Introduction Moonshot workshop 6.2.2014

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.
Innovation through participation eduGAIN as a service (T3) in Multi-Domain User Applications (SA3) Valter Nordh, NORDUnet / GU NORDUnet conference, Köpenhamn,
Abfab use-cases draft-ietf-abfab-usecases-00.txt Rhys Smith Mark Tysom Simon Cooper IETF80.
KERBEROS A NETWORK AUTHENTICATION PROTOCOL Nick Parker CS372 Computer Networks.
Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.
Project Moonshot February Background Project Moonshot 2.
August 2013 Introduction to Moonshot. Why Moonshot? Within education, there are a number of specialised federations: – UK federation - Access to web-based.
Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.
© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.
5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.
Kalmar Union Mikael Linden CSC, the Finnish IT Center for Science.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
CSC Grid Activities Arto Teräs HIP Research Seminar February 18th 2005.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Project Moonshot TF-MNM. Use cases Project Moonshot 2.
Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.
Federated A(A(A))I Jens Jensen hepsysman, RAL,
ESA EO Federated Identity Management Initiatives A. Baldi ESA: M. Leonardi RHEA:
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science
Developments and challenges in authentication and authorisation Klaas Wierenga Berlin, 23 May 2006.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.
Michal Procházka, Jan Oppolzer CESNET.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Update Finland TF-EMC Mikael Linden CSC, the Finnish IT Center for Science.
HAKA project HAKA User administration inside Finnish Higher Education Institutes results from the KATO project Barbro Sjöblom EDS 2003 Uppsala.
Shibboleth in Finnish Higher Education Organisations E-ICOLC 2005 Poznan, Poland.
Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.
Campus Identity Management Requirements (=IAP) REFEDs meeting Mikael Linden,
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
Shibboleth Update Fall Ch-ch-changes Chad moving on to new job opportunity, requires realigning product responsibilities and reviewing roadmap Tom.
Edugate Glenn Wearen HEAnet.. Summary 1 year Pilot Project / 2 years in production All IoT’s, Universities, Colleges, but only half of HEAnet’s members.
Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.
Innovation through participation eduGAIN interfederation service for research and education Cern FedID workshop in RAL, UK 2-3 Nov 2011 Mikael Linden,
Federation as a Service Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.
The Application and the Ecosystem. Acknowledgments Home and Scott Cantorhttps://spaces.internet2.edu/display/fedapp/
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.
Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.
SAML to LDAP bridging developments Marcus Hardt Marcus kit.eduSteinbuch Centre for Computing (SCC) Motivation Allow linux logins,
Federating non-web services with LDAP-Façade
/ 8 FEIDHE Electronic Identification in Finnish Higher Education Janne Kanner FEIDHE Electronic Identification in Finnish Higher Education.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Image © Viatour Luc ( Project Moonshot TNC 2010 Vilnius, 1 June 2010 Josh Howlett, JANET(UK)
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri.
Introduction & use-cases FedAuth IETF78 Maastricht, July 27, 2010
Understanding deployment issues on the Supply Chain Ann Harding, SWITCH, Nicole Harris, TERENA Cambridge July 2014.
IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)
Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.
Moonshot-enabled Federated Access to Cloud Infrastructure Terena Networking Conference, Reykjavik. May 2012 David Orrell, Eduserv.
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
Project Moonshot Daniel Kouřil EGI Technical Forum
Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Utrecht.
Non Web-based Identity Federations - Moonshot Daniel Kouril, Michal Prochazka, Marcel Poul ISGC 2015.
The Umbrella Project Authentication The minimum user information possible is stored centrally to avoid Data Protection issues. The Authentication is done.
CLASSe PROJECT: IMPROVING SSO IN THE CLOUD Alejandro Pérez Rafael Marín Gabriel López
Federated Access to Storage EGI CF 2012 Luke Howard, Daniel Kouril, Michal Prochazka.
eduroam Managed IdP - Roadmap
Federation made simple
Shibboleth Integration Fairfield University
AAAI Pathfinder J Jensen, STFC 031 Oct,
Jean-François Perrin (ILL) - Umbrella Annual Meeting 2015
John O’Keefe Director of Academic Technology & Network Services
European AFS & Kerberos Conference 2010
ESA Single Sign On (SSO) and Federated Identity Management
Multi-Domain User Applications Research (JRA3)
Presentation transcript:

Introduction Moonshot workshop

2 Connect | Communicate | Collaborate Federated identity in Finnish HE Haka – WebSSO (47 organisations) eduroam – network access (30 organisations) Project Moonshot – non-web SSO Combination of the two above Standardisation (IETF) implementation (Mac, Linux, FreeBSD, Windows, Openssh, OpenLDAP, Samba, Apache, NFS…) Piloting (GN3plus)

3 Connect | Communicate | Collaborate Moonshot technical architecture 3 SSH clientSSH serverRADIUS server (2) SSH negotiation(4) RADIUS (3) Authentication (1) Username/password issued to the user (5) Attributes (6) SSH session OpenSSH used as example of application; many others also apply Slide by Janet(UK)

4 Connect | Communicate | Collaborate Benefits Information security –Password never exposed to the SP (and a rootkit) –Audit trail to serve forensics analysis –Accounts closed when the user departs Usability –Less usernames and passwords for the user Service provisioning –Removes obstacles for streamlining service provisioning to the users

5 Connect | Communicate | Collaborate Downsides Understanding it requires wide competence –RADIUS, SAML, GSS-API… Requires client-side software installation –Moonshot libraries and Identity selector Still early work…

6 Connect | Communicate | Collaborate Example use scenarios Services Centralised servies E.g. CSC’s computing or data services Grid services Cloud services (IaaS) Technologies SSH secure shell (OpenSSH) iRODS Grid/MyProxy IMAP

7 Connect | Communicate | Collaborate About Moonshot technilogy Development led by Janet(UK) Pilot in GN3plus project 4/2013-3/2015 UK, France, Hungary, Switzerland, Croatia, Czech, Finland and Spain Janet, RENATER, NIIFI, SWITCH, CARNet, CESNET, NORDUnet (Funet), RedIRIS Trust fabrics can be based on Eduroam techonology Trust router technology

The Finnish Moonshot pilot

9 Connect | Communicate | Collaborate Goals Learn the technology, its maturity and applicability Study alternatives to organise Moonshot as a service Extension of Haka, extension of eduroam, something else? Trust router or eduroam…? International co-operation via GN3plus project Foreign Moonshot services?

10 Connect | Communicate | Collaborate What? Real end users to real services E.g. selected research groups from their home universities Still a pilot No promise of production quality service Moonshot IdP RADIUS Computing server IDA service HU TUT CSC (Moonshot SP)

11 Connect | Communicate | Collaborate Timeline HU and TUT set up the Moonshot IdP 2-3/2014 Works against CSC’s production SPs Kick-off with pilot users 4/2014 Involving the pilot users Pilot with the pilot uses 5-6/2014

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.