TNC2014 Service Delivery NREN style: Using OpenConext to build service delivery platforms Neil Witheridge AARnet Carl Vincent Jisc Netskills 20 May 2014TNC.

Slides:



Advertisements
Similar presentations
UTILIZING WITH ITA. offers an entire suite of benefits for you and your students. You can also set up s for the purpose.
Advertisements

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
System Center 2012 R2 Overview
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
AARNet Copyright 2013 Network Operations OpenConext Workshop Down-Under Enabling Federated Team Management, Group-Aware SPs, and SP Shop-Fronts Neil Witheridge,
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Unified Logs and Reporting for Hybrid Centralized Management
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Widely Distributed Access Management Tom Barton University of Chicago.
SaaS, PaaS & TaaS By: Raza Usmani
Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Midwest Documentum User Group Harley-Davidson Documentum WCM 10/10/2006.
#acquia Commons The Open Alternative for Social Business Software Name Title Acquia Month XXth, 2011.
Campus Management Portal and Online Higher Education Cardean Learning Group.
SWITCHaai Team Federated Identity Management.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
Trimble Connected Community
Wikis are websites where pages can be edited using an online document editor. Users can easily edit and share content. Enterprise wikis are platforms.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
PUBLISHING ONLINE Chapter 2. Overview Blogs and wikis are two Web 2.0 tools that allow users to publish content online Blogs function as online journals.
With the Help of the Microsoft Azure Platform, Awingu’s Web-Based Workspace Aggregator Enables Concrete and Easy Mobility Scenarios MICROSOFT AZURE ISV.
Michal Procházka, Jan Oppolzer CESNET.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.
LiquiData Platform Unleashes Powerful Cloud Analytics Capabilities with Integrated Reporting and Visualization from Diverse Sources of Data COMPANY PROFILE:
Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
SURFfederatie & SURFconext Federated identity system for scientific collaborations 9-10 June 2011 CERN Remco Poortinga – van Wijnen*, SURFnet
My Workspace ELearning in Sakai Randy Graff, PhD HSC Training.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Automate your way to.
Introducing the new Office Fast and fluid experience with touch, pen, mouse & keyboard Immersive touch-optimized Windows 8 store apps Support for.
Ex Libris Developers Network Develop. Experiment. Collaborate.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Windows SharePoint Services. Overview Windows SharePoint Services (WSS) Information Worker Infrastructure component delivered in Windows Server 2003 Enables.
CONNECT CCB Meeting May 16, Balancing current + future needs CONNECT needs to support the current 2012 production and operational needs of the Federal.
Identities and Azure AD Premium
Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,
Microsoft Azure and ServiceNow: Extending IT Best Practices to the Microsoft Cloud to Give Enterprises Total Control of Their Infrastructure MICROSOFT.
1 Server Business Logic & OAuth Beta Overview October 4, 2010 Alan Hantke Product Development Server Business Logic Intuit Partner Platform Diane Weiss.
Building web applications with the Windows Azure Platform Ido Flatow | Senior Architect | Sela | This session.
International Planetary Data Alliance Registry Development and Coordination Project Report 7 th IPDA Steering Committee Meeting July 13, 2012.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Illinois Health Network The 14th Global Grid Forum Chicago, Illinois June 27, 2005.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Getting Started Telligent or SharePoint (or Hybrid)?
Cloud, big data, and mobility Your phone today probably meets the minimum requirements to run Windows Server 2003 Transformational change up.
Windows Azure Pack Speaker Name Date. Internal slide only—do not show.
© 2016 Catalyze, Inc. Go-To-Market Services HIPAA Compliance in the Cloud: Catalyze Provides Microsoft Azure Customers with a HITRUST Certified Platform-as-a-Service.
Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
Discover How You Can Increase Collaboration with External Partners While Reducing Your Cost in Managing an Extranet from the Azure Cloud MICROSOFT AZURE.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
By: Raza Usmani SaaS, PaaS & TaaS By: Raza Usmani
eduTEAMS platform for collaboration Niels Van Dijk
SMS+ on Microsoft Azure Provides Enhanced and Secure Text Messaging, with Audit Trail, Scalability, End-to-End Encryption, and Special Certifications MICROSOFT.
Neil Witheridge’s slides
Using Microsoft Azure, Crowdnetic Launches Innovative Lending Gateway Platform That Connects Borrowers to Alternative Lenders MICROSOFT AZURE SOLUTION.
ESA Single Sign On (SSO) and Federated Identity Management
Logsign All-In-One Security Information and Event Management (SIEM) Solution Built on Azure Improves Security & Business Continuity MICROSOFT AZURE APP.
Built on the Powerful Microsoft Azure Platform, the SiouxApp “Project-Server” Helps to Manage Projects and More with App Enhancement Tools MICROSOFT AZURE.
Overview and Development Plans
Abiquo’s Hybrid Cloud Management Solution Helps Enterprises Maximise the Full Potential of the Microsoft Azure Platform MICROSOFT AZURE ISV PROFILE: ABIQUO.
Single Cell’s Progenitor Powered by Microsoft Azure Improves Organisational Efficiency with Strategic Procurement, Contract Management, and Analytics MICROSOFT.
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

