Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
The Subject Portals Project JISC Portals and Shared Services Meeting 22 nd -23 rd May 2003 Ruth Martin Subject Portals Project Manager.
AHM 2006 September 2006 DyVOSE Project: Experiences in Applying Advanced Authorisation Infrastructures John Watt (
DyVOSE Status Report Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director Technical Bioinformatics Research Centre University.
ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.
Spatial Data e-Infrastructure UK e-Science ALL HANDS MEETING September, Edinburgh, UK Higgins, C., Koutroumpas, M., Sinnott, R.O., Watt, J.,
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s.
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
GEODE Workshop 16 th January 2007 Issues in e-Science Richard Sinnott University of Glasgow Ken Turner University of Stirling.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Security Approaches and Requirements John Watt NCeSS Conference Workshop 3 Data Management through e-Social Science June 18th 2008.
EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
UK e-Science and the White Rose Grid Paul Townend Distributed Systems and Services Group Informatics Research Institute University of Leeds.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
E-Science Education Workshop, 1-2 Nov 2004 Teaching Grid Computing Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
PERSEU S : Portal-enabled Resources via Shibbolized End-user Security 3 May 05Spring 2005 Internet2 Member meeting 1 News from the ‘misty’ Albion: Shibboleth.
UK e-Science All Hands Meeting, September 2007 The GLASS Project: Supporting Secure Shibboleth-based Single Sign-On to Campus Resources John Watt (
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
Shibboleth and Grids Oxford Internet Institute, Oxford e-Science Centre and e-Horizons Institute Mark Norman 10 May 2006.
I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
INFSO-RI Enabling Grids for E-sciencE Getting Started Guy Warner NeSC Training Team Induction to Grid Computing and the National.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.
Enabling Collaborations via a Transformative Virtual Organization Platform Dr. Gordon K. Springer University of Missouri-Columbia CS Department Seminar.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.
Shibboleth: An Introduction
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Usability Talk, 26 th January 2006 Development of Usable Grid Services for the Biomedical Community Prof Richard Sinnott Technical Director National e-Science.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
Supporting the Clinical Trial Recruitment Process through the Grid 19 th September th UK e-Science All-Hands Meeting University of Glasgow, Scotland,
OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.
Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Dynamic Privilege Management Infrastructures Utilising Secure Attribute Exchange Dr John Watt Grid Developer, National e-Science Centre University of Glasgow.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Supporting education and research The JISC Core Middleware Call Brian Gilmore The University of Edinburgh and JISC Committee for Support of Research.
Adding Distributed Trust Management to Shibboleth Srinivasan Iyer Sai Chaitanya.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
VOTES Virtual Organisations for Trials and Epidemiological Studies Overview The development.
Virtual Organisations for Trials and Epidemiological Studies (VOTES) Overview VOTES is a pioneering project investigating the application of Grid technology.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Access Policy - Federation March 23, 2016
Using Your Own Authentication System with ArcGIS Online
e-Infrastructure Workshop 28th March 2006, University of Leeds
TeraGrid Identity Federation Testbed Update I2MM April 25, 2007
Presentation transcript:

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending upon the local security policies at service provider sites and how they are used to restrict (authorize) what resources authenticated users are allowed access to. Application Models The National e-Science Centre at the University of Glasgow is involved in a wide range of Grid projects, including Grid Security, Bioinformatics, education, clinical trials and epidemiological studies, and Biomedical research. The Shibboleth model has been applied to those projects in conjunction with their previous security infrastructures to provide both Authentication and fine-grained Authorization. BRIDGES The DTI funded BRIDGES project (Biomedical Research Informatics Delivered by Grid Enabled Services) focused on delivering a Grid infrastructure offering secure access to and usage of highly distributed, evolving biomedical data sets. The BRIDGES Portal uses the X.509 Distinguished Name (DN) of users to make authorisation decisions based upon the PERMIS authorisation infrastructure ( This includes what resources the job can be run on for that particular user. The more privileged role users have, the more computational resources they can get access to. In the Shibboleth-based model, the user DN and roles are passed from the Shibboleth IdP with other necessary user attributes. These attributes are cached in the GridSphere Portal and subsequently used to determine authorization decisions by using PERMIS authorization infrastructure. Overview The UK academic community is currently in the process of deploying Shibboleth technologies to support local (existing) methods of authentication for remote login to resources.Shibboleth The National e-Science Centre at the University of Glasgow is one of the pioneers in supporting the adoption of Shibboleth in a Grid environment. Shibboleth-based Authentication and fine-grained Authorization have been realized across a wide range of Grid technologies and application domains.Shibboleth Key Components Shibboleth Shibboleth is standards-based, open source middleware software which provides Web Single Sign On (SSO) across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. GridSphere The GridSphere portal ( is a JSR-168 compliant, open-source, portlet based framework providing special support for Grid Applications. Shibboleth Model In the Shibboleth model, co-operating sites in a Shibboleth federation are expected to trust local security infrastructures for example in establishing the identity of users (Authentication) and their associated privileges (Authorization). To support this, the Shibboleth architecture and associated protocols identify several key components that should be supported including Identity Provider (IdP) also known as origins, Service Providers (SP) also known as targets and optionally Where Are You From (WAYF) services. Through these components, end users will have ideally “single” usernames and passwords for their own institutions which will provide for seamless access to a range of resources

DyVOSE/ESP-GRID To investigate advanced RBAC infrastructures (PERMIS) for dynamic establishment of VOs within the education domain and as part of the Advanced MSc Grid Computing module at the University of Glasgow, students were asked to develop a GT3.3 Grid service that wrapped a Condor based application, which itself offers two methods (searchMethod and sortMethod) to search and sort a large text file (the complete works of Shakespeare – 5MB). The students were split into two groups (studentteam1, studentteam2) with the PERMIS authorization policy to ensure that the sort method could only be invoked by members of their own student group and the lecturing staff, and that the search method could be invoked by everyone. The Shibboleth scenario currently supported in DyVOSE demonstrates how the Grid based search and sort service can be securely accessed via Shibboleth technologies (AuthN) and how the attributes related to users being members of studentteam1 (or studentteam2) are returned from the IdP at NeSC Glasgow and used to restrict access to the service itself (AuthZ). VOTES The VOTES project (Virtual Organisations for Trials and Epidemiological Studies) is an MRC funded project exploring how Grid technologies can be used to support clinical trials and epidemiological studies. Ensuring that the right people see the right data sets for the right purpose is crucial in this domain. By putting VOTES portal into a Shibboleth scenario, authentication can be performed by the Shibboleth IdP, and the user attributes from the IdP are used via PERMIS to limit the clinical queries that can be run. These three models indicate how Shibboleth (in combination with an authorisation infrastructure such as PERMIS) can be used to simplify the user experience in access to and usage of a wide variety of Grid resources since they only ever need to log in to their home site. Demostrator URL: BRIDGES and DyVOSE demo: VOTES demo: Contacts: Prof. Richard Sinnott Dr. John Watt Jipu Jiang Shibboleth Use at the National e-Science Centre Hub Glasgow