Sébastien BAHLOUL LINAGORA 5 April 2006 – ObjectWeb Meeting - Grenoble

Slides:



Advertisements
Similar presentations
Directory Infrastructure Roadmap Overcoming Fragmented Identities - Roadmap to a Reliable Directory Infrastructure Thorsten Butschke & Dr. Martin Dehn.
Advertisements

MyProxy Jim Basney Senior Research Scientist NCSA
Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.
Lecture plan Information retrieval (from week 11)
OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007.
ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
MyProxy: A Multi-Purpose Grid Authentication Service
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
Chris J.T. Auld Director – Strategy and Innovation Intergen MSDN Regional Director.
“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”
Upgrading to Novell ® SecureLogin 3.5 Rod Tietjen,
CaGrid 2.0 December What is caGrid 2.0??? Provides a patch for caGrid 1.x to support SHA2 OSGi implementation of WSRF on the new technical stack.
SWITCHaai Team Introduction to Shibboleth.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.
PAPI Points of Access to Providers of Information.
Adaptive Hypermedia Tutorial System Based on AHA Jing Zhai Dublin City University.
Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers
Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California.
10/25/20151 Single Sign-On Web Service Supervisors: Viktor Kulikov Alexander Sherman Liana Lipstov Pavel Bilenko.
SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP.
Fonkey Project Update: Target Applications TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Enterprise Portals Empowering Business via Technology Rajesh Moparthi.
Apache Web Server Architecture Chaitanya Kulkarni MSCS rd April /23/20081Apache Web Server Architecture.
Google Code Libraries Dima Ionut Daniel. Contents What is Google Code? LDAPBeans Object-ldap-mapping Ldap-ODM Bug4j jOOR Rapa jongo Conclusion Bibliography.
Apache Solr Dima Ionut Daniel. Contents What is Apache Solr? Architecture Features Core Solr Concepts Configuration Conclusions Bibliography.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
The FederID project The First Identity Management and Federation Free Software.
The LemonLDAP::NG project
1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.
Clément OUDOT. 2 Table of contents ● LINAGORA Group ● A question of Identity ● Liberty Alliance ● The FederID architecture ● Advanced use of LDAP ● Conclusion.
Introduction  Model contains different kinds of elements (such as hosts, databases, web servers, applications, etc)  Relations between these elements.
Alain Bethuyne Web Security Architect BNPParibas Fortis
Dr. Michael B. Jones Identity Standards Architect at Microsoft
Netscape Application Server
Using E-Business Suite Attachments
Data Bridge Solving diverse data access in scientific applications
HMA Identity Management Status
Open Source distributed document DB for an enterprise
SaaS Application Deep Dive
Overall Architecture and Component Model
Web Portal Project.
Notification Service JA-SIG June 6, 2006 One stop shopping
Server Concepts Dr. Charles W. Kann.
Creating Novell Portal Services Gadgets: An Architectural Overview
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Notification Service May 19, 2006 Jon Atherton Mark Mara.
Dumps PDF Architecting Microsoft Azure Solutions Are You Worried About Your Exam…
April Webinar: Advanced Configuration of Order Forms in Workflow
Enterprise Service Bus (ESB) (Chapter 9)
What’s changed in the Shibboleth 1.2 Origin
Distributed System Using Java 2 Enterprise Edition (J2EE)
Cloud Web Filtering Platform
Chapter 17: Client/Server Computing
Technical Capabilities
Introduction of Week 11 Return assignment 9-1 Collect assignment 10-1
A Network Operating System Edited By Maysoon AlDuwais
Web Servers (IIS and Apache)
Securing web applications Externally
UML  UML stands for Unified Modeling Language. It is a standard which is mainly used for creating object- oriented, meaningful documentation models for.
SDMX IT Tools SDMX Registry
Presentation transcript:

Sébastien BAHLOUL LINAGORA 5 April 2006 – ObjectWeb Meeting - Grenoble The FederID project Sébastien BAHLOUL LINAGORA 5 April 2006 – ObjectWeb Meeting - Grenoble

Table of contents What is it ? Attended audience Technical goals Core components: Presentation Architectures Status / TODO Project planning The communities, the project and ObjectWeb

What is it ?

