UNINETT. 1 An Evaluation of Shibboleth, PAPI and A-Select.

Slides:

Advertisements

Similar presentations

May 2005IVOA Interoperability Meeting, Kyoto1 IRAF Web Services Michael Fitzpatrick NOAO T HE US N ATIONAL V IRTUAL O BSERVATORY.

Advertisements

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

MIT Lincoln Laboratory A Service-Oriented Approach to Application Development Robert Darneille & Gary Schorer WPI MQP Presentations ICS Group 10 October.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Data Mining and Text Analytics GATE, by Joel Bywater.

Global MP3 Geoffrey Beers Deborah Ford Mike Quinn Mark Ridao.

© Copyright 2012 STI INNSBRUCK Apache Lucene Ioan Toma based on slides from Aaron Bannert

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.

MNO Cloud Use Case 3 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_116.

Chapter 7 Advantages and Disadvantages of Web Services

Caleb Stepanian, Cindy Rogers, Nilesh Patel

EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Facebook Apps Teppo Räisänen. Facebook apps Facebook apps are normal Web pages – They are run inside Facebook so they can take advantage of Facebooks.

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Web server security Dr Jim Briggs WEBP security1.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

IBM User Technology March 2004 | Dynamic Navigation in DITA © 2004 IBM Corporation Dynamic Navigation in DITA Erik Hennum and Robert Anderson.

Presented by Kasandra Isaac

Client/Server Technology Two-Tier Architecture Three-Tier Architecture Josh Antonelli Jenn Lang Joe Schisselbauer Chad Williams.

ZFApp Preview Walkthrough. What is ZFApp? ZFApp is an application framework built on top of Zend Framework Fully compatible with the latest ZF Versions.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.

M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.

PHP TUTORIAL. HISTORY OF PHP  PHP as it's known today is actually the successor to a product named PHP/FI.  Created in 1994 by Rasmus Lerdorf, the very.

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

QuickBooks QB i 2009/10 New Features Presented by Helen Goodyear.

PAPI Points of Access to Providers of Information.

SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….

David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.

CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

Advanced Computer Networks Topic 2: Characterization of Distributed Systems.

Shibboleth for Local Attribute Delivery 21 June 2007.

Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Composing workflows in the environmental sciences using Web Services and Inferno Jon Blower, Adit Santokhee, Keith Haines Reading e-Science Centre Roger.

Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th.

Distributed Information Systems. Motivation ● To understand the problems that Web services try to solve it is helpful to understand how distributed information.

Taming Development and Data Chaos in Military Logistics: The ICIS Experience With Lightweight Languages Gary Kratkiewicz BBN Technologies Geoffrey Knauth.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

Microsoft ASP.NET Beginning Object-Oriented Web Design Bryan Jenks © Integrated Ideas 2005.

An Authentication and Authorization Infrastructure: the PAPI System.

Design and Implementation of a Rationale-Based Analysis Tool (RAT) Diploma thesis from Timo Wolf Design and Realization of a Tool for Linking Source Code.

New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.

PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.

Stanford GSB High Tech Club Tech 101 – Session 1 Introduction to Software, Distributed Architectures, and ASPs Presented by Shawn Carolan Former Manager.

PPDG February 2002 Iosif Legrand Monitoring systems requirements, Prototype tools and integration with other services Iosif Legrand California Institute.

Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck

1. Introduction A remote experiment on hydrogen fuel cell testing Biao Han, Xu Yang, Ashraf A. Mousa, Linfeng Zhang Renewable Energy Research Laboratory.

PAPI-PERMIS Integration Project Proposal David Chadwick

Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri.

PAPI 2 Distributed trust model and AA interoperability.

Daniele Spiga PerugiaCMS Italia 14 Feb ’07 Napoli1 CRAB status and next evolution Daniele Spiga University & INFN Perugia On behalf of CRAB Team.

M1G Introduction to Programming 2 2. Creating Classes: Game and Player.

Federated Wireless Network Authentication Kevin Miller Duke University Internet2 Joint Techs Salt Lake City February, 2005.

Scheduler CSE 403 Project SDS Presentation. What is our project? We are building a web application to manage user’s time online User comes to our webpage.

Network Requirements Analysis CPIT 375 Data Network Designing and Evaluation.

What problems are we trying to solve? Hannes Tschofenig.

EFDA-Fed: European federation among fusion energy research laboratories EURATOM/CIEMAT JET CEA R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A.

OBM OBM (Open Business Management)‏ Discover the full GPL enterprise-class and groupware solution By Pierre Baudracco OBM Leader

What is BizTalk ?

Introduction Ross Management Systems, Inc. Property business

Radius, LDAP, Radius used in Authenticating Users

Beginning Object-Oriented Web Design

Shibboleth Deployment Overview

WPS - your story so far Seems incredible complicated, already

R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A. Duarte,

Presentation transcript:

UNINETT

1 An Evaluation of Shibboleth, PAPI and A-Select

1 What We Are Not Trying To Do ● Do a direct comparison between systems ● Pick a “best” solution/architecture given our particular needs

1 Our Motivation ● Which features do we really need? ● Where are the minefields? ● Identify (partial) solutions/ideas that may match our particular needs.

1 Shibboleth ● Well-thought out architecture ● Clearly defined system components/interfaces. ● Promises to scale well ● Indexing server solution.

1 Shibboleth ● Logistics of user ARPs? ● Does it scale well? Clubs may help. ● FEIDE won't need per-user ARPs. ● Integrates existing authN schemes ●... as do PAPI, and A-Select. ● No existing authN schemes to consider in FEIDE. ● WAYF ● Another step on the user's way to the resource. ● No percieved need in FEIDE for a WAYF.

1 Shibboleth ● Java (mostly) ● FEIDE knows Java. ● Supports LDAP as user data source ● FEIDE knows LDAP. ● Alpha available ● Not a trivial task to get up and running. ● How about the latest release? ● In test phase

1 Shibboleth: Summary ● Attractive architecture ● Unneccessary features? ● FEIDE doesn't need the WAYF. ● FEIDE doesn't need user ARPs.

1 PAPI ● Scalability issues ● Potentially a lot of traffic to PoAs. GPoAs will help. ● No global index of home organization authN servers – but not necessarily a problem in FEIDE. ● User's home org must know which (G)PoAs the user have access to. ● Easy integration with existing web resources ● Hide them behind a PoA.

1 PAPI ● Privacy issues? ● Encrypted user identity code sent between AS and client. ● Complete list of accessible resources sent to client after authN; each resource is then contacted.

1 PAPI ● PERL ● Too “PERL-ish”? ● Supports LDAP as user data source ● Again, FEIDE knows LDAP. ● Production release available ● Currently in use!

1 PAPI: Summary ● It's being used! ● Will the basic architecture itself be able to scale well?

1 A-Select ● Not designed for cross-organizational operation ●... although possible with remote A-Select Servers. ● No global indexing of A-Select Servers; each Server must know about all relevant remote Servers. ●... but is this really a problem for FEIDE?

1 A-Select ● High degree of inter-component interaction ● Lots of arrows in that functional flow diagram... ● Especially when involving remote A-Select Servers. ● Need to modify applications to use A- Select Agent? ● Not an issue with the introduction of filters.

1 A-Select ● Java ● Again, good news for FEIDE. ● Supports LDAP as user data source ● More good news. ● Currently in test phase.

1 A-Select: Summary ● Lacks good cross-organizational support ●... but this may not be an issue for FEIDE. ● Easy integration with existing authN solutions and web resources ●... especially if filters handle the A-Select Agent interaction.

1 Questions?