© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.

Slides:

Advertisements

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Advertisements

ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Project Moonshot February Background Project Moonshot 2.

John Chapman, Janet Fall 2012 Internet 2 Member Meeting 3 October 2012 Trust me, I’m an engineer: Engineering trust using a Trust Router infrastructure.

August 2013 Introduction to Moonshot. Why Moonshot? Within education, there are a number of specialised federations: – UK federation - Access to web-based.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.

Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan

E-business Infrastructure

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

UK e-Science and the White Rose Grid Paul Townend Distributed Systems and Services Group Informatics Research Institute University of Leeds.

Project Moonshot TF-MNM. Use cases Project Moonshot 2.

Open Cloud Sunil Kumar Balaganchi Thammaiah Internet and Web Systems 2, Spring 2012 Department of Computer Science University of Massachusetts Lowell.

FIM-ig Federated Identity Management Interest Group.

“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

3 Cloud Computing.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

An Introduction to Progress Arcade ™ June 12, 2013 Rob Straight Senior Manager, OpenEdge Product Management.

Windows NT ® Single Sign On Cross Platform Applications (Part II) John Brezak Program Manager Windows NT Security Microsoft Corporation.

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

Introduction Moonshot workshop

Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

CRM in Education: Raising Standards. Saving Time. Presented by: Daniel Petersen Director of Business Solutions Applied Tech.

| Copyright© 2011 Microsoft Corporation 1 journey to the cloud KOEN VAN TOLHUYZEN TSP OFFICE 365 MICROSOFT CORPORATION.

Cloud Strategy made Simple David G. Fletcher. 2 Hybrid Cloud Approach Utah is building a private cloud to provision services from its virtualized infrastructure.

Internet2 AdvCollab Apps 1 Access Grid Vision To create virtual spaces where distributed people can work together. Challenges:

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

Image © Viatour Luc ( Project Moonshot TNC 2010 Vilnius, 1 June 2010 Josh Howlett, JANET(UK)

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.

Introduction & use-cases FedAuth IETF78 Maastricht, July 27, 2010

NREN Trust and Identity Strategy Ann Harding, SWITCH Cambridge July 2014.

IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

Moonshot-enabled Federated Access to Cloud Infrastructure Terena Networking Conference, Reykjavik. May 2012 David Orrell, Eduserv.

Case Studies in Federated Identity Management for Research Communities Ann Harding, SWITCH/GN3plus Peter Gietz, DAASI International GmbH/DARIAH Tommi Nyro.

Connect communicate collaborate Case Studies in Federated Identity Management for Research Communities Ann Harding, SWITCH/GN3plus Peter Gietz, DAASI International.

ZIMBRA ROADMAP. Contains proprietary and confidential information owned by Synacor, Inc. © / 2015 Synacor, Inc. Deliver an advanced, feature rich collaboration.

Project Moonshot Daniel Kouřil EGI Technical Forum

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

Non Web-based Identity Federations - Moonshot Daniel Kouril, Michal Prochazka, Marcel Poul ISGC 2015.

The Umbrella Project Authentication The minimum user information possible is stored centrally to avoid Data Protection issues. The Authentication is done.

CLASSe PROJECT: IMPROVING SSO IN THE CLOUD Alejandro Pérez Rafael Marín Gabriel López

Federated Access to Storage EGI CF 2012 Luke Howard, Daniel Kouril, Michal Prochazka.

Designing Cisco Data Center Unified Fabric

READ ME FIRST Use this template to create your Partner datasheet for Azure Stack Foundation. The intent is that this document can be saved to PDF and provided.

Deployment Planning Services

Data and Applications Security Developments and Directions

AAAI Pathfinder J Jensen, STFC 031 Oct,

European AFS & Kerberos Conference 2010

Marketplace & service catalog concepts, first design analysis

ESA Single Sign On (SSO) and Federated Identity Management

EGI Webinar - Introduction -

3 Cloud Computing.

BLACKVARD MANAGEMENT CONSULTING, LLC

Introduction to Portal for ArcGIS

WP6 – EOSC integration J-F. Perrin (ILL) 15th Jan 2019

Presentation transcript:

© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1

© Janet 2012 Background Project Moonshot 2

© Janet 2012 Why Janet? Trusted provider of mission-critical network services to the UK education & research community Expertise in developing and operating AAI Demand from both internal and external customers 3

© Janet 2012 Goals 4 Lower the barriers to business between our customers Reduce the cost to market for new services Drive down operational costs for both Janet and our customers

© Janet 2012 Vision To deliver a unified approach for securing access to any service or application – enabling new opportunities, business models and cost efficiencies. 5

© Janet 2012 Use cases Project Moonshot 6

© Janet 2012 Science & Technology Facilities Council Operates the UK’s National Grid Service X.509 authentication too complex for users Goal to simplify authentication across distributed computing Grids “We aim to streamline access services using Moonshot technology, which will take the burden of authentication out of the hands of our users.” Dr Peter Oliver, Group Leader, Science and Technology Facilities Council 7

