June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

CHAPTER OBJECTIVE: NORMALIZATION THE SNOWFLAKE SCHEMA.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.

Database Systems: Design, Implementation, and Management Tenth Edition

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Chapter 1 Introduction to Databases

Chapter 7: The Object-Oriented Approach to Requirements

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

RMsis – v Simplify Requirement Management for JIRA

FIM-ig Federated Identity Management Interest Group.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

SWITCHaai Team Federated Identity Management.

Implications for UK infrastructure No more dependency on the VERY LARGE centralised database of Athens Need for implementation of a national WAYF service.

Mary Beth Schell Adam Dodd NC AHEC Digital Library National AHEC: Wednesday June 23, 2010 Using Social Networking Tools to Support Graduate Medical Education:

GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch

Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.

Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.

New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.

Shibboleth Possible Features – Version 2 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Module 7 Active Directory and Account Management.

David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.

One Platform, Two Stories. Willamette University Oregon State University.

David Kennedy, UMD Shibboleth and Library Resources Internet2 Library/Shibboleth Project.

Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV)

Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.

Reorientation for Moodle 2 Staff Guide. File Repositories With Moodle 2’s file repository system: Duplicate files are only stored once, saving disk space.

Shibboleth Update Advanced CAMP 7/31/02 RL “Bob” Morgan, Washington Steven Carmody, Brown Scott Cantor, Ohio State Marlena Erdos, IBM/Tivoli Michael Gettes,

Consortial Uses of an ERMS Tommy Keswick SCELC ALCTS ERIG Meeting ALA 2008 Annual Conference Anaheim, California June 28, 2008.

DataBase Management System What is DBMS Purpose of DBMS Data Abstraction Data Definition Language Data Manipulation Language Data Models Data Keys Relationships.

Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.

Shibboleth Access Management System Walter Hoehn & David Millman, Columbia University.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

RefWorks Lunch & Learn University of Wisconsin-Madison RefWorks Outreach ALA ~ June 29, 2008.

Rational Unified Process Fundamentals Module 7: Process for e-Business Development Rational Unified Process Fundamentals Module 7: Process for e-Business.

8th Sakai Conference4-7 December 2007 Newport Beach Integration: Users and Groups Mark J. Norton Nolaria Consulting.

Federations and Higher Education. Topics  Federations: What they may be and where they may fit The theory The practice: first instantiations –Ice9: Shibboleth.

1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.

New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

CDL’s Metasearch Infrastructure ICOLC, Boston April 13, 2005 Laine Farley, Director Digital Library Services.

Mairéad Martin The University of Tennessee December 16, 2015 Federated Digital Rights Management.

NSDL & Access Management David Millman Columbia University Jan ‘02.

Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.

Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.

Holly Eggleston, UCSD Beyond the IP Address: Shibboleth and Electronic Resources InCommon Library/Shibboleth Project.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

Exploring Access to External Content Providers with Digital Certificates University of Chicago Team Charles Blair James Mouw.

Georgia Fujikawa and Bob McQuillan Electronic Resource Management: Getting a Running Start on Your Implementation May , 2009.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

Shibboleth for Middle Schools James Burger -

What problems are we trying to solve? Hannes Tschofenig.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Introduction: Databases and Database Systems Lecture # 1 June 19,2012 National University of Computer and Emerging Sciences.

Software sales at U Waterloo Successfully moved software sales online Handle purchases from university accounts Integrated with our Active Directory and.

1 What Do You Find in Verde? Largest KnowledgeBase in the market Focal point for e-resource management in library Trials and evaluations Lifecycle workflows.

Power BI Security Best Practices

Michael R Gettes, Duke University On behalf of the shib project team

Overview and Development Plans

Federated Digital Rights Management

Metadata in the modernization of statistical production at Statistics Canada Carmen Greenough June 2, 2014.

