University Computing Centre - Srce

Slides:

Advertisements

Similar presentations

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,

Advertisements

Identity Network Ideals – Heterogeneity & Co-existence

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

Federated access to e-Infrastructures worldwide

18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s.

Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

Identity Services Goals ① Improved and timely access to MIT services ② Reliable modular utilities (i.e. power, water, phone) ③ Easy integration for.

Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

SWITCHaai Team Federated Identity Management.

AAI with simpleSAMLphp

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

(From Radius Hierarchy to AAI) Miroslav Milinović University Computing Centre - Srce EuroCAMP Ljubljana, March 2006.

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.

Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.

Education roaming Secure Wireless Service for Research and Education.

Grouper at the University of Minnesota Christopher A. Bongaarts Grouper Virtual Working Group May 20, 2013.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

Identity management, authentication and registration at the University of Helsinki Tietotekniikkaosasto Ismo Aulaskari

Shibboleth for Real Dave Kennedy

Miroslav Milinović University Computing Centre - Srce TF-EMC2 meeting Zagreb, January 2005.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Scared Straight… if you want to go outside… Authenticate Locally, Act Globally.

Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Networks ∙ Services ∙ People Daniela Pöhn REFEDS EWTI, Vienna IdPs and Federations Service Aspects of Assurance SA5T1.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

Programme ›TERENA ›Overview of the middleware initiatives in the European Higher Education ›What is eduroam: the technology and how to set up eduroam ›eduroam-in-a-box:

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

Tutorial on Science Gateways, Roma, Riccardo Rotondo Introduction on Science Gateway Understanding access and functionalities.

European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Project Moonshot Daniel Kouřil EGI Technical Forum

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

10 Years of eduroam (from an idea to a product)

LIGO Identity and Access Management

On Monitoring, Diagnostics and Measurement in eduGAIN and Beyond

Shibboleth Roadmap

Use case: Federated Identity for Education (Feide)

eduTEAMS platform for collaboration Niels Van Dijk

University of Texas System

AAAI Pathfinder J Jensen, STFC 031 Oct,

Ian Bird GDB Meeting CERN 9 September 2003

RESTENA Foundation TF-MNM 16 feb 2011

EGI-Engage Engaging the EGI Community towards an Open Science Commons

An AAI solution for collaborations at scale

ESA Single Sign On (SSO) and Federated Identity Management

Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007

The French federation Eurocamp 2007 Helsinki

Some data about the CBIC Federation

Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)

U.T. System Federated Identity Management Update

Protecting Network Assets

AAI Architectures – current and future

Federations: Introduction Justin Knight, Jisc

AAI in EGI Status and Evolution

Technical Issues with Establishing Levels of Assurance

Presentation transcript:

University Computing Centre - Srce AAI@EduHr Miroslav Milinović University Computing Centre - Srce <miro@srce.hr> EuroCAMP Helsinki, April 2007

Contents general information IdM practices policy enforcement roles & groups schemas authN & certs

General information evolved from radius hierarchy (network access as killer app.) AAI@EduHr SW base (RADIUS + LDAP + SOAP) current architecture in full operation since 03/2006 213 (34) + 1 IdP (nearly 300000 enabled users) SP: 16 + 27 eduroam hot spots around 5.000.000 AuthN reqs processed per month service types: network access (eduroam: wired & wireless, dial-up, cable, EDGE/GRPS) Web based services (LMS, web apps, helpdesks, ...) computing resources (basic services) coupled with national student card & information system of higher.ed.

IdM practices IdM policy technical and organisational requirements data has to be up-to date f2f user registration (registered mail?) IdPs have relative freedom but are considered liable for missuse more formalisation and harmonisation needed a large number of IdPs (diversity in size and technical expertise) is a challenge

Policy enforcement IdPs: based on agreements with CARNet and Ministry of science, education and sport resource registry for SPs a large number of IdPs (diversity in size and technical expertise) is a challenge different service classes (network vs. application access) need a different approach to different SPs (eduroam hotspots vs. apps. providers) more formalisation planned

Roles & groups via specific atributes in hrEduPerson schema hrEduPersonAffiliation, hrEduPersonPrimaryAffiliation, hrEduPersonRole hrEduPersonProfessionalStatus, hrEduPersonAcademicStatus, hrEduPersonTitle, hrEduPersonScienceArea, hrEduPersonStudentCategory, hrEduPersonStaffCategory hrEduPersonGroupMember via specific AuthZ solutions at SP’s side croGRID community as a driver for future development federated identity (?) tool for handling groups (?)

Schemas hrEduPerson, hrEduOrg use of SCHAC planned in (near) future registry: http://schema.aaiedu.hr/ ver 1.2. use of SCHAC planned in (near) future harmonisation of attributes (attrib. values) for international (european) conferderations is a challenge

AuthN & certs SCS (TERENA) for services user/passwd seems to be enough for (end)users killer app. needed for (effective) deployment of other authN methods X-CARD project (?) croGRID – a separate case (SLCS solution)