Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.

Slides:



Advertisements
Similar presentations
Federated Identity for Grid Architects Tom Scavo NCSA
Advertisements

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
CLARIN AAI, Web Services Security Requirements
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Connect. Communicate. Collaborate The eduGAIN Way Diego R. Lopez - RedIRIS.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.
Connect. Communicate. Collaborate Federation peering à la European The eduGAIN way Diego R. Lopez - RedIRIS.
SWITCHaai Team Federated Identity Management.
AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
SWITCHaai Team Introduction to Shibboleth.
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
Identity Management Report By Jean Carreon and Marlon Gonzales.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Using the Open Metadata Registry (openMDR) to create Data Sharing Interfaces October 14 th, 2010 David Ervin & Rakesh Dhaval, Center for IT Innovations.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
CLARIN Infrastructure Vision (and some real needs) Daan Broeder CLARIN EU/NL Max-Planck Institute for Psycholinguistics.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT.
Connect. Communicate. Collaborate Place organisation and project logos in this area Usage of SAML in eduGAIN Stefan Winter, RESTENA Foundation TERENA Networking.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Connect. Communicate. Collaborate BANDWIDTH-ON-DEMAND SYSTEM CASE-STUDY BASED ON GN2 PROJECT EXPERIENCES Radosław Krzywania (speaker) PSNC Mauro Campanella.
June 24-25, 2008 Regional Grid Training, University of Belgrade, Serbia Introduction to gLite gLite Basic Services Antun Balaž SCL, Institute of Physics.
Connect communicate collaborate The GEMBus Way Delivering the Promise of the Internet of Services Diego R. Lopez, RedIRIS.
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Connect. Communicate. Collaborate The MetaData Service Distributing trust in AAI confederations Manuela Stanica, DFN.
Connect. Communicate. Collaborate Stitching framework for AutoBAHN Victor Reijs, HEAnet TNC2007, May 23 rd, 2007
Connect. Communicate. Collaborate AAI scenario: How AutoBAHN system will use the eduGAIN federation for Authentication and Authorization Simon Muyal,
1 Registry Services Overview J. Steven Hughes (Deputy Chair) Principal Computer Scientist NASA/JPL 17 December 2015.
Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.
Connect. Communicate. Collaborate Global On-demand Light Paths – Developing a Global Control Plane R.Krzywania PSNC A.Sevasti GRNET G.Roberts DANTE TERENA.
Diego R. Lopez, RedIRIS JRES2005, Marseille On eduGAIN and the Coming GÉANT Middleware Infrastructure.
1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
DICE: Authorizing Dynamic Networks for VOs Jeff W. Boote Senior Network Software Engineer, Internet2 Cándido Rodríguez Montes RedIRIS TNC2009 Malaga, Spain.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.
University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.
Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.
Workshop on Security for Web Services. Amsterdam, April 2010 Applying SAML to Identity Data Exchange.
Connect. Communicate. Collaborate Applying eduGAIN to network operations The perfSONAR case Diego R. Lopez (RedIRIS) Maurizio Molina (DANTE)
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Access Policy - Federation March 23, 2016
Applying eduGAIN to network operations The perfSONAR case
Mechanisms of Interfederation
Shibboleth Roadmap
Federation Systems, ADFS, & Shibboleth 2.0
University of Stuttgart University of Murcia
HMA Identity Management Status
Identity Federations - Overview
Géant-TrustBroker Dynamic inter-federation identity management
Federation peering à la European The eduGAIN way
Adding Distributed Trust Management to Shibboleth
Scott Cantor April 10, 2003 Shibboleth and PKI Scott Cantor April 10, 2003.
Federation peering à la European The eduGAIN way
Technical Approach Chris Louden Enspier
Multi-Domain User Applications Research (JRA3)
Community AAI with Check-In
Presentation transcript:

Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008

Connect. Communicate. Collaborate Outline Introducing eduGAIN eduGAIN in real life eduGAIN FAQ Future plans

Connect. Communicate. Collaborate Outline Introducing eduGAINIntroducing eduGAIN eduGAIN in real life eduGAIN FAQ Future plans

Connect. Communicate. Collaborate Introduction: Concepts eduGAIN federates federations Federation software and policy remain untouched Providing trust among partners Using standards

Connect. Communicate. Collaborate INTRODUCTION: ARCHITECTUREIntroduction: Architecture Connect. Communicate. Collaborate

Bridging Elements Adapt eduGAIN messages to local protocols Query the MDS for other BEs in the infrastructure Several BEs available

Connect. Communicate. Collaborate Federation Peering Point Publishes SAML 2.0 metadata to the MDS Metadata describes federation interfaces in eduGAIN, such as IdPs, SPs, AAs..

