2006 © SWITCH Group Management Tool Lukas Haemmerle

Slides:



Advertisements
Similar presentations
© 2006 FedEx. All rights reserved. FedEx Ship Manager ® at fedex.com Shipping Administration.
Advertisements

Final Project Instructor: Nguyen Anh Tu Students: Tran Tien Tai Tran Tien Tai Tran Ngoc Mai Tran Ngoc Mai Tu Kim Tuan Tu Kim Tuan Nguyen Ngoc Phuong Nguyen.
RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.
Drybridge Consulting Party Identification Directory Installing the Microsoft Research Service IDEAlliance and Drybridge Consulting – collaborating to deliver.
1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager.
BeKnown How-to: Company Profiles & Jobs App for Timeline.
Datamax/MCL Off-Line License Activation Method
Virtual Trunk Protocol
UNIVERSITY OF EDUCATION BY H.M.ISHTIAQ RAFIQUE. Domain Name Structure.
Slide 1 Insert your own content. Slide 2 Insert your own content.
eduroam Delegate Authentication System with Shibboleth SSO
Lousy Introduction into SWITCHaai
1 An Update on XML.org Registry and Repository Una Kearns Documentum, Inc.
Online Access to Student Information "The primary goal of the Cleveland Metropolitan School District is to become a premier school district in the United.
1 Advanced with GMail A CYC Electives Module
MyProxy Jim Basney Senior Research Scientist NCSA
1 State Wildlife Action Plans Wiki: Business Transformation Tutorial Brand Niemann July 5, 2008
Click to edit Master title style Page - 1 OneSky Teams Step-by-Step Online Corporate Communication Support 2006.
Michigan Electronic Grants System Plus
0 - 0.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
Addition Facts
1 PLAY 60 Challenge Online Tracker. 2 Introduction The PLAY 60 Challenge Online Tracker is a web based physical activity tracker teachers across the country.
Grouper Training End Users Lite UI – External Users
Social Web Design 1 Darby Chang Social Web Design.
Service Access Management Tool Tour: Contract Number
Copyright © Open Text Corporation. All rights reserved. Slide 1 Automatic Routing With Captaris FaxPress and FaxPress Premier Darin McGinnes Sales Engineer.
The Enterprise Business Center. #2 CyberSource Enterprise Business Center your payment processing dashboard ******** Log out security feature All tools.
AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013
Chapter 20 Oracle Secure Backup.
My ELAS December 2012.
In The Name Of Allah, The Most Beneficent, The Most Merciful
CS 22: Enhanced Web Site Design - Week 8Slide 1 of 15 Enhanced Web Site Design Stanford University Continuing Studies CS 22 Mark Branom
Subtitle Version or Date Presentation Title BCeSIS Overview Module 1.
31242/32549 Advanced Internet Programming Advanced Java Programming
Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
1 Welcome to JCCAA Data base presentation Click box to see the DEMO 1.JCCAA Web Site 2. Member Login 3. My Acount 4. School DBA The end.
Addition 1’s to 20.
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Test B, 100 Subtraction Facts
Services Course Windows Live SkyDrive Participant Guide.
11 = This is the fact family. You say: 8+3=11 and 3+8=11
Week 1.
Vanderbilt Business Objects Users Group 1 Linking Data from Multiple Sources.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
LobbyPal Online Visitor Management System by Aquarius Soft
Self-registration of non-institute patron identifiers in Aleph.
Cisco Confidential 1 © Cisco and/or its affiliates. All rights reserved. Last Updated: April 2014 Instructions for Navigating in the Training.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Cisco Confidential 1 © Cisco and/or its affiliates. All rights reserved. Last Updated: April 2014 Instructions for Navigating in the Training.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Apache Web Server Quick and Dirty for AfNOG 2015 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Apache Web Server Quick and Dirty Evelyn NAMARA for AfNOG 2014 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Registration Solutions for your Event Management.
Web Server Administration Chapter 6 Configuring a Web Server.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Web Services using PHP. web services (recap) Web services today are frequently just Application Programming Interfaces (API) or web APIs that can be accessed.
Networks ∙ Services ∙ People Mandeep Saini TNC15, Porto, Portugal Virtual organisation Authorisation Management Practices in Research and.
Web Server Administration Chapter 6 Configuring a Web Server.
UFIT Infrastructure Self-Service. Service Offerings And Changes Virtual Machine Hosting Self service portal Virtual Machine Backups Virtual Machine Snapshots.
ArcGIS for Server Security: Advanced
Integrating ArcSight with Enterprise Ticketing Systems
ESA Single Sign On (SSO) and Federated Identity Management
Presentation transcript:

2006 © SWITCH Group Management Tool Lukas Haemmerle

2006 © SWITCH 2 Situation  Web application/files/functions that must be protected  Access/authorization shall be based on user groups  Overhead for group administration shall be small  Shibboleth/Other solution available  Users have an AAI account Real life example: The slides/photos of this meeting shall only be accessible by all people who attended the meeting.

2006 © SWITCH 3 Case 1: Users share common attributes HomeOrg = IdP X| IdP Y| IdP Z Affiliation = Student StudyBranch = Medicine Access Rule

2006 © SWITCH 4 Case 2: No common user attributes How can these users be authorized?

2006 © SWITCH 5 Solution 1: Create a common attribute Add an entitlement attribute for specific users Require entitlement urn:mace:rediris.es:entitlement:wiki:jra5  Easy solution for a difficult problem  Additional work for user directory administrator  Difficult to efficiently manage many entitlement values  Only IdP admin can manage access + - Access Rule

2006 © SWITCH 6 Solution 2.a: Use uniqueIDs or 1.Get unique IDs or AAI addresses of users. 2.Create access rules like: require uniqueID […] require […]  Straight-forward solution  SP administrator must know unique ID/ address  Difficult to efficiently manage for many users/apps  Only SP admin can manage access + - Access Rule

2006 © SWITCH 7 Solution 2.b: Use SWITCH GMT 0.9  Open Source software (BSD license)  Easy to install  Light-weight PHP application  Human readable text files to store group data Features  Manage multiple groups for multiple applications  Three user/admin roles with different privileges  Transfer privileges to other users  Invite new users to join group via  User can request to join a group (self-registration)  Generate authorization files (Apache.htaccess)  API for use on remote hosts

2006 © SWITCH 8 Administration interface  Every role has different options and views  Red groups are system groups

2006 © SWITCH 9 Group settings

2006 © SWITCH 10 Manage a group

2006 © SWITCH 11 Adding users to a group  Add registered users to one or more groups with a certain role

2006 © SWITCH 12 Inviting new users  Invitation token (link) is sent to provided addresses  Tokens can be revoked

2006 © SWITCH 13 Request to join a group

2006 © SWITCH 14 Generate authorization files  Multiple authorization files can be generated per group  Files are updated automatically on changes

2006 © SWITCH 15 Authorization files

2006 © SWITCH 16 Interface for remote hosts PHP/PERL functions: isInGroup($uniqueID, $gName) getGroupModifyURL($gName) getUserGroups($uniqueID) getStatus() getError() Secure queries:  Over SSL  Encrypted with shared key  Limited to allowed hosts

2006 © SWITCH 17 Summary and outlook Summary  Convenient management of “virtual” groups  Roles can be transferred  Users can request to join a group with self-registration  Authorize users on remote servers  Libraries available for PHP and Perl Preliminary outlook for GMT 1.0  Generation of Shibboleth XML authorization files  Additional API functions with SOAP/REST  Probably new name (e.g. “grot”, “groupy”, …)

2006 © SWITCH 18 Questions Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.