Authentication and Authorization in Astronomy: A Deep Dive into ASTERICS

Slide Note
Embed
Share

Explore the world of authentication and authorization in the field of astronomy through the lens of the ASTERICS project. Learn about the importance of verifying identities and granting access rights, the Virtual Observatory Approach, Single Sign-On standards, and Credential Delegation protocols. Dive into the complexities of user authentication and authorization in the realm of astronomy research infrastructure.

anna_ght
anna_ght Follow

Uploaded on Sep 21, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Astronomy ESFRI & Research Infrastructure Cluster ASTERICS - 653477 Authentication and Authorization in the VO 1st ASTERICS-OBELICS Workshop 12-14 December 2016, Rome, Italy. H2020-Astronomy ESFRI and Research Infrastructure Cluster (Grant Agreement number: 653477). 12/12/2016 ASTERICS-OBELICS Workshop 2016 / Rome 1

  2. Astronomy ESFRI & Research Infrastructure Cluster ASTERICS - 653477 Authentication and Authorization in the Virtual Observatory Dr. Giuliano Taffoni INAF Osservatorio Astronomico di Trieste Deputy Chair, IVOA Grid & Web Services WG

  3. Astronomy ESFRI & Research Infrastructure Cluster ASTERICS - 653477 What is Auth and Authz What is the scope? Authentication is a process by which you verify that someone is who they claim they are. Authorization is the process of establishing if the user (who is already authenticated), is permitted to have access to a resource Who is for? Researchers, developers, projects . But each used to have it s own solution

  4. Astronomy ESFRI & Research Infrastructure Cluster ASTERICS - 653477 The Virtual Observatory Approach The single-sign-on architecture is a system in which users assign cryptographic credentials to user agents so that the agents may act with the user s identity and access rights. This standard describes how agents use those credentials to authenticatethe user s identity in requests to services. SSO recommendation is a profile against existing security standards

  5. Astronomy ESFRI & Research Infrastructure Cluster ASTERICS - 653477 Single Sign On Standard Allow clients to access a service that requires authentication. Supported standards No authentication required. HTTP Basic Authentication Transport Layer Security (TLS) with passwords. Transport Layer Security (TLS) with client certificates. Cookies Open Authentication (OAuth) Security Assertion Markup Language (SAML) OpenID

  6. Astronomy ESFRI & Research Infrastructure Cluster ASTERICS - 653477 Credential Delegation The credential delegation protocol allows a client program to delegate a user's credentialsto a service such that that service may make requests of other services in the name of that user. The protocol defines a REST service that works alongside other IVO services. It is based on X.509 certificates But also other protocols as oAuth

  7. Astronomy ESFRI & Research Infrastructure Cluster ASTERICS - 653477 Authorization Trend in projects and infrastructures is: take care of your own authorization but: The owner(s) of a resource may, at any time, change the rules by which a resource may be accessed. This is the granting and revoking of access. When users try to access resources, the granting rules for that resource are evaluated at runtime. This is the authorization check. Is the application aware of service authorization? Not necessary but it must implement standard messages (eg. 501 Error: Authorization failed)

  8. Astronomy ESFRI & Research Infrastructure Cluster ASTERICS - 653477 IVOA Authz: GMS discussion GMS: Group Management Service: manage authz in terms of groups A single individual is too restrictive Having a list of individuals is difficult to maintain Grouping individuals and referencing them by a group identifier provides a necessary level of abstraction Used and proposed by Canadian CADC tested by INAF Based on RESTful APIs Fully integrated with IVOA Registry services

  9. Astronomy ESFRI & Research Infrastructure Cluster ASTERICS - 653477 Acknowledgement H2020-Astronomy ESFRI and Research Infrastructure Cluster (Grant Agreement number: 653477). 12/12/2016 ASTERICS-OBELICS Workshop 2016 / Rome 9

Related


Advancing Astronomy Research with ASTERICS Project

Advancing Astronomy Research with ASTERICS Project

cam_mel
Understanding Authentication Mechanisms and Security Vulnerabilities

Understanding Authentication Mechanisms and Security Vulnerabilities

lev_tre
Exploring Astronomy Big Data and Cyberinfrastructure for AI Innovation

Exploring Astronomy Big Data and Cyberinfrastructure for AI Innovation

guow640
Innovating Astronomy Education at NAU Through Indigenous Perspectives

Innovating Astronomy Education at NAU Through Indigenous Perspectives

dkist
Enhancing Authorization in Alpaca: A Decade-old Approach Revisited

Enhancing Authorization in Alpaca: A Decade-old Approach Revisited

jream
Challenges in DUNE Computing: Addressing Authentication and Authorization Needs

Challenges in DUNE Computing: Addressing Authentication and Authorization Needs

novalee
Security and Authentication in Electronic Filing Systems: Arkansas Subcommittee Report

Security and Authentication in Electronic Filing Systems: Arkansas Subcommittee Report

harri
DAVA Drugs Authentication & Verification Application by National Informatics Centre

