ESA Single Sign On (SSO) and Federated Identity Management

Slides:



Advertisements
Similar presentations
PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
Advertisements

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
1 Wolfgang Lierz Staff IT-Services / Network & Security Admin ETH-Bibliothek Zurich Integration Primo-Aleph-PDS-SSO- AAI Wolfgang Lierz / IGeLU 2012 Zurich.
CNRIS CNRIS 2.0 Challenges for a new generation of Research Information Systems.
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
WSO2 Identity Server Road Map
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Understanding Active Directory
Widely Distributed Access Management Tom Barton University of Chicago.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
FIM-ig Federated Identity Management Interest Group.
Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.
SWITCHaai Team Federated Identity Management.
ESA EO Federated Identity Management Initiatives A. Baldi ESA: M. Leonardi RHEA:
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.
Athens – integrated AMS services Ed Zedlewski JISC/CNI Conference Edinburgh, June 2002.
SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
THE CAMPUS IDENTITY SYSTEM Lucy Lynch, NSRC. Learning Objectives Discovering the key role campus networks play in trusted identities for R&E Authoritative.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
The FederID project The First Identity Management and Federation Free Software.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Web SSO with Cloud Resources using AD Federation Services
Identity and Access Management
WLCG Update Hannah Short, CERN Computer Security.
ESA EO Federated Identity Management Activities
Azure Active Directory - Business 2 Consumer
LIGO Identity and Access Management
EGI Updates Check-in Matthew Viljoen – EGI Foundation
eduTEAMS platform for collaboration Niels Van Dijk
Extending Authentication to Members of Social Networks
HMA Identity Management Status
Identity Federations - Overview
SaaS Application Deep Dive
Grid accounting system
CheckIn: the AAI platform for EGI
Federated Identity Management for Researchers (FIM4R)
CLARIN Federated Identity Vision
NAAS 2.0 Features and Enhancements
Getting Started.
Getting Started.
AARC Blueprint Architecture and Pilots
Miami-Dade County Public Schools
Matthew Levy Azure AD B2B vs B2C Matthew Levy
Single Sign-On (SSO) Authentication
Community AAI with Check-In
Ignition’s Security Features
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
worlds largest IT service provider
Presentation transcript:

ESA Single Sign On (SSO) and Federated Identity Management Marco Leonardi 12/04/2018

Summary Current Operational status ESA EOSSO evolution Pathfinder activities Future plans

Operational Status The current ESA Earth Observation Single Sign-On infrastructure (EO-SSO) is based on the SAML standard and it provides a custom implementation on top of the Shibboleth Identity Provider (IdP) and Checkpoint (CP) software Users can register themselves via a self registration mechanism, both for ESA staff/contractors and for external users not belonging to ESA EO-SSO provides registered users with an unique account they can use to access Earth Observation services (i.e. EO data online dissemination services, information portals, etc.) SAML federations are currently not supported by EO-SSO ~46k users are registered into the EO-SSO More than 40 services are connected to the EO-SSO One administrative domain is currently defined by using a single Identity Provider (IdP)

EO-SSO Evolution An evolution of the ESA user and identity management infrastructure is currently in place aiming at standardising the overall architecture and at integrating new functionalities The main objectives of this evolution are: To reduce maintenance effort To simplify operations To add federation capabilities To improve users management capabilities To reduce ad-hoc implementation To align the EO-SSO to the status of the art of the Federated Identity Management principles

Identity and Access management architecture Reporting, Monitoring Security, Privacy, Data Protection IAM - Identity and Access Management Identity Management User Management Delegated Administration Provisioning Self-service … Central Users Repository Data Synchronisation Meta-directory Virtual directory Access Management Authentication Single Sign On Session Management Password Service … Authorisation Role-based Rule-based Attribute-based

ESA EOSSO evolution (Phase 1) Custom Migration tool Custom non-web library (JCL) Custom SOAP Interface Custom software Layer Custom identity management interface Open LDAP Vanilla Shibboleth IdP Single sign on AuthN Attributes release Compatible with SAML federations Vanilla Shibboleth Checkpoint Single sign-on Standard Logout

ESA EOSSO evolution (Phase 2) Custom SOAP Interface Custom software Layer Custom identity management interface Open LDAP Vanilla Shibboleth Checkpoint Single sign-on Standard Logout Vanilla Shibboleth IdP Single sign on AuthN Attributes release Compatible with SAML federations Attribute Authority Provisioning of services’ attributes Compatible with SAML federations Resource Registry Tool Web domain management tool

Pathfinder activities Cloud services access pilot (Q4 2017): Scope of the pilot was to experiment cloud-based Identity and Access Management mechanisms for EO Applications by using different authentication/authorisation technologies like SAML, OpenID Connect A practical integration has been implemented by using most representative cloud services management software like Ceph and Keystone ESA Earth Observation SAML federation pilot (Q2 2018): This pilot aims at implementing a working SAML federation between different ESA EO administrative domains One of the main objectives of the pilot is to implement a separated users and identity management for ESA internal users (staff and contractors) and for the so called homeless users (users not belonging to ESA) Social media login capability for homeless users is supported

Future plans The ESA Earth Observation Single Sign-On infrastructure (EO-SSO) will facilitate user access to satellite data and to the Exploitation Platforms’ services by supporting standard digital identities federations The results of the pathfinders will be moved in operations. An operational digital identities federation will be established between the ESA Earth Observation and the ESA IT departments The ESA EO-SSO will support the integration with existing research (inter)federations like eduGAIN by enabling the research communities to access satellite data and services in a standard and simplified way The ESA EO-SSO will be able to make the federated user identification an enabler for the Exploitation Platforms in the context of the Network of EO Resources

Marco Leonardi Software Engineer Phone: +39 06 941 88644 Email: marco.leonardi1@esa.int

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.