VO and Internet2 Middleware. Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges,

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
Ken Klingenstein Director, Internet2 Middleware and Security Current stuff.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Internet Scale Identity, Collaboration and Higher Education.
Leading in a new IT environment: Old saws and new technologies.
Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.
Widely Distributed Access Management Tom Barton University of Chicago.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
New CyberInfrastructure for Collaboration between Higher Ed and NIH.
Signet and Grouper for Distributed Attribute Administration
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Stuff Ken Klingenstein. Stuff sack InCommon Stuff Infocard, Open Id, etc… Federation soup Cormack slides on EU (and US) privacy International.
Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.
Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.
BfB: Supporting Collaboration with Infrastructure.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
GridShib Grid-Shibboleth Integration Von Welch, Tom Barton, Kate Keahey, Frank Siebenlist GlobusWORLD 2005.
Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.
Campus middleware in the service of Science Keith Hazelton Internet2 Middleware Architecture Committee for Education NSF Internet2 Day October 19, 2006.
Federated Identity: What It Brings to Open Government Dr Ken Klingenstein Director, Internet2 Middleware and Security.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.
COmanage and InCommon: Present and Future Activities and Interactions Heather Flanagan, COmanage Project Coordinator, Internet2.
Considering Community and Open Source Lois Brooks Stanford Terry Ryan UCLA A Decision Framework for Selecting.
A Role for Libraries in Helping Users Manage Collaboration.
Access Information Management Tom Barton University of Chicago.
Virtual organizations: Team Science, Team Shakespeare.
Grid Middleware Tutorial / Grid Technologies IntroSlide 1 /14 Grid Technologies Intro Ivan Degtyarenko ivan.degtyarenko dog csc dot fi CSC – The Finnish.
Taking Care of Our Core Business: Managing Collaborations Dr. Ken Klingenstein, Senior Director, Internet2 Middleware and Security.
Scared Straight… if you want to go outside… Authenticate Locally, Act Globally.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
GridShib Grid-Shibboleth Integration An Overview Von Welch
Running List: Comanage Stuff Framework – Services - Appliance.
Internet2 and Cyberinfrastructure Russ Hobby Program Manager,
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
~60 staff 1.Collaborators around the world 2.Supports communities of collaborators external to Internet2 3.Community uses wiki, mailing lists, instant.
Federated Identity in the Global Landscape. Presenter’s Name Topics Federated identity basics International deployments and issues National, local and.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
SMXL: Tailoring Technology to Collaboration. SMXL FAQ Is SMXL a new web scripting language? No, it is the art of tailoring IdM and access.
THE CAMPUS IDENTITY SYSTEM Lucy Lynch, NSRC. Learning Objectives Discovering the key role campus networks play in trusted identities for R&E Authoritative.
Collaboration and Federated Identity Two powerful forces being leveraged – the rise of federated identity – the bloom in collaboration tools, most particularly.
COmanage: Vision & Strategy July 2010, COmanage Dev Call.
I2/NMI Update: Signet, Grouper, & GridShib
The State of Federations
The Future of Indoor Plumbing
New CyberInfrastructure for Collaboration between Higher Ed and NIH
Topics The simple life The Simple Life GUI The full IdM life
Context, Gaps and Challenges
Overview and Development Plans
Guests and Collaborators
Virtual organizations: Team Science, Team Shakespeare
Signet & Privilege Management
Presentation transcript:

VO and Internet2 Middleware

Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges, diagnostics COManage Next steps

Presenter’s Name Motivations for Internet2 Middleware Create consistent campus middleware infrastructure Extend local identity into a federated community Improve use of collaboration tools Better couple research with education Allow a class to invoke some VO privileges Integrate research and administrative processes Deploy as infrastructure, not just develop

Presenter’s Name Connecting SoAs, Integrating with Existing Infrastructure

Presenter’s Name Federated identity Shibboleth and SAML created the concept of federated identity Local authentication and attributes leveraged globally Privacy preserving; scalable security Shibboleth 1.3 widely deployed; Shib 2.0 in beta; Shib embedded in products from Verisign, Sun, Oracle, MS, etc. In the corporate world, all “federations” are bilateral; in the public sector almost all are multilateral

Presenter’s Name InCommon US R&E Federation, a 501(c)3 Addresses legal, LOA, shared attributes, business proposition, etc issues Members are universities, service providers, government agencies Over 70 organizations and growing steadily; 1.3 million user base now, crossing 2 million by the end of the year Uses range from popular and academic content access to wiki and list controls to access NIH applications to … Almost all use is transparent to users (its middleware) but that is about to change

