High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

Solving the Middleware Puzzle Ton Verschuren - SURFnet JISC – SURF – Internet2 workshop Oxford, September 19-20, 2002.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.
Lecture 23 Internet Authentication Applications
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
ICDL 2004, New Delhi1 Access Management for Digital Libraries in a well-connected World John Paschoud SECURe Project London School of Economics Library.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Do you like to puzzle? …build an AA Infrastructure! DELAMAN Access Group Workshop November, 30th, 2004 xxx.
The EC PERMIS Project David Chadwick
Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
A-Select: Hitchhiking in authentication space Ton Verschuren Innovation Management – SURFnet – NL TERENA TF-AACE workshop, Stockholm,
Federated A(A(A))I Jens Jensen hepsysman, RAL,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
Donkey Project Technologies and Target applications March 6, 2003, Vrije Universiteit Yuri Demchenko.
Developments and challenges in authentication and authorisation Klaas Wierenga Berlin, 23 May 2006.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.
Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.
High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
EMI INFSO-RI AAI in EEF Projects John White (Helsinki University) EMI Security Area Leader.
Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
World Domination in AuthN space Starting in the Netherlands… TF-AACE workshop, Malaga, November 2003 Ton Verschuren SURFnet.
OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland
Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Connect. Communicate. Collaborate AAI scenario: How AutoBAHN system will use the eduGAIN federation for Authentication and Authorization Simon Muyal,
Shibboleth Akylbek Zhumabayev September Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.
Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.
Identity Management and Enterprise Single Sign-On (ESSO)
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Deploying Authorization Mechanisms for Federated Services in eduroam Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007.
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
Programme ›TERENA ›Overview of the middleware initiatives in the European Higher Education ›What is eduroam: the technology and how to set up eduroam ›eduroam-in-a-box:
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Supporting education and research Access Management: the Campus Issues Alan Robiette, JISC Development Group.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
Project Moonshot Daniel Kouřil EGI Technical Forum
The FederID project The First Identity Management and Federation Free Software.
Federation made simple
HMA Identity Management Status
Data and Applications Security Developments and Directions
e-Infrastructure Workshop 28th March 2006, University of Leeds
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Open Source Web Initial Sign-On Packages
Presentation transcript:

High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005

High-quality Internet for higher education and research Presentation outline Drivers for an AAI; The pieces of the AAI-puzzle; –network and application access, login, authentication, authorisation, identity management; Assessments of some AA systems ; Federations; Standards; Developments;

High-quality Internet for higher education and research Why AAI? Network mobility

High-quality Internet for higher education and research Why AAI? Educational mobility

High-quality Internet for higher education and research Why AAI? Personalised service provisioning

High-quality Internet for higher education and research Why AAI? Reduce the digital key ring X X X

High-quality Internet for higher education and research Login (web)Application Administration Authorisation Network Authentication Ingredients of an AAI

High-quality Internet for higher education and research Network access: RADIUS infrastructure Organisational RADIUS Server B Organisational RADIUS Server B Organisational RADIUS Server C Organisational RADIUS Server C National RADIUS Proxy Server National RADIUS Proxy Server National RADIUS Proxy Server National RADIUS Proxy Server European RADIUS Proxy Server European RADIUS Proxy Server European RADIUS Proxy Server European RADIUS Proxy Server Organisational RADIUS Server A Organisational RADIUS Server A network

High-quality Internet for higher education and research Network access: User-controlled light path provisioning Application AAA Broker SURFnet6 Applications Broker NetherLight Application Broker OMNInet Applications Broker Starlight Services AAA UDDI/ WSIL A-Select token network

High-quality Internet for higher education and research applications Application access: centralise intelligence

High-quality Internet for higher education and research applications Application access: centralise intelligence

High-quality Internet for higher education and research Login server: intermediary between application and AA: provide SSO login

High-quality Internet for higher education and research Authentication: choose your own method (and strength) IP address Username / password –LDAP / Active Directory –RADIUS –SQL Passfaces PKI certificate OTP through SMS OTP through internet banking Tokens (SecurID, Vasco, …) Biometrics … authentication

