Speaker
Daniel Kouril
(CESNET)
Description
Grids have traditionally used certificates which have scaled well globally and
given a high level of assurance, but grids would become more useful if they
could consume authentication tokens from other authentication infrastructures,
also with different levels of assurance. Expected benefits include widening the
user base, by making use of existing authentication infrastructure, and improved
single sign-on for users. Moreover, central attribute authorities like VOMS
have worked well for grids, but being able to make use of institutional
attributes will be useful also for new data and services sustainability models,
e.g. to support institutional subscriptions.
In this presentation we will focus on the Moonshot project that brings the
functionality of SAML-based identity federations to the world of non-web
applications. Using Moonshot it is possible to rely on home identity
providers to perform authentication and issue additional attributes about the
users. The user experience from the SAML-based federations suggests that such
an arrangement is well perceived.
The Moonshot project has been presented already at previous EGI events and
elsewhere and elicited an interest from various parties, including large
user communities. Therefore, we will present a short introduction of the
project and update of its current status, which will be followed by a live
demonstration of the technology. In particular we will show how an
MyProxy-based online CA can be established, which will issue certificates
based on the same authentication and attributes as are utilizied by the
Terena Certification Service. We will also describe current status of
deployment and present requirements necessary to install the Moonshot
technology.
Given the interest from the Grid community and an already organized workshop on
Moonshot usage in Grids and HPCs, we expect more discussions in this area over
the next months, whose outcomes will also be presented in the talk.
Primary authors
Daniel Kouril
(CESNET)
Jens Jensen
(STFC Rutherford Appleton Laboratory)
Josh Howlett
(JANET)
Michal Prochazka
(CESNET)