Presenter’s Name International R&E federations Substantial deployments in many countries, including UK, Norway, Switzerland, US, Australia, France, Denmark, Finland, Spain, Germany, Netherlands, etc. Most are Shib based; some use other SAML products. Scope of membership usually higher ed, but some are broader, e.g. UK, Spain, Netherlands Use cases range from content access to collaboration support to learning management systems to wireless roaming to… Peering federations give a global R&E trust fabric

Presenter’s Name Managing authority: Signet and Grouper Tools to manage privileges and groups Taken together, they can provide tools for the “static” part of the authorization problem – management of roles and privileges assigned to individuals (and other things) Newly released 1.0+ versions of both, with a combined interface International development community beginning to happen… Analysts are discovering privilege management, much as they “discovered” federated identity. Giving no credit to higher education for seeing a different problem…

Presenter’s Name Relative Roles of Signet & Grouper Grouper Signet RBAC (role-based access control) model Users are placed into groups (aka “roles”) Privileges are assigned to groups Groups can be arranged into hierarchies to effectively bestow privileges Grouper manages, well, groups Signet manages privileges Separates responsibilities for groups & privileges

Presenter’s Name Grouper Architecture

Presenter’s Name Privilege Elements by Example By authority of the UPCI IRB grantor UPCI Researchers grantee (group/role) who have an approved UPCI IRB protocol prerequisite can access de-identified data and order tissue function from the network of caTIES participants scope for Study HD7687 resource up to 100 patients limit until January 1, 2006 as long as approved for material transfer… conditions Privilege Lifecycle

Presenter’s Name A Bloom of Collaboration Tools An over-abundance of new tools that provide rich and growing collaboration capabilities (aka Web 2.0) Do you Wiki, blog, moodle, sakai, IM, Chat, videoconference, audioconference, calendar, flikr, netmeeting, access grid, dimdim, listserv, webdav, etc Share files among workgroups, access Elsevier, work with the IEEE, etc No uber-app – limits invention and community of users is fine, but many per user is hard to manage

Presenter’s Name Collaboration Tools and Identity Management Required for effective interactions Deeply enriches collaboration tools Fine-grain access control and wikis spaces.internet2.edu, “member of the community” processes Transparently shared file stores Collaboratively visible calendaring Embedded VO IM channels in campus portals

Presenter’s Name Collaboration Management Platforms Management of collaboration a real impediment to collaboration, particularly with the growing variety of tools Goal is to develop a “platform” for handling the identity management aspects of many different collaboration tools Platform includes a framework and model, specific running code that implements the model, and applications that take advantage of the model This space presents possibilities of improving the overall unified UI as well as UI for specific applications and components.

Presenter’s Name Comanage Leverages federated identity and the attribute ecosystem heavily Uses Grouper to manage groups and Signet to manage privileges, Eddy for diagnostics Built completely on open protocols, using open source components Open and proprietary applications can be plumbed to work with it

Presenter’s Name Comanageable applications Already done Sympa, Federated wikis, Asterisk (open- source IP audioconferencing), Dim-Dim (open-source web meeting), Bedeworks federated and public calendars Immediate targets Rich access controlled wikis Web-based file shares

Presenter’s Name CMP dimensions of growth In the applications that can be driven by it Collaboration and domain science prime areas Largely a function of the application’s respect for middleware In the areas being managed Diagnostics? Others? In the identities being managed In the coupling of autonomous and diverse instances Deployment instances may be at many layers of organization and shift as it matures Underlying stores may be db, directory, or other

Presenter’s Name NSF Grant Two previous multi-year awards lead to Shibboleth, Grouper, Signet, Eddy New SDCI grant (awarded 10/1/07) supports product improvements and develop collaboration management platforms Commits to working with two VO’s to evaluate the software (Note: budget cuts and domain science…)

Presenter’s Name Lots of COManage deployment options Platform at Stanford Deploy on LIGO servers Deploy on campus servers Instances can communicate with each other

Presenter’s Name Two types of application enablement “well-behaved” apps draw their entitlements, attributes and roles from a directory or db or… (something external) Other apps can have information from COManage pushed into them Static or dynamic provisioning Connectors could be X.509 certs, SAML assertions, etc.

Presenter’s Name First questions Is there work to do together? Do time frames work? Co-reality check Relationship to VOMS

Presenter’s Name Next steps

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.