High-quality Internet for higher education and research Authentication: solutions for web environments Web Initial Sign-on (WebISO) –A-Select, SURFnetA-Select, SURFnet –CAS, YaleCAS, Yale –Cosign, MichiganCosign, Michigan –Distauth, UC DavisDistauth, UC Davis –eIdentity Web Authentication, Colorado StateeIdentity Web Authentication, Colorado State –PAPI, RedIRISPAPI, RedIRIS –PubcookiePubcookie –Web AuthN/AuthZ, Michigan TechWeb AuthN/AuthZ, Michigan Tech –WebAuth, StanfordWebAuth, Stanford –... Etcetera... authentication

High-quality Internet for higher education and research Authorisation: Policy engines authorisation

High-quality Internet for higher education and research Authorisation: Policy engines: f.e. use ‘roles’ authorisation

High-quality Internet for higher education and research Authorisation: 3 scenario’s 1.Authentication = authorisation (‘simple’) 2.Identity plus a few attributes (‘commonly used’) 3.Privacy-preserving negotiation about attributes to be exchanged (‘ideal and upcoming’) authorisation

High-quality Internet for higher education and research Authorisation: privilege management authorisation

High-quality Internet for higher education and research Administration: Identity Management How to record the identities (schema’s), credentials (attributes or roles), and privileges? Enterprise (or meta) directory to glue all sources of information together; Quality of registration is CRUCIAL for AuthN and AuthZ; It’s the underlying basis for an AAI; …and it’s a hype… administration

High-quality Internet for higher education and research Quick assessment of current AA systems Web login (authentication) systems –Athens, A-Select, CAS, CoSign, Pubcookie Authorisation systems –PAPI, PERMIS, Shibboleth, SPOCP –Portal products (Oracle, SiteMinder, Sun One, uPortal)

High-quality Internet for higher education and research Login (web)Application Administration Authorisation Network Authentication Web login systems (A-Select, CAS, CoSign, Pubcookie, …)

High-quality Internet for higher education and research Login (web)Application Administration Authorisation Network Authentication Web login systems (Athens)

High-quality Internet for higher education and research Login (web)Application Administration Authorisation Network Authentication Portal products (Oracle, SiteMinder, Sun One, uPortal)

High-quality Internet for higher education and research Login (web)Application Administration Authorisation Network Authentication Authorisation products (PERMIS, SPOCP)

High-quality Internet for higher education and research Login (web)Application Administration Authorisation Network Authentication Authorisation products (PAPI)

High-quality Internet for higher education and research Authorisation products Shibboleth Group AGroup B

High-quality Internet for higher education and research Cross-domain AA: Ingredients for a federation Policies (e.g. InCommon* from Internet2): –Federation Operating Practices and Procedures –Participant Agreement –Participant Operating Practices Technologies: –Protocols / language –Schema’s –Trust / PKI * Group AGroup B

High-quality Internet for higher education and research Cross-domain AA: Federation organisational Group AGroup B

High-quality Internet for higher education and research What about… …standards? Currently many proprietary solutions (sockets, cookies, redirects, …) Webservices (SOAP, XML RPC, WSDL, WS-*) SAML (1.1 -> 2.0) For federations: –WS-Federation (Microsoft, IBM) –SAML (OASIS: 150 companies, Internet2) –Liberty Alliance (Sun, 170 companies) ? ? ? ? ??

High-quality Internet for higher education and research What about… …future developments (in the research world)? Need for: –Converging or dominant standard(s), means better interoperability between the pieces of the puzzle –Attention to non-web-based applications (eg. Grids) –Universal Single Sign-On across network and application domain –(Error-) Diagnostics across federations! ? ? ? ? ??

High-quality Internet for higher education and research Middleware diagnostics: what if there’s an error? Security Related Events Middleware Related Events Network Related Events Collection and Normalization of Events Dissemination Network X Diagnostic applications (Middleware, Network, Security) can extract event data from multiple data sets Group AGroup B

High-quality Internet for higher education and research Homework but before that... Manage your identities...

High-quality Internet for higher education and research References AAI terminology Athens A-Select CAS CoSign eduroam Internet2 Federation Middleware diagnostics NSF Middleware Initiative Privilege Management Shibboleth Swiss Federation

High-quality Internet for higher education and research Thank you! Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.