Conveners
Lightning Talks: Security, Trust & Identity
- Matthew Viljoen (EGI.eu)
Presentation materials
Applications in EGI Infrastructure may need different secrets (credentials, tokens, passwords, etc.) during deployments and operations. The secrets are often stored as clear texts in configuration files or code repositories that expose security risks. Furthermore, the secrets stored in files are static and difficult to change/rotate. The secret management service for EGI Infrastructure is...
When exploring the (sometimes) intimidating world of Federated Identity, research communities can reap considerable benefit from using common best practices and adopting interoperable ways of working. EnCo, the Enabling Communities task of the GEANT 4-3 Trust and Identity Work Package, provides the link between those seeking to deploy Federated Identity Management and the significant body of...
Relying on OpenID Connect (OIDC) for identity and access management can significantly simplify the process of providing access to users, especially for non-web applications such as Secure Shell (SSH) where the management of typically used SSH keys is often laborious and error-prone.
As a counterpart to the server-side components that enable SSH via OIDC [[1]][1], the client-side tools...
Our modern cybersecurity landscape requires that we work collaboratively to effectively defend our community. In this talk we explore activities in this area and ways in which sites, organisations and infrastructures can get involved in our shared response to cyberattacks
A state of emergency is a legal regime designed for extraordinary circumstances, that enables the government to act in ways that it could not under the ordinary Legal framework.
The measures adopted in emergency situations, in accordance with International Law, must comply with some characteristics including: the legislative provision; the need to pursue a legitimate goal, being necessary....
STFCโs Scientific Computing Department is currently engaged in the development and operation of several different token-based authentication and authorization services, using OpenID Connect.
Central to this is the development of the [IRIS IAM][1] (Identity and Access Manager), an implementation of the [INDIGO IAM][2] software which forms a core component in the [IRIS][3] digital research...
The purpose of the EGI Software Vulnerability Group (SVG) is โTo minimise the risk of security incidents due to software vulnerabilities.โ
The EGI SVG and its predecessors have been dealing with software vulnerabilities for about 15 years. Initially, the group was set up to address the lack of vulnerability management in Grid Middleware, and its tasks included fixing security issues and...
