Future Ideas: Federation and Integration

Slides:

Advertisements

Similar presentations

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Advertisements

© 2006 IBM Corporation Tivoli Identity Manager Express Tivoli Access Manager for Enterprise Single Sign-On (Product Demonstrations) Tivoli Live! – 15 June.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Multi-tenant Resource Management for Instruments, Applications, and Services (The evolution of infrastructure consortiums…) Dean Flanders FMI / SystemsX.

Update of Japanese Academic Access Management Federation GakuNin in 2011 Nakamura, M, Yamaji, K.

DRAGOLJUB NESIC 08/12/2013 DOES IDENTITY MANAGENT REALLY HAVE TO BE DIFFICULT?

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Widely Distributed Access Management Tom Barton University of Chicago.

CONNECT as an Interoperability Platform - Demo. Agenda Demonstrate CONNECT “As an Evolving Interoperability Platform” –Incremental addition of features.

FIM-ig Federated Identity Management Interest Group.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers

EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,

Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.

Shibboleth: An Introduction

Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.

Payment in Identity Federations David J. Lutz Universitaet Stuttgart.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.

Projecting Infrastructure to the CLOUD CSG discussion Fall Princeton University.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.

IAM VISION OUR CREATIVE INSPIRATION IAM STRATEGY & ROADMAP TEAM JUNE 3, 2015.

Facing the challenge of relevance Erwin Bleumink 4 June 2013 TNC13.

B2access.eudat.eu B2ACCESS User Training How to register with B2ACCESS Version 1 February 2016 This work is licensed under the Creative Commons.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Adapting Webconference Cloud Services to R&E communities Session: Successful instantiations of cloud services Rui Ribeiro FCCN|FCT 21 May 2014.

Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Security in Research Computing John Sandefur UAB Comprehensive Cancer Center John-Paul Robinson UAB Research Computing.

Web SSO with Cloud Resources using AD Federation Services

J. Quinteros, A. Heinloo, B. Weber, L. Hämmerle and W. Pempe

Azure Active Directory - Business 2 Consumer

Update from the Faster Payments Task Force

Use case: Federated Identity for Education (Feide)

Data and Applications Security Developments and Directions

IRIS: Enabling Research Consortiums

National e-Infrastructure Vision

CRISP WP16 F2F Meeting, RAL Sep 27

Autentication & Umbrella

Marketplace & service catalog concepts, first design analysis

Scalability of trust and metadata exchange across federations

Building a National Access Management Infrastructure

South African Identity Federation

The AARC Project Licia Florio (GÉANT) Christos Kanellopoulos (GRNET)

InAcademia Simple Validation Service Niels van Dijk

CLOUD COMPUTING SECURITY

ESA Single Sign On (SSO) and Federated Identity Management

Public Key Infrastructure from the Most Trusted Name in e-Security

AIP Disaster Management Using Single-Sign-On

Community AAI with Check-In

Azure AD Simon May Technical Evangelist.

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

Future Ideas: Federation and Integration Dean Flanders FMI / SystemsX 3rd PaN-Data & CRISP Harmonization Meeting June 13 2012, Radisson Blue ZH Airport

Background The landscape for resource management in life sciences are essentially identical to physics (e.g. DUO), but different in that there are many small independent facilities with many different usage modes. The situation continues to go in this direction with more cross-institutional collaborations and resource sharing as scientific questions become larger and more complex (e.g. Euro-Bioimaging Project, commercial vendors). Most people have been focusing in how the problem is solved as opposed to solving the problem.

Cloud based Resource / Request Management in Life Sciences

Authentication Considerations The underlying authentication technology should be SAML based so integration to other federations and institutions is trivial. The service needs to be secure and trusted. Ability to use a users institutional username and password. Affiliation with an institution needs to be validated. Easy integration into other institutions (including commercial), there are obstacles in the current NREN structures.

Similar efforts: Incommon.org 1. Single sign on 2. Services no longer manage user accounts & personal data stores 3. Standards-based technology 4. Home org and user controls privacy 5. Self-registration of academic and commercial institutions. 6. Professional service and infrastructure. 7. Governance. 2011.11.23

Current Test Setup at FMI and ETH based on SAML protocol Service Provider Access Control Service in the Cloud Active Directory Federation Services Active Directory This has been going on for years in physics, but the model must be adapted to work with the life sciences. Non-competitive resources must be shared in order to achieve economies of scale.

Additional Attributes Central DB (in the cloud) Local DB (institute level) This has been going on for years in physics, but the model must be adapted to work with the life sciences. Non-competitive resources must be shared in order to achieve economies of scale.

Integration with Umbrella (light) This has been going on for years in physics, but the model must be adapted to work with the life sciences. Non-competitive resources must be shared in order to achieve economies of scale.

Integration with Umbrella (full) This has been going on for years in physics, but the model must be adapted to work with the life sciences. Non-competitive resources must be shared in order to achieve economies of scale.

Possible GUI Interface 2011.11.23

Possible Outcomes Single sign on (institutional based account) Standards-based technology Home org and user controls privacy Self-registration of academic and commercial institutions Professional service and infrastructure Governance

Conclusion Very similar needs. The technology, knowledge, and resources are available to achieve this. It will require a strong commitment and patience to work through the issues. Must be more interested in solving the problem than how we make the solution.