Possibilities for Grouper in a cross/inter organizational use Andrea Biancini, Consortium GARR GN3+ F-2-F meeting Stockholm, April.

Slides:

Advertisements

Similar presentations

Moving materials from Intranet to VLE Andy Diament Penzance.

Advertisements

Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’

Enabling Access to Sound Archives through Integration, Enrichment and Retrieval WP1. Project Management.

e-Framework Components and Responsibilities.

© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,

Analysis Stage (Phase I) The goal: understanding the customer's requirements for a software system. n involves technical staff working with customers n.

University of Jyväskylä – Department of Mathematical Information Technology Computer Science Teacher Education ICNEE 2004 Topic Case Driven Approach for.

Systems Development (SD) Presentation Michael Webb IT Director for Medicaid Utah Department of Health UDOH Informatics Brownbag August.

Widely Distributed Access Management Tom Barton University of Chicago.

Topical Interest Groups as Communities of Practice: Strategies for Building a Community of Practice Facilitated by: PK12 Educational Evaluation TIG Evaluation.

Cancún - Mexico, Andrea Biancini Towards a Federation as a Service From IdP in the Cloud project to FaaS.

Project Overview. What? What are we trying to accomplish How? How are we going to accomplish it When? When do we need to accomplish it by.

1 Finding Collaborators Worldwide James Werle, Univ. of Washington, Jennifer Oxenford, MAGPI/UPENN, Tim.

Work Package 6: Performance Specification Ian McCrea.

FINAL DEMO Apollo Crew, group 3 T SW Development Project.

BfB: Supporting Collaboration with Infrastructure.

Feasibility Study of a Wiki Collaboration Platform for Systematic Review Eileen Erinoff AHRQ Annual Meeting September 15, 2009.

TF-DI Meeting 13-Aug Agenda Discovery presentation from William Miller Review of discussions at F2F Sunnyvale Interaction patterns of tech landscape.

Restricted 13/14 September Building a Data Portal with SDMX The BIS SDMX Sandbox exercise 1 Gabriele Becker, Massimo Bruschi Bank for International.

ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Connect communicate collaborate GÉANT3plus Enabling Users Pilots Lukas Hämmerle Task Leader "Enabling Users"

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

OBJECT ORIENTED SYSTEM ANALYSIS AND DESIGN. COURSE OUTLINE The world of the Information Systems Analyst Approaches to System Development The Analyst as.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement n° Tools proposed.

Illustrations and Answers for TDT4252 exam, June

ICS (072)Database Systems: An Introduction & Review 1 ICS 424 Advanced Database Systems Dr. Muhammad Shafique.

Visual Linker Prototype presentation.

STASIS Technical Innovations - Simplifying e-Business Collaboration by providing a Semantic Mapping Platform - Dr. Sven Abels - TIE -

Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.

Géant-TrustBroker project overview Slides assembled by the Géant-TrustBroker team at Leibniz Supercomputing Centre, Germany for a short presentation by.

Welcome to the Minnesota SharePoint User Group. Introductions / Overview SharePoint 101 High level overview of SharePoint Differences between SharePoint.

SoberIT Software Business and Engineering Institute HELSINKI UNIVERSITY OF TECHNOLOGY © Tomi Männistö, Varvana Myllärniemi, 2008 T Software Architectures.

Federation as a Service Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.

1 reTHINK Deliverables, How To Read reThink deliverables quick starter.

Welcome to MT140 Introduction to Management Instructor - Tom Gilchrist Unit 10 Seminar - Reflection.

Innovation through participation eduGAIN policy: A worm report TF-EMC2 Vienna Mikael Linden, CSC The worm farmer.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.

® IBM Software Group © 2004 IBM Corporation Developing an SOA with RUP and UML 2.0 Giles Davies.

Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos

T Iteration Demo Group 1 Project Planning Iteration

State of Georgia Release Management Training

HEXAA e-Science gateways with external attribute authority István Tétényi, MTA SZTAKI 21-May-2014 Co-Authors: Mr. Héder, Mihály (MTA SZTAKI); Mr. BAJNOK,

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

NREN Trust and Identity Strategy Ann Harding, SWITCH Cambridge July 2014.

AAI/Federated Identity Training Ann Harding, SWITCH Cambridge July 2014.

INFSO-RI JRA2 Test Management Tools Eva Takacs (4D SOFT) ETICS 2 Final Review Brussels - 11 May 2010.