JSTOR as a Shibboleth Target

Supporting Institutions Towards a Shibbolized Infrastructure

Presentation transcript:

June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn

June 30, 2004CAMP Shibboleth Implementation Workshop Agenda Requirements from Focus Group Scenarios Goals - what problem are we trying to solve? Model Discussion

June 30, 2004CAMP Shibboleth Implementation Workshop Requirements from Focus Group Accommodate difference between campus community vs library user community (III system) Gracefully handle changing definitions of users (can change over time and affect contracts and how they're negotiated). Concern about relationship between shib + provisioning Ability to delegate authority to manage attribute release policies for various groups. Managing licenses is a different role from managing Shibboleth ARPs

June 30, 2004CAMP Shibboleth Implementation Workshop Requirements from Focus Group Relationship between Shibboleth and external electronic resource management (ERM) database systems, system resource management modules (eg III, Ex Libris Metalib) Share Shibboleth integration specifications with vendors (III was mentioned specifically) GUI should support profiles that can be copied from one resource to another so they don't have to be set up individually each time. Standardization, global licensing requirements to simplify the management process for the vendor, and the Reference Librarian

June 30, 2004CAMP Shibboleth Implementation Workshop Requirements from Focus Group Track resource availability. Reflect distinction between the user management and license management parts (user management is external) Vendors want to implement level of service models, where releasing more information about a user provides a higher level of service.

June 30, 2004CAMP Shibboleth Implementation Workshop Scenarios - Simple A new content provider is licensed for the campus community A new content provider is licensed for a restricted community, such as a medical center, law school A new content provider is licensed for students in a particular course. A campus might have two different ARPs for the same service, enabling different service levels for different user communities

June 30, 2004CAMP Shibboleth Implementation Workshop Scenarios - Complex Instances of research centers affiliated with a campus where any staff member that is not on the faculty should be allowed access to resources Professors may teach at multiple campuses and determining their home campus for access rights should be possible There is some per use or per connection charge agreements ala OCLC.

June 30, 2004CAMP Shibboleth Implementation Workshop Goals - what problem are we trying to solve? Provide a tool for a small community of Sysadmins and Reference Librarians to manage Attribute Release Policies Maintain distinction between the user management tools and license management Simplify the process for creating ARPs (reduce the amount of data entry required) Make it very difficult to release wrong/extra attributes (try to isolate the admin from the underlying mechanics, and instead present the information "in their framework")

June 30, 2004CAMP Shibboleth Implementation Workshop Goals - what problem are we trying to solve? Allow ad-hoc sites to entered (hand entered data) Provide a debugging mode (ie when Jane Doe accesses target X, what should be released, and what is being released) We're still learning about how the more complicated agreements are structured, and exploring how to use attributes obtained from directories to represent them

June 30, 2004CAMP Shibboleth Implementation Workshop Goals - “out of scope” Providing a tool to maintain directory attributes Access control for managing ARPs (in v1, you can create, I can delete) Defining the relation to an external electronic resource management (ERM) database system, or external library system resource management module Shib is unrelated to tracking resource availability Shib is unrelated to limiting the number of concurrent users

June 30, 2004CAMP Shibboleth Implementation Workshop Model No fine-grained access control on editing ARPs People/roles create/manage ARPs; these are considered "owners"; this is the primary organizing factor used by the GUI The directory can be used (in a variety of ways) to determine "membership" in various communities

June 30, 2004CAMP Shibboleth Implementation Workshop Model ARP creation driven off federation metadata (to find targets) Service level model Targets provide service templates, which contain service levels, and required attributes

June 30, 2004CAMP Shibboleth Implementation Workshop GUI Mockup Usability testing ity Mockup ps/

June 30, 2004CAMP Shibboleth Implementation Workshop Questions for the audience..... General feedback Scope, how we've conceptualized Specifying communities, what to release..... –Specify that the ARP applies to a narrow group, and then release a generic attribute (campus does access control) –Specify that the ARP applies to the entire campus community, provision the eligible community with a unique attribute value, and then release that value. –Agree beforehand with the target, and release attribute values that define eligibility for the service (eg Dept = Med School, affiliation=faculty).