GakuNin Registration System Motonori Nakamura, NII Japan APAN33 rd Meeting (16 Feb. 2012)

Slides:

Advertisements

Similar presentations

eduroam Delegate Authentication System with Shibboleth SSO

Advertisements

Grouper Training End Users Lite UI – External Users

HelpDesk OSP Presentation HelpDesk OSP converts s into SharePoint list items HelpDesk OSP creates SharePoint list items from Outlook HelpDesk OSP.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Innovation through participation eduGAIN federation operator training Operations Team, OT, how to join eduGAIN /18 Valter Nordh, NORDUnet / GU.

SeeYou LBS Location Solution For SOHO, Friends & Family.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

Update of Japanese Academic Access Management Federation GakuNin in 2011 Nakamura, M, Yamaji, K.

Introduction to Identity Management Federation Kazu Yamaji, National Institute of Informatics, Japan.

UL Workshop April 28th 2011 Diploma Supplement: Practice at UL and completing the Supplement.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

The Best Zoo Web Programming money can't buy. That's right. You can't buy web programming like this. That's why we're giving it away for free!!!

Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,

MAGNET ™ Sales Manual Storage Assets Real-Time Networks Projects

AIM Roadmap Service Provider Seminar David Orrell Senior Architect October 2010.

SAG INFOTECH PVT. LTD Bulk Contact Detail Portal SOFT SOLUTION FOR THOSE WHO CAN”T AFFORD TO MAKE ERROR.

Internet Banking Standard and Standard-Hybrid Registration Intuit Financial Services University Internet Banking Certification Training.

SWITCHaai Team Federated Identity Management.

Cancún - Mexico, Andrea Biancini Towards a Federation as a Service From IdP in the Cloud project to FaaS.

Administration Tab CiviCRM. Data Organization in CiviCRM: "Building Blocks" Contacts Reports Mail Tags Activities Contribe Member Events and Event Attendences.

SPS Donate Now VT. Donate Now Test Account Please use the following test account when you are conducting a demo of the Donate Now VT with your merchant:

SAHAJAYOGA. Objectives of the website  To provide a single online nationwide reference for reporting and viewing of all Sahaja Public programs by all.

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)

Integrating with UCSF’s Shibboleth system

TEIN Shibboleth Training Course Introduction to SAML/Shibboleth at ComLabs USDI ITB, (updated version)

Presentation Software as a Service Applications Software-as-a-Service Partner Enablement Program Enabling ‘Software as a Service’

RemoteNet Presented By The Systems House, Inc.. Enhancements Order by multiple selling units of measureOrder by multiple selling units of measure Web.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Networks ∙ Services ∙ People David Groep TCS TNC2015 Workshop TCS SAML demo background June 16, 2015 TCS PMA.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

FGDC and GOS Metadata: Foundations to Build the NSDI Sharon Shin FGDC Secretariat / Geospatial One-Stop.

CBEO Portal Presentation 2/6/2008, 4:30pm EST SDSC Or link from

3 rd Party Registration & Account Management SMT Update To AMWG April 28, 2014.

7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.

Endeavor Information Systems, Inc. Endeavor.

Technical Break-out group What are the biggest issues form past projects – need for education about standards and technologies to get everyone on the same.

KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: Jan. 8, 2007.

Géant-TrustBroker project overview Slides assembled by the Géant-TrustBroker team at Leibniz Supercomputing Centre, Germany for a short presentation by.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

How to Request for “Patseer Patent Database” Password Gujarat Technological University.

Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop.

Federation as a Service Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.

Setting Up TGO User Accounts. Creating User Accounts for Other Users If your company has other users who need to use the Active Orders system, your company’s.

Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014.

Payroll Management System

National Workshop on ANSN Capacity Building IT modules OAP, Thailand 25 th – 27 th June 2013 KUNJEER Sameer B Pool of experts database and further enhancements.

Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.

INFORMATION DEPLOYED. SOLUTIONS ADVANCED. MISSIONS ACCOMPLISHED. Procurement Desktop Defense (PD²) and the New System for Award Management (SAM) SPS Spotlight.

