User authentication on the e-Culture Science Gateway with Identity Federations and Identity Providers INDICATE Final Conference, Ankara, 16.10.2010.

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

CLARIN AAI, Web Services Security Requirements
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Federated access to e-Infrastructures worldwide
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Identity Management Report By Jean Carreon and Marlon Gonzales.
Identity Management Practical Issues Associated with Sharing Federated Services UT System Identity Management Federation William A. Weems The University.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Shibboleth at Columbia Update David Millman R&D July ’05
Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.
1 caGrid Security Overview Mark Grand Senior Engineer caGrid Knowledge Center February 7, 2011.
MagicNET: Security System for Protection of Mobile Agents.
Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Test your IdP
GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.
Cloud federation Are we there yet? Marek Denis CERN openlab Major Review Geneva, Switzerland › October
Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
DARIAH EU AAI consideration K. Skala, D. Davidović, Z. Šojat Lisbon, 22 May 2015.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
GEOSS Federated Single Sign-On
Federated Identity Management at Virginia Tech
Federation made simple
Extending Authentication to Members of Social Networks
John O’Keefe Director of Academic Technology & Network Services
EMI Interoperability Activities
Antonella Fresa Technical Coordinator
ESA Single Sign On (SSO) and Federated Identity Management
Digital Repositories The management of learning objects
eCulture Science Gateway – reloaded
Some data about the CBIC Federation
Identity & Access Management
Community AAI with Check-In
A Grid Authorization Model for Science Gateways
KC-ROLO Project Kidderminster College – Repository Of Learning Objects
Protecting Privacy with Federated AA
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

User authentication on the e-Culture Science Gateway with Identity Federations and Identity Providers INDICATE Final Conference, Ankara, 16.10.2010

Open access vs. AAI AAI : Authentication and Autorization Infrastructure When we need authorize and authenticate users access: To access to private data Non disclosure data, administrative info To access to public/private data to distinguish access depends on users and contents (master copy/low definition copy) accounting feature on user activities reading, writing, uploading and changing contents INDICATE Final Conference, Ankara, 16.10.2010

the problem of having multiple usernames INDICATE Final Conference, Ankara, 16.10.2010

Multiple usernames problem: the user point of view Bad management potential identity theft unauthorized exchange of identities INDICATE Final Conference, Ankara, 16.10.2010

Multiple usernames access University or Research Institute Cultural Institution - National Archive Cultural Institution – National Library Authentication Authorization username&password Multiple usernames access Digital Repository Digital Repository Digital Repository INDICATE Final Conference, Ankara, 16.10.2010

Federation IDEM and IDEM GARR AAI service Cultural Institution – National Library Digital Repository Cultural Institution - National Archive Digital Repository University or Research Institute Digital Repository Identity Federation Authentication Authorization username&password INDICATE Final Conference, Ankara, 16.10.2010

Federated access management environment Users are registered only in one site (their home organization) and easly can get access to a variety of resources provided by the federation. single central point of identity management the permission to access resources (attributes) is shared INDICATE Final Conference, Ankara, 16.10.2010

Federated resources: the service point of view Federated access management reduces the burden that currently exists for the resource owner in managing single usernames, one by one The handshake on user credential is protected by protocols adopted by the Federation Access to data is driven by mean of policies acted to discriminate authorized readers and authorized editors of data. INDICATE Final Conference, Ankara, 16.10.2010

Identity Federations INDICATE Final Conference, Ankara, 16.10.2010

Organizations in a Federation INDICATE Final Conference, Ankara, 16.10.2010

Secure Assertion Markup Language The technology SAML Secure Assertion Markup Language http://saml.xml.org/ http://shibboleth.net/ INDICATE Final Conference, Ankara, 16.10.2010

Federations in the world https://refeds.org INDICATE Final Conference, Ankara, 16.10.2010

IDEM: the Federation in ITALY 42 IDPs 72 resources ~ 1.000.000 potential end users … we are growing… https://www.idem.garr.it INDICATE Final Conference, Ankara, 16.10.2010

INDICATE e-CSG http://indicate-gw.consorzio-cometa.it http://www.indicate-project.eu http://indicate-gw.consorzio-cometa.it Roberto Barbera Lyon, 20/09/2011 INDICATE Final Conference, Ankara, 16.10.2010

Integration with identity federations INDICATE Final Conference, Ankara, 16.10.2010

More info: Grazie Gabriella Paolini gabriella.paolini@garr.it Sabrina Tomassini sabrina.tomassini@garr.it Thanks to their contributions Maria Laura Mantovani (GARR/Università Modena e Reggio Emilia) Roberto Barbera (COMETA) INDICATE Final Conference, Ankara, 16.10.2010

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.