
There are a couple of different mechanisms used by NMI for authz.
However, this segment will look at Shibboleth, a component that can grant authorization without knowing the identity of the person requesting authorization.
A:
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 3232
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
Security – The Bird’s-eye ViewSecurity – The Bird’s-eye View AuthnAuthn AuthzAuthz ReferencesReferences
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 3333
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
ReferencesReferences
Kerberos: A Network Authentication Kerberos: A Network Authentication SystemSystem. Brian Tung. Addison-Wesley. . Brian Tung. Addison-Wesley. 1999.1999.
SSH: The Secure Shell: The Definitive SSH: The Secure Shell: The Definitive GuideGuide. Daniel J. Barret & Richard E. . Daniel J. Barret & Richard E. Silverman. O’Reilly & Associates. 2001.Silverman. O’Reilly & Associates. 2001.
April 2003April 2003 USCGrid at Internet2USCGrid at Internet2 3434
USCGrid: USCGrid: A (Very Quick) Intro to Authn/AuthzA (Very Quick) Intro to Authn/Authz
ReferencesReferences
Practical Unix & Internet SecurityPractical Unix & Internet Security. Simson . Simson Garfinkel & Gene Spafford. O’Reilly & Garfinkel & Gene Spafford. O’Reilly & Associates. 1996.Associates. 1996.
Shibboleth Project. Shibboleth Project. http://shibboleth.internet2.eduhttp://shibboleth.internet2.edu
PubCookie.PubCookie.http://www.washington.edu/pubcookiehttp://www.washington.edu/pubcookie
Top Related