Single Sign-On (SSO) Authentication

Slides:



Advertisements
Similar presentations
Connected Health Framework
Advertisements

Identity Network Ideals – Heterogeneity & Co-existence
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
CNRIS CNRIS 2.0 Challenges for a new generation of Research Information Systems.
Widely Distributed Access Management Tom Barton University of Chicago.
Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.
Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.
ESA EO Federated Identity Management Initiatives A. Baldi ESA: M. Leonardi RHEA:
1 World-Leading Research with Real-World Impact! Authorization Federation in IaaS Multi Cloud Navid Pustchi, Ram Krishnan and Ravi Sandhu SCC 2015.
EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
Tim Bell 24/09/2015 2Tim Bell - RDA.
Jamie Hall (ILL). SciencePAD Persistent Identifiers Workshop PANData Software Catalogue January 30th 2013 Jamie Hall Developer IT Services, Institut Laue-Langevin.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
HEXAA e-Science gateways with external attribute authority István Tétényi, MTA SZTAKI 21-May-2014 Co-Authors: Mr. Héder, Mihály (MTA SZTAKI); Mr. BAJNOK,
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
NREN Trust and Identity Strategy Ann Harding, SWITCH Cambridge July 2014.
IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)
b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.
Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,
INDIGO – DataCloud Security and Authorization in WP5 INFN RIA
Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
Authentication and Authorisation for Research and Collaboration Heiko Hütter, Martin Haase, Peter Gietz, David Groep AARC 3 rd.
Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS
EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No Aalto Data Repository.
Security in the wider world David Kelsey (STFC-RAL) GridPP37 – Ambleside 2 Sep 2016.
Web SSO with Cloud Resources using AD Federation Services
Introduction to AAI Services
GEOSS Federated Single Sign-On
WLCG Update Hannah Short, CERN Computer Security.
Issues need harmonization
ESA EO Federated Identity Management Activities
Cross-sector and user-centric AAI
Azure Active Directory - Business 2 Consumer
TrustTech - Task Overview (GN4-2 JRA3-T3)
EGI Updates Check-in Matthew Viljoen – EGI Foundation
AAI for a Collaborative Data Infrastructure
AARC Update What’s been happening in AARC which matters for GÉANT
Unleashing Earth Observation data
eduTEAMS platform for collaboration Niels Van Dijk
eduTEAMS – Current status & Future Plans
HMA Identity Management Status
Identity Federations - Overview
Christos Kanellopoulos
CheckIn: the AAI platform for EGI
Federated Identity Management for Researchers (FIM4R)
Check-in Nicolas Liampotis
EGI-Engage Engaging the EGI Community towards an Open Science Commons
ELIXIR Safeguarding the results of life science research in Europe
ESA Single Sign On (SSO) and Federated Identity Management
Exploitation Platforms and Common Reference Architecture
NextGen Access Control Platform
EduTEAMS at a Glance Mandeep Saini Linz, Austria 30 May 2017.
AAI For Researchers Licia Florio AARC Project Coordinator GÉANT DI4R
Common Authentication and Authorisation Service for Life Science Research Mikael Linden, ELIXIR Finland.
AARC2 JRA1 Update Nicolas Liampotis
AAI Architectures – current and future
Matthew Levy Azure AD B2B vs B2C Matthew Levy
Community AAI with Check-In
Device Registration and Multi-Factor Authentication
GN2 JRA5 Roaming and Authorisation Jürgen Rauschenbach, DFN-Verein
AAI in EGI Status and Evolution
JRA1: Integrated AAI Developments
Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS.
Authentication and Authorisation for Research and Collaboration
eIDAS-enabled Student Mobility
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Single Sign-On (SSO) Authentication Marco Leonardi 23/10/2018

Summary ESA Earth Observation Single Sign On ESA Pathfinder activities ESA Plans for standard and interoperable authentication solutions DATA-14 White paper on Single Sign On Authentication

ESA Earth Observation Single Sign On (1) Heterogeneous users communities Protected ESA EO Resources ESA EO Services ESA EOSSO Self-Registration Service Attributes Authorisation (ABAC) Authentication ESA EO Users Community

ESA Earth Observation Single Sign On (2) What’s behind the “Single sign-on”? Ad-hoc solutions for legacy services (i.e. ftp) SAML2 Central Repository Centralised Access Policies Based on Attributes

ESA Pathfinder activities – Achievements in 2018 Successfull Cloud services access pilot: Scope of the pilot was to: experiment cloud-based Identity and Access Management mechanisms for EO Applications by using different authentication/authorisation technologies like SAML, OAuth, OpenID Connect Integrate such AAI with the most representative cloud services management software like Ceph and Keystone Successfull ESA Earth Observation federation pilot: This pilot implements a working SAML federation between different ESA EO departements by also supporting social media login capabilities (i.e. Facebook and Google) Successfull federation pilot between space organizations: This pilot implements working SAML federations between different organizations like ESA, DLR and EUMETSAT (services and identity providers)

ESA Plan for standard and interoperable authentication solutions ESA is performing an evolution in its user and identity management infrastructure aiming at standardising architectures and processes in line with the results of the most recent initiatives in this field like in example the AARC Blueprint Architecture The new ESA Earth Observation Identity and Access Management Infrastructure (EO-IAM) will allow user access to satellite data and to the Exploitation Platforms’ services by supporting standard digital identities federations (and interfederations like eduGAIN) The new ESA EO-IAM will be able to make the federated user identification an enabler for the Exploitation Platforms in the context of the Network of EO Resources

DATA-14 White paper on Single Sign On Authentication The aim of the new white paper will be to promote the best practices for the (federated) single sign on authentication International working groups and research organizations are working on this topic since many years with the objective of creating a shared approach to the identity and access management needs «Interoperability» is one of the main drivers and «federation» is one of the most promising solutions Interoperable federations for single sign on authentication need to share best prectices and standard architectures International space organizations and scientific communities active in the field of the Earth Observation can cooperate in order to improve the way the EO Data resources can be accessed by the users

QUESTIONS? Marco Leonardi EO Software Engineer Phone: +39 06 941 88644 Email: marco.leonardi1@esa.int QUESTIONS?