Welcome to MT140 Introduction to Management Unit 10 Seminar Reflection.

Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.

INDIGO – DataCloud WP5 introduction INFN-Bari CYFRONET RIA

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

V7 Foundation Series Vignette Education Services.

Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.

LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.

Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.

Adapting Webconference Cloud Services to R&E communities Session: Successful instantiations of cloud services Rui Ribeiro FCCN|FCT 21 May 2014.

Managing Enterprise Architecture

Géant-TrustBroker Dynamic inter-federation identity management Daniela Pöhn TNC2014 Dublin, Ireland May 19 th, 2014.

LIGO Identity and Access Management

SA Capstone Requirements and Design Week 10 SYST Winter 2016

Identity Federations - Overview

Supporting Services for Campus Identity Providers Plans

Revamping IdP in the Cloud pilot activities

Updates on Training Andrea Biancini (AARC2.AHM)2 NA2 WP leader

Identity Management and Authorization

New User Interface for extracting statistical data from Eurostat databases Thom Werkhoven Dissemination Working Group – November 2005.

Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.

INFO415 Systems Analysis Course Overview

Presentation transcript:

Possibilities for Grouper in a cross/inter organizational use Andrea Biancini, Consortium GARR GN3+ F-2-F meeting Stockholm, April 29 th, 2014

2 Connect | Communicate | Collaborate Agenda Subtask definition and goals Major subtask activities Plan and advancements Involvement

3 Connect | Communicate | Collaborate Subtask definition and goals Within this task we will evaluate the introduction of Grouper for a cross/inter organizational use. Grouper will be used to manage in a centralized way (yet eventually permitting delegation): Groups of users Authorization attributes for users It provides a web interface, a CLI and a webservices interface (that has, just discovered, a VOOT plugin) Grouper will be studied in conjunction with other tools to implement advanced features in group management: for instance Grouper could be integrated with COmanage to delegate the management of authorization aspects.

4 Connect | Communicate | Collaborate Major subtask activities The main activities for this subtask will be: 1.Better definition of the possibilities for an authorization process within different services and communities. 2.Realization of a PoC to prove possible integrations of existing services with Grouper. 3.Documentation and dissemination of results achieved.

5 Connect | Communicate | Collaborate Authorization processes So far authorization in Identity Federations has been managed in either one of two opposite ways: SP based authorization: where the SP is responsible to maintain all information to be used for authorization; IdP based authorization: where the IdP is responsible to maintain the information to be used for authorization and to pass them to the SP for enforcement. A different approach may be followed (leveraging Attributes Authorities and implementing tools like Grouper) where authorization is delegated to specific systems designed for that purpose.

6 Connect | Communicate | Collaborate Proof of Concept To prove real use cases, three SPs will be integrated with Grouper in a Proof of Concept: A wiki application: Grouper will manage user groups for read/write access; A moodle application: Grouper will provide course list and manage students/teachers enrolment to courses; A custom application (GARRbox): Grouper will provide user groups and other authorization attributes specific to the service.

7 Connect | Communicate | Collaborate Dissemination During the activities a set of documents will be produced and shared. These documents will permit to share common visions and ideas thus easing the dissemination of results achieved. JRA3T1-321 Feasibility Study(due 05/14) JRA3T1-322 Architecture for discovery(due 09/14) JRA3T1-323 PoC documentation(due 12/04) JRA3T1-324 Deliverables for dissemination(due 03/15)

8 Connect | Communicate | Collaborate Plan and advancements 1. Study 2. Feasibility 3. Design 4. Build 5.Finalize 1.Study (started 03/2014): finalized at gaining knowledge on the tools and processes to be implemented. 2.Feasibility (end 05/2014): will produce the first deliverable and introduce the context of authorization processes. 3.Design (end 09/2014): will produce the architectural design and describe the technical choices that will be tested in the PoC. 4.Build (end 12/2014): will realize the PoC with the integration of the three SPs. 5.Finalize (end 05/2015): will produce dissemination material.

9 Connect | Communicate | Collaborate Involvement The subtask would *really* appreciate the involvement in the different activities of the following groups: Groups with experience on Grouper / COmanage to help in the installation and configuration of the group and attribute management system. Groups interested in experiencing the PoC and helping the definition of technical aspects and problems. Groups interested in sharing views about real authorization problems by contributing to the deliverables.

10 Connect | Communicate | Collaborate | | Connect | Communicate | Collaborate Thank you!