Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

MyProxy Jim Basney Senior Research Scientist NCSA

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Gridshell Web Services Akylbek Zhumabayev. Content Gridshell Architecture Gridshell Mediator Gridshell Client Gridshell Full Picture Security Patterns.

Security Standards (…and Competing Standards … and Implementations … and Interoperability) Marty Humphrey Assistant Professor Computer Science Department.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Content provided under the terms and conditions of the Eclipse Public License Version Eclipse Foundation - Kathy Chan.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Will Darby April  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.

Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies.

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

OFC-B317 Overview Identity Management in Office 365 Synchronization Topics Federation Topics Integration of SAML/OAUTH with Office Works with Office.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Web Service Standards, Security & Management Chris Peiris

Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

Enterprise Identity Steve Plank – Microsoft Ivor Bright – Charteris Dave Nesbitt – Oxford Computer Group.

UDDI ebXML(?) and such Essential Web Services Directory and Discovery.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005

WS-Trust Joseph Calandrino Vincent Noël Department of Computer Science University of Virginia February 9, 2004.

GridShib and MyProxy Grid Credential Management and Identity Federation Von Welch NCSA

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.

Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Navigating the Standards Landscape Andrew Owen SEARCH.

Single Sign-On for Professionals & Patients Phil Stradling.

January 19, 2005 Andrew Nash Chief Technology Officer, Reactivity xmlCoP Interoperable Trust Networks.

Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.

W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

Grid Security: Authentication Most Grids rely on a Public Key Infrastructure system for issuing credentials. Users are issued long term public and private.

Prabath Siriwardena – Software Architect, WSO2. Patterns Standards Implementations Plan for the session.

GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

Gridshell Security Master Project Akylbek Zhumabayev Rochester Institute of Technology.

With ADFS and Azure Active Directory

EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.

Shibboleth, SRB, PGL & Plone Russell Sim. MyProxy client uses portal with Web SSO protected with an SP transformation of attributes to certs by MyProxy.

EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Transforming the Existing User Credentials.

Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies.

EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.

In Vivo Imaging Middleware — Phase 6 Ashish Sharma, Tony Pan, Y. Nadir Saghar.

ESRIN, 15 July 2009 Slide 1 Web Service Security support in the SSE Toolbox HMA-T Phase 2 FP 14 December 2009 S. Gianfranceschi, Intecs.

Access Policy - Federation March 23, 2016

LIGO Identity and Access Management

HMA Identity Management Status

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Office 365 Identity Management

Presentation transcript:

Shibboleth Akylbek Zhumabayev September 2008

Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2

Introduction Started in 2000 by Internet2/MACE Current version: 2.0 (March 19, 2008) Open source (Apache2 license) Large projects in 15 countries 3

Description Purpose: cross-domain access control Authentication: single sign-on (SSO) Authorization: attribute-based Additional feature: user privacy Platform: SOA - WS technologies Standard: WS-Federation 4

WS Standards XML, SOAP, WSDL, UDDI – no comments WS-Addressing: stateful resource behind WS XML-Encryption, XML-Signature: basic security WS-Security: how to carry secure data WS-Policy: how to define settings WS-Trust: how to manage tokens WS-Federation: how to process SAML token 5

WS-Federation Contributors: IBM, Microsoft etc. Purpose: cross-domain identity portability Current version: 1.1 (December, 2006) Carrier: SAML token Domain trust: WS-Trust Trust carrier: X.509 6

Picture Identity Provider Identity Provider Service Provider Service Provider WAYF LDAP System Domain X Domain Y Attributes 4 WS-Federation Username/password 7

Grid Security GSI: X.509 Certificates Client System CA MyProxy X.509 Entity Certificate Proxy Certificate Certificates 8

GridShib Identity Provider Identity Provider GridShib WAYF LDAP System Domain X Grid System Attributes Profile 4 WS-Federation X.509 9

References 1. Website: 2. Short introduction: 3. Technical Overview: 4,5. Integration with Grid: SAML introduction: 7. Use Case (article in IEEE): "ShibGrid: Shibboleth Access for the UK National Grid Service" Spence, D.; Geddes, N