TNC2014 Service Delivery NREN style: Using OpenConext to build service delivery platforms Neil Witheridge AARnet Carl Vincent Jisc Netskills 20 May 2014TNC 21041

Using OpenConext to build service delivery platforms The JiscConext prototype Carl Vincent, Jisc Netskills

Using OpenConext to build service delivery platforms © Netskills 2014 OpenConext OpenConext provides the building blocks to set up a collaboration infrastructure in which: federated authentication is used to gain access to services and applications that are to be linked; identity providers and service providers can exchange standardised attributes; group information can be exchanged; self-service components can be applied.

Using OpenConext to build service delivery platforms © Netskills 2014 Background: The JiscMail service UK National Academic mailing list service lists and archives plus simple file sharing associated with lists Group based collaboration and discussion across UK Education Announcements, Private Discussions, Open Forums 1.3 million subscribers, 9500 lists, 46,000 messages per month. Still growing

Using OpenConext to build service delivery platforms © Netskills 2014 Background: The JiscMail service Running on the LISTSERV list management platform Hosted for Jisc by L-Soft under contract Helpdesk, service support and management by Jisc Netskills in Newcastle Small scale investigatory prototype project "It's just " – can we offer more while taking advantage of our well established context of groups?

Using OpenConext to build service delivery platforms © Netskills 2014 Vision: Jisc Conext Extend the service with modern tools such as: –Collaborative documents –Storage –Web content / Wiki / Blog –Calendaring –Research tools Continue 3 rd party tools and hosting model Modular, extensible Focus on existing group-based context

Using OpenConext to build service delivery platforms © Netskills 2014 Approach and Architecture

Using OpenConext to build service delivery platforms © Netskills 2014 Approach: Using OpenConext Services Group Membership UK Federatio n SAML proxy VOOT API Portal OAUTH2 API Widgets OpenConext

Using OpenConext to build service delivery platforms © Netskills 2014 Experience: OpenConext in the UK Federation Differences between the Dutch and UK federation models –Not all UK IdPs were SAML 2 –Support added for different encryption options –Tested OK with some UK IdPs Need support for users without IdP: JiscMail has many such users –Set up our own IdP and management interface UK Federation SAML proxy Standalone IdP

Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Group Membership Grouper or VOOT interface available User management tool for IdP also manages groups via Grouper Group management tool also prepares for provisioning of services Worked well from OpenConext Limited support from services for group context

Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Group Data Membership is not everything! Which services does a group use? Prototyped a web service "Regroup" to provide a data store to hold this data

Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Lists Set up a shadow list service using Sympa –Easier to work with code available –Experimental VOOT interface available SAML and VOOT successful for web interface Unsuitable protocols for asynchronous access –No session when the is sent! Use LDAP as intermediary to Grouper Sympa Service SAML Proxy and VOOT API Sympa Web Interface

Using OpenConext to build service delivery platforms © Netskills 2014 Experience: WordPress blogs Multisite WordPress server Provision one blog per group –Group members have Editor role on blog Plugins for WordPress –SAML authentication –"Overseer" provisions and synchronises users and blogs with OpenConext and Regroup Overseer plugin SAML Proxy SAML plugin Wordpre ss Regroup Grouper

Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Etherpad Web-based real-time text editor Run as a web service protected by SAML Modified to pull group information from OpenConext Successful collaborative editor with multiple documents per group

Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Portal Originally seen as providing the main "Group home page" –Widgets set on a per-group basis by group administrator Based on Apache Rave as used in early OpenConext releases Required heavy modification to introduce group context Allowed users to switch contexts between groups Limited customisation

Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Portal Widgets WordPress blog –Shows latest posts and links through to site Etherpad –Shows documents owned by group with links through to edit or create new JiscMail –Shows latest archive messages on the production service in list associated with group Twitter –Shows tweets with hashtag associated with group

Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Portal

Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Summary SAML and federation interoperability Complexities of deployment and updating Additional group data Availability of applications and services supporting external group context Scalability of hosting all services Complexity of running a custom portal Current tools are web-focussed

Using OpenConext to build service delivery platforms © Netskills 2014 Learning: User Feedback Test prototype with four existing JiscMail groups for several weeks –Plus some interested individuals from SURF and AARNet Users liked the switching of group contexts cascading through widgets "Locked-down" portal experience confusing Users asked for particular brand apps – but happy once using those provided Group owners found the process of accessing the system complex

Using OpenConext to build service delivery platforms © Netskills 2014 References Project web site: Project GitHub:

About AARNet Is the “eduroam AU” NRO – provides customers with access to global & national eduroam OA&M services Is Not the AU SAML Federation Operator – that’s the Australian Access Federation (AAF) Is delivering “cloud services” – Aims to collaborate in global services delivery Has diverse AAI customers – SAML IdP and AAF participants – SAML IdP but not in AAF – without SAML IdP 20 May 2014TNC

22 OpenConext Deployment Scenarios

OpenConext Value for AARNet SAML Proxy functionality Broad Customer Access – Conext SP in AAF Enables access via AAF IdPs – Connection of SAML IdPs not in AAF Where no business case to join the AAF – AARNet Virtual Home Organisation For those institutions without a SAML IdP OpenConext “SSO Gateway” – Flexible Service Delivery Platform E.g. PHP-based attribute manipulation on SP and IdP sides – Enables Instrumentation (Usage Metrics, Monitoring) Facilitates support & troubleshooting Access to eduGAIN-enabled Services 23

OpenConext value for AARNet Group Proxy – eduroam OA&M Services require group based access (with delegated administration) OpenConext “Teams” for group creation – Integration with external group providers (e.g. AAF group management service) Future benefits? – Access to 3 rd Party Conext’d Services – OpenSocial Gadget deployment (e.g. JISCConext) Lightweight utility services 20 May 2014TNC Cont’d

eduroam Ancillary Services Deployment Automation (DjNRO)DjNRO Operability Testing and Auditing Monitoring (monitor.eduroam.org) Metrics – Aggregate (F-Ticks) – Detailed institutional usage metrics Support – eduroam Configuration Assistant Tool (CAT)CAT Access via eduGAIN – Triggered authentications and log visibility 20 May 2014TNC

eduroam OA&M Services 20 May 2014TNC DjNRO monitor.eduroam.org eduroam CAT F-Ticks

New eduroam Services Operability Testing & Auditing, Detailed Institutional Metrics, Institutional Support Tools Requirement for group-based access 20 May 2014TNC Detailed Institutional Metrics Institutional Support Tools

Context’d eduroam Services 20 May 2014TNC

Cloud & Global Services Cloud Services – box.net box.net – Zoom Global Services – Global NREN CEO Forum Initiatives Network Architecture eduGAIN for Global Federated Access (GFIM) – GFIDMS (Global Federation Infrastructure Delivery, Management and Services) Real Time Communications – SIP-based communications Global Services Delivery 20 May 2014TNC

Cloud Service: Box 20 May 2014TNC

OpenConext Deployment Note, using Version 62 from OpenConext VM Configuration & Upgrade – Certificate Management & Roll-over Integration with AAF – Attribute requirements & primary identifier – Importing metadata not comprehensive General – Localisation, GUI Customisation SP Development & Group-based authZ – Java, PHP, Python libraries 20 May 2014TNC

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.