Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Slides:

Advertisements

Similar presentations

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.

Advertisements

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Introducing the Macquarie E-learning Centre of Excellence (MELCOE) James Dalziel Adjunct Professor and Director

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Using a Shibboleth Trust Federation to create “Joint Lessons” with LAMS James Dalziel & Ernie Ghiglione Macquarie E-Learning Centre Of Excellence (MELCOE)

The RAMP Project: Authorisation and Activityflow for eResearch James Dalziel Professor of Learning Technology, and Director, Macquarie E-Learning Centre.

18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Alex Reid, AARNet Australia Middleware Update; 16-Oct-06 Middleware in Australia - Update TF-ECM2 Malaga 16-Oct-06 Alex Reid Director, eResearch/Middleware.

16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

Integrating Innovative E-Learning Systems: Challenges and Solutions from LAMS James Dalziel Professor of Learning Technology, and Director, Macquarie E-Learning.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

RAMS Overview: An update on the research workflow tool James Dalziel Professor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence.

Open Code and Open Content for Education: The LAMS Experience

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

19/17/2015 META ACCESS MANAGEMENT SYSTEM Platforms for Collaboration – Plus brief update from Australia – Dr. Erik Vullings MAMS Project Macquarie University’s.

LAMS V2 James Dalziel Professor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) Macquarie University

Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.

A summary of the outputs of the ARCHER Project David Groenewegen, Nick Nicholas and Anthony Beitz ARCHER Project.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

The Global Video Grid: DigitalWell Update & Plan For SRB Integration Myke Smith, Manager Streaming Media Technologies University of Washington / ResearchChannel.

Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

Mellon Year 1 Review Michael J. Halm Alex Valentine.

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

EdReNe, 2nd Strategic Seminar (Lisbon, June 2008) (c) 2008, Daniel Weiler, Centre of Technology of Education Luxembourg’s Educational Portal Enabling Connected.

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.

Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

Gridshib-tech-overview-dec051 GridShib A Technical Overview Tom Scavo NCSA.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014.

126/02/2016 META ACCESS MANAGEMENT SYSTEM A Ship on the Grid – Interoperability between Shibboleth and the Grid – Dr. Erik Vullings Programme Manager Macquarie.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

Recent developments for digital education in Australia: DER, the Australian Access Federation and Learning Design James Dalziel Professor of Learning Technology.

LAMS: The Learning Activity Management System James Dalziel Professor of Learning Technology & Director, Macquarie University E-learning Centre of Excellence.

LAMS: The Learning Activity Management System James Dalziel Professor of Learning Technology & Director, Macquarie University E-learning Centre of Excellence.

RAMS Overview James Dalziel Professor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) Macquarie University

Integrating LAMS using Blackboard Building Blocks and PowerLinks James Dalziel Managing Director, LAMS International Pty Ltd & Professor of Learning Technology.

LAMS: The Learning Activity Management System James Dalziel Professor of Learning Technology & Director, Macquarie E-Learning Centre Of Excellence (MELCOE)

LAMS V2 Beta Launch and Workshop James Dalziel Professor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) Macquarie.

16/26/2016 META ACCESS MANAGEMENT SYSTEM MAMS & the Identity and Access Management (IAM) Suite A Shibboleth-Based VO for eResearch Neil Witheridge Meta.

Technology of Transformation James Dalziel Professor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) Macquarie.

Modelling a team-based astronomy task using LAMS James Dalziel Professor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Learning more about LAMS James Dalziel Professor of Learning Technology & Director, Macquarie E-Learning Centre Of Excellence (MELCOE) Macquarie University,

LAMS: The Learning Activity Management System

LIGO Identity and Access Management

Document & Web Content Management

e-Infrastructure Workshop 28th March 2006, University of Leeds

Low Cost Collaborative Tools to Support Student Teams

ESA Single Sign On (SSO) and Federated Identity Management

Overview and Development Plans

Australia's National Information Infrastructure for Research Markus Buchhorn Director, ICT Environments, The Australian National University (and APAC,

Community AAI with Check-In

NSF Middleware Initiative: GridShib

Presentation transcript:

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) Macquarie University Presentation for Internet2 Conference, San Diego, USA, Monday 8 th October, 2007

Overview MAMS & AAF update –Other federation collaboration services IAMSuite –VO Federation management –VOs and workspaces –People picker for finding potential members National collaboration services

MAMS Testbed Federation “Level-2” Federation (at 26/6/07) : 21 Service Providers 19 Identity Providers (approx 900,000 end users) Growing…

Admin tool: ShARPE April 2007 IdP Administrators import “service descriptions” and create site & group ARPs

User privacy: Autograph April 2007 Users can view attributes released to a SP and manage User ARPs.