Connect. Communicate. Collaborate Metadata Service Allows storage and retrieving of federation information Different search options Metadata must be signed by the FPP

Connect. Communicate. Collaborate INTRODUCTION: ARCHITECTURE Introduction: To BE or not to BE Connect. Communicate. Collaborate MDS SP BE IdP BE IdP BE IdP BE SP BE SP BE SP BE FPP BE SP IdP BE FPP

Connect. Communicate. Collaborate Outline Introducing eduGAIN eduGAIN in real lifeeduGAIN in real life eduGAIN FAQ Future plans

Connect. Communicate. Collaborate eduGAIN in real life Two approaches –Components URN Registry eduGAIN PKI MDS-based WFAYF eduGAINFilter –Applications / Projects autoBAHN Web applications perfSONAR, DAMe

Connect. Communicate. Collaborate Components: URN Registry Each eduGAIN component MUST have a unique URN Registry can be delegated Registry software available Can produce XML output Format: urn:geant:edugain:component:be:rediris:rediris.es URL:

Connect. Communicate. Collaborate Components: eduGAIN PKI Each eduGAIN component MUST have a X.509 certificate –Which includes the previously registered URN Different RAs can be delegated from eduGAINSCA PKI software available URL: eduGAIN supports multiple roots of trust –Certs MUST include a proper URN –CA MUST comply to eduGAIN PMA policy

Connect. Communicate. Collaborate Components: MDS-based WAYF (1) WAYF = Where Are You From Queries the MDS for available federations and IdPs

Connect. Communicate. Collaborate Components: MDS-based WAYF (2) Highlight available federations Federation info available through javascript events Servlet can be queried by other interfaces RedIRIS federation -Organization info - IdPs - …

Connect. Communicate. Collaborate Components: eduGAINFilter Implementation of the javax.servlet.Filter interface eduGAINizes any application inside a servlet container… … without any federation software! Operates as an eduGAIN Remote Bridging Element Beta version available at GÉANT2 SVN

Connect. Communicate. Collaborate Applications: autoBAHN (1) AutoBAHN is a research activity for engineering, automating and streamlining the inter-domain setup of guaranteed capacity (Gbit/s) end-to-end-paths A chained-solution is adopted: –A user is authenticated and his/her BoD request is authorized successively in each domain on the path where bandwidth should be scheduled. –The scheduled resource are enabled in each domain by the Domain Manager (DM) only after AA Extract from a presentation by Victor Reijs (HEAnet)

Connect. Communicate. Collaborate Applications: AutoBAHN (2) User authN is performed through eduGAINFilter DM fetches user data and includes it in the WS message using SAML Parser Each IDM may use the data to perform authorization locally

Connect. Communicate. Collaborate Applications: WebSSO Tested eduGAINized applications –Wikis JRA5 wiki: DemoWiki: –Flyspray: –OTRS: All apps listed here can be connected: – – Lessons learned –We need attribute conversion –We need to agree on access policies –It works :-)

Connect. Communicate. Collaborate Outline Introducing eduGAIN eduGAIN in real life eduGAIN FAQeduGAIN FAQ Future plans

Connect. Communicate. Collaborate The common reaction

Connect. Communicate. Collaborate eduGAIN FAQs Question: What the $%&/ is eduGAIN about? –Answer: Watch the presentation from the beginning Q: Does this freak stuff really work? –A: YES Q: What do I need to become part of the infrastructure? –A: The recipe is: Choose your SW, add a pinch of URN and mix it with certificates; cook your metadata on slow fire, take it from the fire and place it in a MDS. It can be seasoned with your own CA. Q: My problem can’t be solved with the current eduGAIN profiles –A: Contact us!

Connect. Communicate. Collaborate Outline Introducing eduGAIN eduGAIN in real life eduGAIN FAQ Future plansFuture plans

Connect. Communicate. Collaborate Future plans Complete the implementation, make it stable Add SAML 2.0 support Shib 2.0 testing Dynamic metadata discovery Explore new profiles and use cases Transition to service

Connect. Communicate. Collaborate Thanks to…

Connect. Communicate. Collaborate For More Information For latest news and factsheets For research activities

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.