Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.

Slides:



Advertisements
Similar presentations
Managing Roles & Privileges with Grouper and Signet Middleware Nate Klingenstein (some words stolen from Tom Barton & Lynn Mcrae) Helsinki EuroCAMP, April.
Advertisements

SOA Baby Steps Tom Barton University of Chicago. U Chicago & SOA No Big App dropping it on us, yet Wanna be prepared though Web Services seems like a.
JNDI Java Naming Directory Interface JNDI is an API specified in Java that provides naming and directory functionality to applications written in Java.
Managing Authorization with Signet and Grouper Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University of Chicago Lynn.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Chapter 3 An Introduction to Relational Databases.
Organizing Data & Information
Chapter 14: Advanced Topics: DBMS, SQL, and ASP.NET
Chapter 4 Relational Databases Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 4-1.
Lecture 7 Access Control
Configuration Management
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Chapter 4 Relational Databases Copyright © 2012 Pearson Education 4-1.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
Setting up the Grouper and Signet Databases Joy Veronneau Cornell University Identity Management November 7, 2006.
Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Signet and Grouper for Distributed Attribute Administration
Managing Roles & Privileges with Grouper and Signet Middleware Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University.
Database System Concepts and Architecture Lecture # 3 22 June 2012 National University of Computer and Emerging Sciences.
COMPUTING FOR BUSINESS AND ECONOMICS-III. Lecture no.6 COURSE INSTRUCTOR- Ms. Tehseen SEMESTER- Summer 2010.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
Introduction –All information systems create, read, update and delete data. This data is stored in files and databases. Files are collections of similar.
Chapter 3 An Introduction to Relational Databases.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
A detailed look at the Microsoft Windows Infrastructure at UWE including Active Directory (AD), MIIS, Exchange, SMS, IIS, SQL Server, Terminal Services.
RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.
Access Management with Grouper Tom Barton University of Chicago.
SEC835 Practical aspects of security implementation Part 1.
Configuration Management (CM)
8.1 Lawson Security Overview Del Dehn Product Manager.
Application Policy on Network Functions (APONF) G. Karagiannis and T.Tsou 1.
1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.
Using Grouper and Signet for Access Management Kathryn Huxtable GPN Annual Meeting 30 May 2008
Using Signet and Grouper for Access Management Using Signet and Grouper for Access Management Tom Barton, University of Chicago Lynn McRae, Stanford University.
Relational Databases.  In week 1 we looked at the concept of a key, the primary key is a column/attribute that uniquely identifies the rest of the data.
Database Administration
© 2006 The University of Chicago Grouper Backgrounder for Authorization WG Tom Barton, U Chicago.
Database Management Supplement 1. 2 I. The Hierarchy of Data Database File (Entity, Table) Record (info for a specific entity, Row) Field (Attribute,
Grouper Tom Barton University of Chicago. I2MM Spring Outline  Grouper’s place in the world  Some Grouper guts  Deployment scenarios.
30 April 1998IBM1 Directory Services Best Practices Ellen Stokes, Directory Architect IBM Austin
BI Practice March-2006 COGNOS 8BI TOOLS COGNOS 8 Framework Manager TATA CONSULTANCY SERVICES SEEPZ, Mumbai.
Computer Security: Principles and Practice
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
Jennifer Widom Relational Databases The Relational Model.
ASET 1 Amity School of Engineering & Technology B. Tech. (CSE/IT), III Semester Database Management Systems Jitendra Rajpurohit.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Chapter 14: System Protection
Chapter 6 - Database Implementation and Use
I2/NMI Update: Signet, Grouper, & GridShib
Chapter 4 Relational Databases
Data Warehouse.
Chapter 2 Database Environment Pearson Education © 2009.
MANAGING DATA RESOURCES
Chris Hyzer, University of Pennsylvania
Relational Databases The Relational Model.
Relational Databases The Relational Model.
Chapter 14: Protection.
Database Design Hacettepe University
Grouper: A Toolkit for Managing Groups
Advanced Database Concepts: Reports & Views
PDI: Intro to Grouper Jeff Ruch Jeff Ruch ACNS Middleware
Signet & Privilege Management
Chapter 2 Database Environment Pearson Education © 2009.
Chapter 2 Database Environment Pearson Education © 2009.
INTRODUCTION A Database system is basically a computer based record keeping system. The collection of data, usually referred to as the database, contains.
Managing Roles & Privileges with Grouper and Signet Middleware
Presentation transcript:

Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford

Distributed Access Management CAMP 2 Workshop Orientation Agenda –Intro: What are Grouper & Signet? What are the chief technical integration tasks to implement them? –Examine each of these integration areas –Handout Level of detail: capabilities, not syntax of configuration files Try to complement, not overlap, program of the CAMP that follows

Distributed Access Management CAMP 3

4 Relative Roles of Signet & Grouper Grouper Signet RBAC model Users are placed into groups (aka “roles”) Privileges are assigned to groups Groups can be arranged into hierarchies to indirectly bestow privileges Grouper manages, well, groups Signet manages privileges Separates responsibilities for identification & entitlement

Distributed Access Management CAMP 5 Relative Roles of Grouper & Signet Grouper Binary info – you’re either in some list or not Identity- or affiliation-based access control or distribution Identification layer of an encompassing access management scheme Locally tweak or combine other groups Signet Structured, qualified info – limits, conditions, scope, … Oriented to individuals rather than roles Human judgment and chain of authority essential for access decisions Enable functional, not just technical, people to manage privileges Supports policy control closer to source of authority Audit requirements

Distributed Access Management CAMP 6 Glimpses of Grouper & Signet

Distributed Access Management CAMP 7

8 Subject API Objective: Enable integration of IdM-enhancing tools with existing IdM infrastructure How: Abstraction layer –Abstracts object schema & identifiers –Abstracts back-end storage technology What: A Subject is an object of any type managed by the IdM system –person, group, application

Distributed Access Management CAMP 9 Sources & Subjects Source – a database of subjects –Common back-end store –Common object schema Subject –subjectId, unique within a Source Subject attributes –Identifying – e.g. netId, employeeId, studentId –Descriptive – e.g. name, department, title Subject reference: (subjectId, sourceId) ( In v0.2.1 it’s (subjectId, sourceId, typeId) )

Distributed Access Management CAMP 10 Subject API Capabilities Select/search –Get a Subject by its subjectId –Get a Subject by specifying the value of an identifying attribute –Get a Set of Subjects matching a substring search of its attributes Present –Single attribute, Map of all attributes

Distributed Access Management CAMP 11

Distributed Access Management CAMP 12 Reference Source Adapters JDBC Source Adapter –Heart of configuration is SQL code that implements each search & selection method –Returns one table, each row is one Subject, columns are their attributes JNDI Source Adapter –Heart of configuration is an LDAP query specification implementing each search & selection method

Distributed Access Management CAMP 13 Design Issues For Subject API Deployment Choice of subjectId namespaces Consistency of sourceId assignment and subjectId namespace across multiple Source Adapter instances Subject v0.2.1 (current) vs. v1.0 –No more subject “types” –Enabling applications to behave differently with different “types” of subjects

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.