A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.

Slides:

Advertisements

Similar presentations

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

Advertisements

Managing Roles & Privileges with Grouper and Signet Middleware Nate Klingenstein (some words stolen from Tom Barton & Lynn Mcrae) Helsinki EuroCAMP, April.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Peter Deutsch Director, I&IT Systems July 12, 2005

1 Directory related work in the Global Grid Forum 3rd TF-LSD Meeting in Antalya Peter Gietz

Widely Distributed Access Management Tom Barton University of Chicago.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

Call for Participation: Authority Systems and Tools Ken Klingenstein Director, Internet2 Middleware and Security.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

NMI-EDIT Outreach: The first five years. Topics for Today  NMI-EDIT background  Activities  Outcomes  Resources.

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Microsoft Confidential - Signed NDA Required Windows Azure Executive Vision and Roadmap NAME TITLE Microsoft Corporation.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

BfB: Supporting Collaboration with Infrastructure.

I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.

Maturation & Convergence in Authentication & Authorization Services in US Higher Education: Keith Hazelton, Sr. IT Architect, University.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

Gee, I could have had a VO: Cloud- based COmanage Chris Hubing and Jim Leous.

1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!

Integrated Financial Applications using Intuit’s PaaS Solution George Chiramattel, Intuit.

VO and Internet2 Middleware. Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges,

Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.

1 Emergency Alerts as RSS Feeds with Interdomain Authorization Filippo Gioachin 1, Ravinder Shankesi 1, Michael J. May 1,2, Carl A. Gunter 1, Wook Shin.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

Running List of Comanage Framework Stuff. Parked issues Discussion of how to share the work of domesticating apps - real important to do soon, but the.

Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.

COmanage and InCommon: Present and Future Activities and Interactions Heather Flanagan, COmanage Project Coordinator, Internet2.

Shibboleth at Columbia Update David Millman R&D July ’05

Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.

Identity and Access Management Siddharth Karnik. Identity Management -> Oracle Identity Management is a product set that allows enterprises to manage.

NMI End-to-End Diagnostic Advisory Group BoF Fall 2003 Internet2 Member Meeting.

Taking Care of Our Core Business: Managing Collaborations Dr. Ken Klingenstein, Senior Director, Internet2 Middleware and Security.

US of A and A Activities Ken Klingenstein, Director Internet2 Middleware Initiative.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Middleware Futures Internet2 Member Meeting Arlington VA, April 2006 RL “Bob” Morgan, University of Washington and Internet2.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

Running List: Comanage Stuff Framework – Services - Appliance.

Internet2 and Cyberinfrastructure Russ Hobby Program Manager,

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Windows SharePoint Services. Overview Windows SharePoint Services (WSS) Information Worker Infrastructure component delivered in Windows Server 2003 Enables.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

~60 staff 1.Collaborators around the world 2.Supports communities of collaborators external to Internet2 3.Community uses wiki, mailing lists, instant.

Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.

Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

© Copyright AARNet Pty Ltd PRAGMA Update & some personal observations James Sankar Network Engineer - Middleware.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

CAMP Shibboleth: Next Steps Steve Carmody, Brown University Ann West, Educause/Internet2/Michigan Tech.

1 Copyright © 2012 Tata Consultancy Services Limited Windchill Architecture.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney

Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.

Collaboration and Federated Identity Two powerful forces being leveraged – the rise of federated identity – the bloom in collaboration tools, most particularly.

COmanage: Vision & Strategy July 2010, COmanage Dev Call.

LIGO Identity and Access Management

Introducing Access Management

I2/NMI Update: Signet, Grouper, & GridShib

Campus Middleware Issues

Guests and Collaborators

Microsoft Virtual Academy

Presentation transcript:

A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network to application Michael R Gettes Internet2 August 2007 An interpretation of the original MACE mission

VO?

Inter-Enterprise Workgroup Collaborations not sexy

or C ollaborative O rganizations CO

Identity Groups Privileges Federated Access

and … Applications

Give COntrol To COmmunity Members

Integrate with Existing COmmon IT Infrastructures in Higher Education

Flexible Scalable Modular

COmponents S H I B B O L E T H LDAP-PC Signet Grouper LDAP Directory Identity Mgr Applications & Network COCO

stop talking start walking demo COmanage.internet2.edu

COmponents S H I B B O L E T H LDAP-PC Signet Grouper LDAP Directory Identity Mgr Applications & Network COCO

Comanage … is only a demonstration of the CO model a CO fits within a service delivery presentation

Stuff stored in Directories (everybody has one) Priv/Group data more accessible Allows for easy CO integration

Application Management App Access to data is managed by LDAP (initially) Identity data can be distributed by any desired mechanism in the future. SQL databases, feeds, message bus technologies.

Uses Shibboleth Federating technology Promotes InCOmmon Federation Might use other technologies OpenID?

Truth be told… LDAP-PC Large-Scale Performance and namespaces SIGNET Minor UI and Deployment GROUPER Some UI and Large-scale Performance SIGNET only immediate concern

Many COs on a single server ________ No local identity issued for external users to access CO services big win!

Signet/Grouper COmplexity A Service Opportunity? Middleware Service Provider (MSP) May also be locally deployed by HE institutions

Future… Protect CO by IdP can solve “IEEE problem”? Begin addressing issues of “attribute eCOnomy”

Network Layer? Why not? Integrate with Grids? Why not? Addresses VO scenarios? Why not?

V O VO? CO

done Talk amongst yourselves