Middleware CAMP Day 2. Current Research Research that develops th e…

Slides:



Advertisements
Similar presentations
0 McLean, VA August 8, 2006 SOA, Semantics and Security.
Advertisements

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
UDDI v3.0 (Universal Description, Discovery and Integration)
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.
Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Copyright Ann West This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Grid Security. Typical Grid Scenario Users Resources.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Understanding Active Directory
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.
Enterprise Directory Services A Common Registry (Identity Management) & Common Source of Authoritative Attributes Presentation to the Office of the President.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Enterprise Portal Authentication: who are you? Authorization: what are you permitted to do? Personalization: the web pages you see are dynamically created.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
Introduction to UDDI From: OASIS, Introduction to UDDI: Important Features and Functional Concepts.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
CNRI Handle System and its Applications
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
Middleware challenges to service providers, the Nordic view TERENA, Ingrid Melve, UNINETT.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
EDUCAUSE Midwest Regional March 24, 2003 Copyright Ann West This work is the intellectual property of the author. Permission is granted for this.
Digital Object Architecture
Module 9 Configuring Messaging Policy and Compliance.
Middleware: Addressing the Top IT Issues on Campus Renee Woodten Frost Internet2 and University of Michigan CUMREC May 13, 2003.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Capture the Movement: Banner 7.0 and Beyond Susan LaCour, Senior Vice President, Solutions Development California Community Colleges Banner Group.
Building Security into Your System Bill Major Gregory Ponto.
JISC Middleware Security Workshop 20/10/05© 2005 University of Kent.1 The PERMIS Authorisation Infrastructure David Chadwick
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
Athens – integrated AMS services Ed Zedlewski JISC/CNI Conference Edinburgh, June 2002.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure.
The State of Identity Management on Your Campus Session Moderators Jacob Farmer, Indiana University Theresa Semmens, North Dakota State University November.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Esri UC 2014 | Technical Workshop | What is new in ArcGIS 10.2.x for Server Ismael Chivite, Greg Tieman.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Renee Woodten Frost Internet2/University of Michigan.
University of Colorado An Approach for Deploying Multi- campus Directory Services.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Mark Luker, EDUCAUSE Copyright Mark Luker, This work is the intellectual.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
RMS with Microsoft SharePoint
ESA Single Sign On (SSO) and Federated Identity Management
SharePoint Online Hybrid – Configure Outbound Search
SharePoint Online Authentication Patterns
Supporting Institutions Towards a Shibbolized Infrastructure
Grid Computing Software Interface
Presentation transcript:

Middleware CAMP Day 2

Current Research Research that develops th e…

Multicampus Issues System-wide Identifier some established (CU), some working toward (UC) currently trying to map various IDs, some see as impossible (UT) System-wide directory including common definitions and common content management - most see as impossible which implies need to provide interfaces, etc - - CalState has working group to build system-wide directory infrastructure that includes multiple directories that appear unified using agreed upon common standards (LDAP, eduPerson, etc) - CalState, UC, and CU have system-wide “eduperson” and campus-specific ‘eduPerson” so key aspects centralized while not undermining autonomy (ie, CUeduPerson, BoulderCUeduPerson?) System-wide registry used at CU to help with interfaces to multiple directories CalState using referrals rather than system-wide registry

Multicampus Issues - Authentication SSO need to allow access to resources on another campus PKI - implementing at UC, attempting at UT for fiefdoms on Austin campus; plan at UC=one CP for system, multiple CPS=unique for campuses –Shib may be answer for intra-campus as well as inter- campus for systems as well as inter-system e. How to capture identity initially methods and level of assurance vary from campus to campus

Multicampus Finding the convincing drivers is critical to cooperation and forward progress (key issue for UMass system and others) – Some examples identified - access to library resources (CU,others), distance learning (U Alaska), access to administrative systems (benefits UC) – Many identified in Business Case for Middleware on I2 website could apply to systems as well as individual campus –Education is also critical need to reassure campuses not removing authority over data and data maintenance

Interrealm in the intrarealm Trust between security realms as much political as technical Keep accounts separate from people; try to normalize id use at the application regardless of the account authenticated against Identity mapping centrally Directories – use of enterprise directory easier than security, learning to delegate which permissions to departments hard, especially with AD Most campuses have started to centrally manage much of the AD world.

From the applications developer view If your web application does authentication, it's broken and you should fix it. Authentication is very well understood, and applications have no business messing with it. The data is the most critical component. If apps developers don't know how the data works, it's hard for them to know how to make good use of it.

From the applications developers… There are many drivers for alumni authentication, therefore for alumni in directories -- e.g. lifelong (many schools), selling stuff to alumni (Penn State), online alumni elections (Princeton). Re the are-these-two-people-the-same-person problem, "it comes down to identification...you cannot fundamentally identify a human being in any way" -- the best you can do is to try to make it more likely that people already in the system will get flagged when they're brought in again.

There are so many ways to do resource discovery… resources to be discovered: identity, i.e. people directories services, i.e. printers dns service h.323 or sip. callees. video archives vc

Resource discovery two flows: 1) registration to resource discovery server 2) resource discovery server to clients access controls needed on both who can list themselves and who can access this list access controls should be tailored to fit the resource, e.g. search engines needing no access control from either side, but the dean's printer being protected

Current resource discovery approaches uddi dns srv records ldap google xns.org

Research computing Research about core middleware authorization, security, resource discovery, video, N- Tier problem, etc. Research about systems to support scientific research Grids, digital libraries, peer-to-peer, others Research about how to adapt those systems to individual science needs GRYPHEN, Euro Datagrid, NEES, etc

The frontier of core middleware Authorization, authorization, authorization Building a federated trust model The N-Tier Problem – portals and middlemen Affiliated directories Identifier crosswalks Enabling PKI – directories, path processing, digital signature validity

Authorization, authorization, etc. Expressing permissions Expressing requirements Transporting permissions Obtaining and processing permissions against requirements Digital rights managment

Building a federated trust model

The N-Tier Problem: portals and middlemen

Affiliated directories

Enabling PKI – directories, path processing, digital signature validity

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.