Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.

Slides:

Advertisements

Similar presentations

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

Advertisements

Identity Network Ideals – Heterogeneity & Co-existence

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager

Beispielbild Community Single Sign-on 15 September 2009 Berlin, ISTC meeting Lutz Suhrbier ‏ Networked Information Systems.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

The EDIT Platform for Cybertaxonomy as an information broker in name infrastructures Andreas Kohlbecker 1, Yde de Jong 2, Cherian Mathew 1, Lorna Morris.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

SWITCHaai Team Federated Identity Management.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

The InCommon Federation The U.S. Access and Identity Management Federation

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.

TDWG Montpellier France 09-13th November Using the CDM to build Europe’s largest species database Marc Geoffroy, Anton Güntsch, Andreas Kohlbecker.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

TDWG EDIT Platform for Cybertaxonomy – An Overview Andreas Müller, Andreas Kohlbecker, Pepe Ciardelli, Julius Welby, Pere Roca, Niels Hoffmann, Patricia.

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Navigating the Standards Landscape Andrew Owen SEARCH.

Shibboleth at Columbia Update David Millman R&D July ’05

Shibboleth: An Introduction

Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.

Shibboleth Access Management System Walter Hoehn & David Millman, Columbia University.

State of e-Authentication in Higher Education August 20, 2004.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Services Information University Project Sentinel Middleware & Identity Management for the Health Sciences Chad La Joie Georgetown University.

Mairéad Martin The University of Tennessee December 16, 2015 Federated Digital Rights Management.

Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.

Tutorial on Science Gateways, Roma, Riccardo Rotondo Introduction on Science Gateway Understanding access and functionalities.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

B2access.eudat.eu B2ACCESS User Training How to register with B2ACCESS Version 1 February 2016 This work is licensed under the Creative Commons.

Project Moonshot Daniel Kouřil EGI Technical Forum

Botanic Garden and Botanical Museum Berlin-Dahlem Collections and Research on the Biodiversity and Evolution of Plants.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Access Policy - Federation March 23, 2016

David Millman—Columbia January 2005

Using Your Own Authentication System with ArcGIS Online

Federation made simple

Federation Systems, ADFS, & Shibboleth 2.0

eduTEAMS platform for collaboration Niels Van Dijk

Extending Authentication to Members of Social Networks

John O’Keefe Director of Academic Technology & Network Services

Community AAI with Check-In

Shibboleth 2.0 IdP Training: Introduction

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie Universität Berlin, Department of Computer Science, Networked Information Systems ( ‏ 2 Freie Universität Berlin, Botanic Garden and Botanical Museum Berlin-Dahlem (BGBM) ‏ Find more information at or contact Lutz Suhrbier ‏ Picture copyrights (top-left corner):© Copyright Person The following pictures are under Creative Commons 3.0: XXXX 2005 Protects and provides access to all EDIT platform components Built up on the Security Assertion Markup Language (SAML) web profile (e.g. Shibboleth, OpenSSO) ‏ Only a single identity per user required only one user id and password to remember accounts at home institution can be reused Attribute Based Access Control (ABAC) for service providers considerably reduced administrative costs definition of individual access control policies EDIT's Community Single Sign-On (CSSO) security infrastructure EDIT federation Abides organisations by a common set of policies & practices operational procedures and security mechanisms attributes & entitlements to be exchanged (eduPerson) ‏ identical attribute interpretation (role/group assignment) ‏ Legal issues like Intellectual Property Rights and privacy Enables trusted interaction without bilateral agreements Open to all biodiversity institutions or service contributors as Identity Provider(IdP) and/or Service Provider(SP) ‏ Vision: Build up a biodiversity community federation The EDIT platform provides a multitude of web-based taxonomic applications and services. The diversity of service providers reflects the highly distributed, cross-national organisational infrastructure of biodiversity institutions and collections in general Result is a problem of identity management system administrators have to register users and maintain several access control lists for each service individually users have to remember a variety of login/password combinations to access all these different services Need for a comfortable single sign-on (SSO) solution reflecting the specifics of biodiversity infrastructures Why Community Single Sign-On ? Source: Join the federation as IdP and/or SP Identity Provider (IdP) is responsible for an organisation's secure user login and attribute delivery to SPs integration of existing identity management solutions data privacy management for user attributes Service Provider (SP) provides cross-organisational access to EDIT web resources for federated users based on individual access control policies for resources Support and demo installations available dedicated server and hosted web space environments Integration of Drupal, Spring, Trac, etc. Looking for further application scenarios Information flow of the CSSO login procedure Typical SAML-based federation infrastructure