Researcher ID September13 2013 Presented by Terry Smith - AAF Technical Manager.

Slides:



Advertisements
Similar presentations
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Advertisements

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.
WSO2 Identity Server Road Map
ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM
3 rd SG13 Regional Workshop for Africa on “ITU-T Standardization Challenges for Developing Countries Working for a Connected Africa” (Livingstone, Zambia,
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
Active Directory federation user provisioning.
Identity Management: The Legacy and Real Solutions Project Overview.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
TWSd Configuring Tivoli Workload Scheduler Security 1of3
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Document Management CategoryTracking Information Company:Citrix Systems, Inc. Author(s):Adolfo Montoya Owner(s):Worldwide Support Readiness Last modified:2/20/2012.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
Single Sign-On with Microsoft Azure
Welcome Thank you for taking our training. Collection 6425: Configure Windows 2008 Active Directory Domain Services Course 6710 – 6719 at
ArcGIS Server and Portal for ArcGIS An Introduction to Security
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
MetaCentrum – the Czech computational grid Martin Kuba CESNET and Masaryk University Brno, Czech Republic.
USERS Implementers Target Communities NMI Integration Testbed The NMI Integration Testbed NMI Participation Developed and managed by SURA Evaluate NMI.
Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.
Authentication and Authorization Charles (Cal) Loomis & Mohammed Airaj LAL, Univ. Paris-Sud, CNRS/IN2P October 2013.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
Shibboleth 2.0 IdP Training: Authentication January, 2009.
Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.
An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.
Identity Services Technical Briefing Tuesday, November 5, 2013 Nicholas Roy – Technical Manager 11/5/13Identity Services Technical Briefing1.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
VO. VOMS 1. Authentication2. Credentials 3. Authentication Client Resource.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
SAML to LDAP bridging developments Marcus Hardt Marcus kit.eduSteinbuch Centre for Computing (SCC) Motivation Allow linux logins,
Federating non-web services with LDAP-Façade
1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.
Identity Management and Enterprise Single Sign-On (ESSO)
Oracle HFM Implementation Boot Camp
A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.
Identities and Azure AD Premium
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
Networks ∙ Services ∙ People Mandeep Saini TNC15, Porto, Portugal Virtual organisation Authorisation Management Practices in Research and.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Utrecht.
1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney
EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries
European Life Sciences Infrastructure for Biological Information European Life Sciences Infrastructure for Biological Information.
CLASSe PROJECT: IMPROVING SSO IN THE CLOUD Alejandro Pérez Rafael Marín Gabriel López
The FederID project The First Identity Management and Federation Free Software.
SSSD and FreeIPA Advanced user management in Linux Red Hat Czech s.r.o. Jan Zelený 12 th February 2011.
Using Your Own Authentication System with ArcGIS Online
Azure Active Directory - Business 2 Consumer
LIGO Identity and Access Management
Federation made simple
Identity and Certificates
eduTEAMS platform for collaboration Niels Van Dijk
An authorization service for Virtual Organizations (VO)
Jean-François Perrin (ILL) - Umbrella Annual Meeting 2015
e-Infrastructure Workshop 28th March 2006, University of Leeds
Community AAI with Check-In
Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Researcher ID September Presented by Terry Smith - AAF Technical Manager

Researcher ID The brief Creation of a test “sandbox” environment for the Researcher ID -Populate an LDAP directory -Based on Authn and Attributes from AAF or Social Authentication -Simple UI for Researchers to manage their Researcher ID (Passwords, etc) -Extend the accounts with Group membership, permissions and roles -Simple workflow that can be used by resource owners -Test against use cases provided by the RDSI Nodes Determine what it will take to run as a production system

Researcher ID Identity Provisioning & Account Management Researcher ID Identity Store Group Mgnt, Workflows and APIs Node Applications & Resources Web Apps Federated and/or Social Authentication + Groups Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups RestAPI RW Master Replicas LDAP WebUi VOOT Social Authentication Account and Password Management Advanced account provisioning Advanced account provisioning IdP AAF DS IdP Federated Authentication RO Node RO Replicas RO RestAPI LDAP OAuth SAML AA WebUi VOOT SAML IdP OU=People OU=Groups DN= -address + AAF Core Attrs + MemberOf DN=Group Name Members=…

Researcher ID Identity Provisioning & Account Management Researcher ID Identity Store Group Mgnt, Workflows and APIs Node Applications & Resources Web Apps Federated and/or Social Authentication + Groups Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups RestAPI RW Master Replicas LDAP WebUi VOOT Social Authentication Account and Password Management Advanced account provisioning Advanced account provisioning IdP AAF DS IdP Federated Authentication RO Node RO Replicas RO RestAPI LDAP OAuth SAML AA WebUi VOOT SAML IdP OU=People OU=Groups DN= -address + AAF Core Attrs + MemberOf DN=Group Name Members=…

Researcher ID Identity Provisioning & Account Management Researcher ID Identity Store Group Mgnt, Workflows and APIs Node Applications & Resources Web Apps Federated and/or Social Authentication + Groups Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups RestAPI RW Master Replicas LDAP WebUi VOOT Social Authentication Account and Password Management Advanced account provisioning Advanced account provisioning IdP AAF DS IdP Federated Authentication RO Node RO Replicas RO RestAPI LDAP OAuth SAML AA WebUi VOOT SAML IdP OU=People OU=Groups DN= -address + AAF Core Attrs + MemberOf + Password DN=Group Name Members=…

Researcher ID Identity Provisioning & Account Management Researcher ID Identity Store Group Mgnt, Workflows and APIs Node Applications & Resources Web Apps Federated and/or Social Authentication + Groups Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups RestAPI RW Master Replicas LDAP WebUi VOOT Social Authentication Account and Password Management Advanced account provisioning Advanced account provisioning IdP AAF DS IdP Federated Authentication RO Node RO Replicas RO RestAPI LDAP OAuth SAML AA WebUi VOOT SAML IdP OU=People OU=Groups DN=POSIX Username + AAF Core Attrs + MemberOf + Password + Posix Attrs DN=Posix GroupName Members=… + Posix Attrs

Researcher ID Identity Provisioning & Account Management Researcher ID Identity Store Group Mgnt, Workflows and APIs Node Applications & Resources Web Apps Federated and/or Social Authentication + Groups Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups RW Master Replicas LDAP WebUi VOOT Social Authentication Account and Password Management Advanced account provisioning Advanced account provisioning IdP AAF DS IdP Federated Authentication RO Node RO Replicas RO RestAPI LDAP OAuth SAML AA WebUi SAML IdP OU=People OU=Groups DN=POSIX Username + AAF Core Attrs + MemberOf + Password + Posix Attrs + Kerberos + PKI Certs DN=Posix GroupName Members=… + Posix Attrs Kerberos CA

Researcher ID The Use cases dictates the Schema and components that need to be included to build the Researcher ID Infrastructure. Next activity - Building an end to end pilot Researcher ID

Researcher ID Possible Protocols and Services supported by the Researcher ID? NFS WebDav Globus Online SSH / SCP SFPT SIF Shares Aspera Grid FTP Web http

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.