© Janet 2012 Diamond Light Source The UK’s national synchrotron facility Piloting the use of Moonshot within the PANDATA project, which supports 30,000 scientists at more than 20 photon and neutron facilities “Moonshot has thought beyond websites, and looked at what is really required in authentication – right down to the point when you open your laptop to begin work.” Bill Pulford, Head of DASC, Diamond Light Source 8

© Janet 2012 Cancer Research UK Cancer Research UK is the world’s leading charity dedicated to beating cancer through research. The institutes form ad hoc relationships to collaborate for research purposes, but when the need arises to share data and documents, each institute can only authenticate within their own organisation. “Moonshot is a valuable enabler for Cancer Research across the UK. It will make collaboration systems easy to build internally so that we can quickly share large data sets between institutes, without complicating the management of that system.” Peter Maccallum, Head of IT & Scientific Computing, CRUK Cambridge Research Institute 9

© Janet 2012 Janet Brokerage Work with the community and suppliers to provide solutions based on IT as a service, facilitating the uptake of data centre, hosted and cloud services. –Create efficiencies and cost savings –Accelerate and improve services and add value –Reduce risk in adopting new services –Address technical and business questions –Create a competitive market based on sound technical platforms 10

© Janet 2012 Moonshot & Hosted Exchange PoC A number of Universities running student but not staff due to privacy issues Create a hosted Exchange with Moonshot components integrated –Creates an interesting usage model for suppliers and users –Sets an example to the two major cloud providers 11

© Janet 2012 Some key challenges Federated authentication for web and other applications Different deployment models: centralised, distributed & cloud (private, public & hybrid). Need to easily use different types of credentials Federated authentication to workstations, not just apps Massive scale – at least tens of millions of entities 12

© Janet 2012 Technology overview Project Moonshot 13

© Janet 2012 Underlying technologies Moonshot builds on the eduroam technologies –EAP (RFC 3748): strong mutual authentication –RADIUS (RFC 2865): federation between domains To this, Moonshot adds –SAML, for rich authorisation semantics –Application integration, using operating system security APIs SSPI: Windows GSS-API (RFC 2078): Other operating systems SASL (RFC 4422): Windows and other operating systems –This architecture is being standardised within the IETF Abfab working group 14

© Janet 2012 Architecture 15 SSH clientSSH serverRADIUS server (2) SSH negotiation(4) RADIUS (3) Authentication (1) Credentialing (5) Attributes (6) SSH session OpenSSH used as example of application; many others also apply

© Janet 2012 Deployment requirements Most HE organisations are nearly Moonshot-ready today RADIUS authentication server at user organisation –Any RADIUS product should support pre-production testing today Option to integrate RADIUS server with Shibboleth IdP Logical connection to national RADIUS infrastructure –Already implemented in most cases (shared with eduroam) Moonshot client and server plug-in –Linux: packaging available for Debian & RHEL; Scientific Linux soon –Windows: native support using prototype plugin –Mac: Packaging almost complete for Snow Leopard and Lion 16

© Janet 2012 Application integration Most modern applications use at least one of the security APIs supported by Moonshot Correctly written applications will ‘just work’ without modification or recompilation Less correctly written applications may require minor source modifications 17

© Janet 2012 PuTTY against OpenSSH 18

© Janet 2012 IE7 against Apache 19

© Janet 2012 Outlook 2010 against Exchange

© Janet 2012 Outlook 2010 against Exchange

© Janet 2012 Examples of other tested scenarios OpenSSH client  OpenSSH server (GSS) OpenLDAP client  OpenLDAP server (GSS) OpenLDAP client (GSS)  Windows Active Directory (SSPI) Firefox  Apache (GSS) Internet Explorer  IIS (SSPI) MyProxy client  MyProxy server (SASL) Adium  Jabberd (SASL) Console authentication using PAM on Linux (GSS) and SSPI on Windows 22

© Janet 2012 Technology pilot Project Moonshot 23

© Janet 2012 Janet Moonshot Technology Pilot Goals 1.To test the suitability of the Moonshot technology for deployment, focusing on e-Research use cases 1.To identity what further work is needed to support the wider community’s use of the technology 2.To plan, implement or support this additional work 24

© Janet 2012 Current status Pilot operating using Janet’s eduroam infrastructure Software ready for pre-production testing Production-quality environment due Q IETF standardisation approaching completion On-going discussions with OS and application vendors 25

© Janet 2012 Conclusions Next generation federation technology that meets the needs of advanced use cases Builds on widely deployed infrastructure (RADIUS & SAML) and operating system extensibility Cross-platform implementation ready for pre-production testing Correctly written applications ‘just work’ Architecture being standardised within IETF Janet will review progress of Technology Pilot in 2012 Q2, and consider a formal offering to its customers in the future 26

© Janet 2012 Q & A Project Moonshot 27