Attended audience of the project Administrations: How to manage my employees' identities? How to offer services to other well known administrations, companies, associations, etc.? How to offer services with other public entities for the citizens (SSO, global registration, etc.)? How to manage identity federation with private life respect (avoid unique global identifier)? Private companies: How may I share services with my partners without giving all my clients' files? How to offer higher on-line transaction confidence by federating instead of aggregating information?

Technical goals Now, respect standards: LDAP: Advanced Access Controls List System (AACLs) Standard JNDI / JLDAP integration DSML: Through OpenLDAP (ex-Novell) API Liberty Alliance: Native ID-FF 1.2 and ID-WSF implementation (LASSO) And SSO usage: HTTP request headers (LemonLDAP) Support any authentication methods (password, x509v3, biometrics, Radius, etc.)

Technical goals In the future: Implementation: SAMLv2: as Identity and Service provider in a circle of trust SPML: to enable interaction between systems and application that support provisioning through this mark- up language Proposal: Ldap Query Language (LQL): Extends the LDAP simple query standard

What are the core components ? InterLDAP: identity management (directory and access control models, web and web service interfaces, data management) Written in Java on top of Tomcat LASSO: Library that supports Liberty Alliance standards (Identity federation, SSO, attributes sharing) Written in C on top of libXml2, OpenSSL LemonLDAP: Single Sign On reverse proxy providing HTTP request headers to applications Written in Perl as an Apache Handler

InterLDAP architecture

InterLDAP directory organization sample

LASSO architecture

LemonLDAP architecture

InterLDAP status OK: Registration process Dynamic access control model Availability of generic interfaces Dynamic notification of modified information KO: Only generic interfaces available Special developments done in OpenLDAP (extended referrals, etc.) Data selection API Conception errors linked to the monolithic characteristic of the project

InterLDAP status TODO: Rewrite parts the project: AACLs as on OpenLDAP overlay and as an Apache DS module Rewrite the LDAP connection pool Define how to manage generic and specialized web interfaces Improve the LDAP Simple Connector sub project to a true Meta Directory with connectors to (and from): Systems and other directories (AD, eDirectory, etc.) Databases Include nice features like: SASL delegation Proxy authorization X509v3 SPML

LASSO status OK: Liberty Alliance standard implementation Interaction with other product Multilingual bindings through Swig KO: Ease of use Documentation TODO: Implements SAMLv2 support Integrates LASSO with LemonLDAP to create a Service Provider Integrates LASSO with InterLDAP to create an Identity Provider

LemonLDAP status OK: Tested and functional with compatible applications 2 years production experience KO: Scalability of the original version (Use of relational DB) Ease of deployment (LemonLDAP server side) Directory model integration Documentation TODO: Improve documentation Improve new instances integration Include a better directory query engine

Project planning

The community, the project and ObjectWeb The communities are, at this time, small (less than 20 people) The project: Offers one kind of solution to a variety of issues around identity management and federation Is the only Open Source project to solve most of the issues mentioned (at our knowledge) Is Open Source and targets to be highly configurable and integrable ObjectWeb: Involved in FederID project as incubator Using different components like Enhydra Octopus, Shark & JaWE, JOTM

Questions ?

Thanks to ... My company, LINAGORA, which supports part of the development of InterLDAP Entr'ouvert, Thales DSV and ISTASE which trusted us to launch the project Clément Oudot who has improved a lot this presentation Jean-Baptiste Nataf and Alexandre d'Alton without whom InterLDAP would never have been started And many other, for their advices, patches, etc. And You, architects from the ObjectWeb consortium for your questions and points of view

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.