Australian Access Federation The Australian Access Federation project is taking forward the work of the MAMS (Shibboleth) and e-Security (PKI) projects to develop a unified trust federation for higher education and research –Policy and governance –PKI and Shibboleth production rollout –Adoption support, workshops, supporting systems, etc Overall AAF rollout led by University of Queensland –Macquarie University leading Shibboleth & AusCERT leading PKI

AAF Shib Trust Fed Components April 2007

Examples of collaboration services Trusted (secure) repositories (documents, data, media) –DSpace (integration of “traditional” application) –Fedora (native support for SAML, XACML for authorisation) –Others to come Secure Real-Time Text Chat –Example: Online Librarian Trusted Gridsphere portal and Virtual Organisation management (“IAMSuite”) –Including access to Grid services via Shibboleth/PKI bridge Workflow for collaborative research (“RAMS”)

A A Shibboleth-enabled DSpace repository

A A “Muradora” - Shibboleth and XACML-based Fedora Repository

A A Shibboleth-based Secure chat service (Jabber) – Online Librarian

RAMS workflow authoring: Online research group meeting

A A Shibboleth-based Virtual Organisation system - IAMSuite

IAMSuite Overview A framework & toolkit for managing a VO Federation under a larger national federation where additional user attributes are managed within VOs. –Core identity attributes come from home IdP each session; only “extras” held in VO –VO attributes can be used for access to VO Federation-only Service Providers, or VO-only features of national Service Providers –IAMSuite provides tools and templates for configuring extra attributes to be released to VO Service Providers, eg for levels of SP authorization (eg, view vs edit wiki) –VO Federation-specific OpenIdP is available (but no access to national federation) VO members can be selected via "People Picker", a federated IdP search –People Picker & IAMSuite may provide a stronger identity foundation than simple "roundtrips" for VO invitation/membership (foundation based on current directory attributes, not working ) –Provides roundtrips as alternative function if no People Picker Current IAMSuite integrated services such as wikis, instant messaging, document repository, video meeting, shared calendars and MyProxy integration The V1 beta release is currently available, and the production V1 release is planned for early 2008.

IAMSuite VO Federation Architecture Fed A VO Fed SP IAMSuite VO VO IdP IdP SP … External SP 1 External SP 2 External SP 3 IdP SP IdP SP OpenIdP WAYF SP

A IAMSuite Toolkit for management of VO Federations and VOs (secure workspaces)

A VO frontpage (right) and components (Services, Content, Roles, Participants - left)

Use PeoplePicker to find a Federation Member.

Configure IdPs to search. Select IdPs from list. Set Search Time-out and limit no. of results to be displayed.

Perform a search based on surname Select the required user information row.

A A IAMSuite VO: Configuring User Authorisation for Trusted Services

A IAMSuite integration with Grid Portlet for Certificates

MAMS is implementing IAMSuite for VeRSI eResearch projects

National collaboration services? Current discussion of federation-level (national) provision of basic collaboration services for any eResearch users For example: –WAYF, People Picker, Virtual Home Organisation (OpenIdP), MyProxy, IAMSuite, Wiki, Mailing List, Shib Instant Messaging, audio & video conf, collaborative activity workflow, etc –Could also provide data federation national services (ANDS “data commons”), eg, Persistent Identifier infrastructure, Data collections registries, National Discovery Service/Authenticated Federated Search, National authorisation fabric, etc Importance of high availability, redundancy, backup, 24x7 support, helpdesk, etc

NB: Under development IAMSuite, People Picker, SP integrations/adaptors, etc are all under current development –Final version may resemble current screenshots IAMSuite & People Picker V1 production release late 07/early 08 Muradora V1 production release this week RAMS (collab workflow) out already, Shib to come soon Online Librarian (Shib Jabber) out already