CACI Proprietary Information | Date 1 PD² v4.2 Increment 2 SR13 and FPDS Engine v3.5 Database Upgrade Name: Semarria Rosemond Title: Systems Analyst, Lead.

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

WP 5.5 Citizen lifecycle pilot – Education Live since February 1! 1.

Right to Work in the UK Make a note of this website:-

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

Géant-TrustBroker Dynamic inter-federation identity management Daniela Pöhn TNC2014 Dublin, Ireland May 19 th, 2014.

CLINIC-LAB COMMUNICATION Configuring 3Shape Communicate™

Here you can find an overview of important steps in creating and administering a parking agreement for staff, students, service cars, etc. Registration.

Analyn Policarpio Andrew Jazon Gupaal

UVOS and VOMS differences

Géant-TrustBroker Dynamic inter-federation identity management

Scalability of trust and metadata exchange across federations

GakuNin: Federated Identity Management Activities in Japan

Tweaking the Certificate Lifecycle for the UK eScience CA

Identity Federations - Installation and operation

Development roadmap of Suomi.fi-services

INTEGRATIONS WITH Single Sign-On

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

GakuNin Registration System Motonori Nakamura, NII Japan APAN33 rd Meeting (16 Feb. 2012)

1. Accept applications from organizations (Universities / service providers)  Check descriptions in application forms 2. Register the organization to federation metadata, and distribute it to DS/IdPs/SPs 3. Further support for IdP / SP operation to reduce operation cost / improve usefulness

 developed and provided to GakuNin subscribers since Feb (for “production federation”)  Since June 2011 for “test federation”  Most of process is done online  only mailing a copy with signature/stamp is required for production federation.

 Verification of each item in an application form  Organization  does satisfy bylaws of GakuNin?  entityID  Validness of server certificate  DN (Distinguished Name)  Expiration date  Which CA the certificate is signed by?  We require public certificate basically.  Position of responsible person  Contact address

 Automatic generation of entity metadata according to an application for IdP/SP  Marge the entity metadata into the federation metadata  The registration system also supports:  Periodical re-signing of federation metadata  “validUntil” is enabled, and valid for 2 weeks  Re-signing is done at interval of a week  Update of certificate for IdPs / SPs  Two certificates should be used at a time in transition period for seamless access

 Reducing operation cost of IdPs/SPs  Improvement of Embedded-DS feature  Integrated administrative information exchange among IdPs / SPs

 Generation of SP entity metadata which includes information about required attributes  “isRequired” of “RequestedAttribute” in the metadata

 Maintenance free configuration of IdP to send required attributes by each SPs using uApprove.jp  uApprove.jp is required for observance of personal information protection laws  uApprove.jp shows and sends only attributes required by the SP and approved by the user by:  Automatic generation of “attribute-filter.xml” for an IdP to use selected SPs. (2Q 2012)  Most of IdP organizations want to control list of accessible SP by members of the organization

 Display only IdPs which allow/allowed to use the SP  e.g: services which requires p2p (IdP-SP) contract  Suppress an IdP in the listing on DS (Discovery Service) in case the IdP does not allow access to the SP to avoid confusion of users (My IdP is on the list. But I can not use. Why??)

 Imagine:  An IdP may be stopped accidentally or by maintenance.  When a user, belongs the organization of the IdP, visits an SP is failed to login, He may send complaint to SP administrators.  A solution for this miscommunication  a sort of integrated system may be useful so that administrators/users can see what is the problem at that time.  The GakuNin registration system will have such integrated announcement feature.

 GakuNin Registration System is constructed  Initially for reducing operation cost of GakuNin secretariat.  It also reduces maintenance cost of IdPs by providing automatic configuration features.  by combination with uApprove.jp  Useful to develop easy IdP hosting service to accelerate increase number of IdPs  It also provides convenience and avoidance of confusion for users by cooperation with SPs using Embedded-DS  It also provides integrated information exchange channel among IdPs and SPs (planned)