TERENA TF-EMC2 15 feb 2011 Dyonisius Visser

Slides:

Advertisements

Similar presentations

Grouper Training End Users Lite UI – External Users

Advertisements

EIFL Thursday, December 15 th, 2011 Brook Schofield Project Development Officer Slide 1.

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)

Europe Latin America Collaborative e ‑ Infrastructure for Research Activities A Model for Federated Services Brook Schofield, TERENA ● Sofia, Bulgaria.

Making LinkedIn Work For Exclusive Networks. The Principals behind LinkedIn The theory is that we are all connected to each other through who we know,

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

WSO2 Identity Server Road Map

By: Ansuya Chauhan.

17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

TERENA EUROCamp 2010 Dyonisius Visser

GRDevDay March 21, 2015 Cloud-based Identity for Applications.

©2012 Microsoft Corporation. All rights reserved..

Remote Assistance  Using this program you can allow someone to work on your computer, chat with you and view your screen with your permission  The other.

18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.

AAI with simpleSAMLphp

GakuNin Registration System Motonori Nakamura, NII Japan APAN33 rd Meeting (16 Feb. 2012)

TEIN Shibboleth Training Course Introduction to SAML/Shibboleth at ComLabs USDI ITB, (updated version)

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

TERENA Updates TF-EMC2 Meeting Bologna 7-8 Nov 2011 Licia Florio

ELCIRA WP5 Architectural design for services integration.

Supporting Are we ready? REFEDS, Oct 2013 Ann Harding

Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.

Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

SURFfederatie & SURFconext Federated identity system for scientific collaborations 9-10 June 2011 CERN Remco Poortinga – van Wijnen*, SURFnet

Connect. Communicate. Collaborate Place organisation and project logos in this area AAIEye – A Monitoring Tool For AAI’s Mika Suvanto, CSC TNC 2008, Bruges.

Kalmar Union lessons: Findings in federation harmonisation REFEDS Mikael Linden, CSC.

Géant-TrustBroker project overview Slides assembled by the Géant-TrustBroker team at Leibniz Supercomputing Centre, Germany for a short presentation by.

Shibboleth at the U of M Christopher A. Bongaarts net-people March 10, 2011.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop.

Federations, the Data Protection Directive and WP29 TF-EMC2 Mikael Linden, CSC, the Finnish IT Center for Science.

Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Federating non-web services with LDAP-Façade

Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014.

Adxstudio Portals Training

Diego R. Lopez, RedIRIS TF-EMC2, Umea SIR, FedSSH and more to come…

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.

Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013.

Understanding deployment issues on the Supply Chain Ann Harding, SWITCH, Nicole Harris, TERENA Cambridge July 2014.

Identities and Azure AD Premium

REFEDs Wiki A test-bed for cross-federation practices ? Firstname Lastname Job title

TNC2014 Service Delivery NREN style: Using OpenConext to build service delivery platforms Neil Witheridge AARnet Carl Vincent Jisc Netskills 20 May 2014TNC.

Connect. Communicate. Collaborate Applying eduGAIN to network operations The perfSONAR case Diego R. Lopez (RedIRIS) Maurizio Molina (DANTE)

How eduGAIN can help education: a real life story Sabita Behari Product Manager TNC14.

Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.

Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.

Access Policy - Federation March 23, 2016

The EGI AAI “CheckIn” Service

Applying eduGAIN to network operations The perfSONAR case

Cross-sector and user-centric AAI

EuroCAMP Authentication (AuthN)

EGI Updates Check-in Matthew Viljoen – EGI Foundation

Federation made simple

eduTEAMS platform for collaboration Niels Van Dijk

CheckIn: the AAI platform for EGI

Check-in Nicolas Liampotis

AARC2 JRA1 Nicolas Liampotis

GÉANT 4-2 JRA3 T1 and T2 Federations and Campus (CaFe) e-Infrastructures and Service Providers (RASP) Daniela Pöhn JRA3 T1 LRZ/DFN-AAI Technology Exchange.

AARC Blueprint Architecture and Pilots

EuroCAMP Authentication (AuthN)

TERENA EUROCamp 2010 Dyonisius Visser

Community AAI with Check-In

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

TERENA TF-EMC2 15 feb 2011 Dyonisius Visser

Slide 2 Where it all started ›REFEDS Wiki ›Dog food ›MediaWiki + SimpleSAMLphpAuth ›One SP ›Accumulated ~ 20 bilateral IdPs

AuthZ – sort of Slide 3 ›You’re in, if your IdP sends eduPersonEntitlement= ‘urn:mace:rediris.es:entitlement:wiki:tfemc2’

Next SP comes along ›TACAR ›Will need to contact several IdPs again to exchange metadata  ›3 rd SP ›4 th SP etc etc Slide 4

Too many IdP-SP combinations ›Difficult to manage: Slide 5

New approach: proxy ›Create one SP to connect as many IdPs as … ›“Hide” all our other SPs behind that ›SPs can all have one statically configured IdP ›So no need to have a disco on each SP ›External IdPs only do business with a single TERENA SP Slide 6

Slide 7

WordPress etc FileSender CORETACAR Sympa Event reg My.terena.org LinkedIn Yahoo Google Slide 8 OpenID Twitter MySpace † Windows Live SimpleSAMLphp Secretariat IdP LDAP Refeds wiki Confluence SimpleSAMLphp SP Proxy SimpleSAMLphp Bridge Guest IdPs… eduGAIN 3 more federations 15 more bilaterals… SURFfed ??????? IdP SP

?????? = Globally unique ID ›Generate globally unique identifier for ALL users that could possibly come in ›Pick first available attr name+value from: ›eduPersonTargetedID ›eduPersonPRincipalName ›Openid/Twitter/FB/Myspace/windowslive/linkedin ›Append !IdP ›Result + demo: ›(PG table) Slide 9

Pre-login user provisioning ›Invitation system (demo) Slide 10

TO Do ›Central user repository (LDAP/SQL) ›Central group repository (DIY/Grouper/SURF/?) ›Profile page to manage your data (SWICTH’s javascript side bar/?) ›Account linking (Login4life,David? ) ›Consent dialog upon first login ›-> Cherry pickin’ from community Slide 11

Automated IdP checks? Slide 12 All configured IdPs IdPS that have our metadata IdPs that have our metadata and that send usable attrs

Issues encountered ›Changing your SP metadata at remote parties takes a long time ›So don’t start with 1K keys ›Non-federated users – guest accounts? ›Too many guest options now Slide 13