DAVA Drugs Authentication & Verification Application by National Informatics Centre

ruxt_322
Setting Up Multi-Factor Authentication at Moraine Park

Setting Up Multi-Factor Authentication at Moraine Park

leid_3
Overview of Observational Techniques and Student Talks in Astronomy

Overview of Observational Techniques and Student Talks in Astronomy

paysleigh
Insights into AAP Priority Projects for Astronomy Advancements

Insights into AAP Priority Projects for Astronomy Advancements

see_fri
Comprehensive European Astronomy Development Planning by ASTRONET

Comprehensive European Astronomy Development Planning by ASTRONET

batt_40
Consolidation of Outreach Activities in Astronomy Education

Consolidation of Outreach Activities in Astronomy Education

lutt742
STARS Project - Teaching Astronomy in Schools

STARS Project - Teaching Astronomy in Schools

dlagr
Greek Astronomy: The First Scientific Revolution - A Visual Journey Through Ancient Greek Astronomy

Greek Astronomy: The First Scientific Revolution - A Visual Journey Through Ancient Greek Astronomy

dayl_68
PNG Continuation Authorization Training Module for Alberta Government

PNG Continuation Authorization Training Module for Alberta Government

sky_sie
Guide to CCS Service Authorization Requests

Guide to CCS Service Authorization Requests

tymoteusz
Understanding SAML for Secure Single Sign-On

Understanding SAML for Secure Single Sign-On

amrutham
An Open-Source SPDM Implementation for Secure Device Communication

An Open-Source SPDM Implementation for Secure Device Communication

eley395
Guide to Setting Up EU Login and Two-Factor Authentication

Guide to Setting Up EU Login and Two-Factor Authentication

wolfgang
Implementing 2FA for UW Azure AD: Best Practices and Options

Implementing 2FA for UW Azure AD: Best Practices and Options

adlai
Enhancing Security with Two-Factor Authentication in Funding & Tenders Portal

Enhancing Security with Two-Factor Authentication in Funding & Tenders Portal

torquil
Two-Step Authentication Implementation for Enhanced Security

Two-Step Authentication Implementation for Enhanced Security

lumina
Setting Up Two-Factor Authentication for HRMS Access

Setting Up Two-Factor Authentication for HRMS Access

japp320

More Related Content

Ancient Astronomy and Modern Contributions
Ancient Astronomy and Modern Contributions
Introduction to Astronomy: Exploring the Universe and Scientific Method
Introduction to Astronomy: Exploring the Universe and Scientific Method
Optical Follow-Up Observation of GW170817 and GW Astronomy Milestones
Optical Follow-Up Observation of GW170817 and GW Astronomy Milestones
Riccardo Giacconi's Impact on Japanese X-ray Astronomy
Riccardo Giacconi's Impact on Japanese X-ray Astronomy
The History of Astronomy: From Ancient Wonder to Modern Science
The History of Astronomy: From Ancient Wonder to Modern Science
Understanding Grid Certificate and VOMS for JUNO DCI Group
Understanding Grid Certificate and VOMS for JUNO DCI Group
Exploring Astronomy: Unveiling the Wonders of the Stars
Exploring Astronomy: Unveiling the Wonders of the Stars
Exploring Challenges and Opportunities in Adopting a Drone Program
Exploring Challenges and Opportunities in Adopting a Drone Program
Enhancing EPS Authorization and Configuration Options in 5G Networks
Enhancing EPS Authorization and Configuration Options in 5G Networks
Impact of Changes in Radiation Protection Legislation on Dentistry Practice
Impact of Changes in Radiation Protection Legislation on Dentistry Practice
COVID-19 Vaccine Update: Pfizer Vaccine Logistics and Emergency Use Authorization
COVID-19 Vaccine Update: Pfizer Vaccine Logistics and Emergency Use Authorization
Insights on 2023 Medicare Fee Schedule & APTA Indiana Prior Authorization Advocacy
Insights on 2023 Medicare Fee Schedule & APTA Indiana Prior Authorization Advocacy
Crisis Residential Treatment Authorization and Documentation Requirements
Crisis Residential Treatment Authorization and Documentation Requirements
Understanding Periodic Safety Update Reports (PSURs) in Pharmacovigilance
Understanding Periodic Safety Update Reports (PSURs) in Pharmacovigilance
European Patients Academy on Therapeutic Innovation: Post-Authorisation Efficacy Studies (PAES)
European Patients Academy on Therapeutic Innovation: Post-Authorisation Efficacy Studies (PAES)
Streamlining Personal Mobile Device Reimbursement Process in Concur
Streamlining Personal Mobile Device Reimbursement Process in Concur
Streamlining Faculty Procedures for Academic Authorization and Petition Processes
Streamlining Faculty Procedures for Academic Authorization and Petition Processes
IGX Orientation 2023: Logging In, Two-Factor Authentication, Dashboard Setup
IGX Orientation 2023: Logging In, Two-Factor Authentication, Dashboard Setup
Concurrent Interpretations of Authorization Logic
Concurrent Interpretations of Authorization Logic
Understanding Active Directory: Key Components and Security Considerations
Understanding Active Directory: Key Components and Security Considerations
SSO Solution Using OAuth and OpenID Connect for Defense Logistics Agency
SSO Solution Using OAuth and OpenID Connect for Defense Logistics Agency
Understanding Security Goals and Cryptographic Algorithms
Understanding Security Goals and Cryptographic Algorithms
Enhancing Secure Telephone Identity and Caller Authentication
Enhancing Secure Telephone Identity and Caller Authentication
Understanding Security Practices in Laserfiche
Understanding Security Practices in Laserfiche