Running List: Comanage Stuff Framework – Services - Appliance.

Slides:



Advertisements
Similar presentations
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Advertisements

CACORE TOOLS FEATURES. caCORE SDK Features caCORE Workbench Plugin EA/ArgoUML Plug-in development Integrated support of semantic integration in the plugin.
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
TF-EMC2 – Internet2 update Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder.
WSO2 Identity Server Road Map
Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.
© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,
GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.
Talend 5.4 Architecture Adam Pemble Talend Professional Services.
SWITCHaai Team Federated Identity Management.
Cloud Computing for the Enterprise November 18th, This work is licensed under a Creative Commons.
AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
SWITCHaai Team Introduction to Shibboleth.
Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.
BfB: Supporting Collaboration with Infrastructure.
EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.
Maturation & Convergence in Authentication & Authorization Services in US Higher Education: Keith Hazelton, Sr. IT Architect, University.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO.
Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
VO and Internet2 Middleware. Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges,
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
Running List of Comanage Framework Stuff. Parked issues Discussion of how to share the work of domesticating apps - real important to do soon, but the.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.
COmanage and InCommon: Present and Future Activities and Interactions Heather Flanagan, COmanage Project Coordinator, Internet2.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Taking Care of Our Core Business: Managing Collaborations Dr. Ken Klingenstein, Senior Director, Internet2 Middleware and Security.
© 2006 The University of Chicago Grouper Backgrounder for Authorization WG Tom Barton, U Chicago.
Introduction To BlueMix By: Ryan
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Diego R. Lopez, RedIRIS JRES2005, Marseille On eduGAIN and the Coming GÉANT Middleware Infrastructure.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
~60 staff 1.Collaborators around the world 2.Supports communities of collaborators external to Internet2 3.Community uses wiki, mailing lists, instant.
INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.
Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,
IBM Control Desk Enabling the Enterprise App Store –
Adapting Webconference Cloud Services to R&E communities Session: Successful instantiations of cloud services Rui Ribeiro FCCN|FCT 21 May 2014.
Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.
Collaboration and Federated Identity Two powerful forces being leveraged – the rise of federated identity – the bloom in collaboration tools, most particularly.
COmanage: Vision & Strategy July 2010, COmanage Dev Call.
Web SSO with Cloud Resources using AD Federation Services
LIGO Identity and Access Management
EGI Updates Check-in Matthew Viljoen – EGI Foundation
eduTEAMS platform for collaboration Niels Van Dijk
eduTEAMS – Current status & Future Plans
Chapter 18 MobileApp Design
ESA Single Sign On (SSO) and Federated Identity Management
The Future of Indoor Plumbing
Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)
AARC Blueprint Architecture and Pilots
Ease of Scale Allows Businesses to Connect with Individuals Using Social Conversations MINI-CASE STUDY “Microsoft Azure has allowed iSwarm to scale our.
Matthew Levy Azure AD B2B vs B2C Matthew Levy
Guests and Collaborators
2/24/2019 6:15 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Security for Science Gateways Initial Design Discussions
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Running List: Comanage Stuff Framework – Services - Appliance

Next Steps - Appliance

Next Steps - Service Nate to cobble together a service instance in skunkworks, using previous code, Shib, Grouper, etc. Dutch to do the same, using…

Some Next Steps- Marketing/PR Graphics/slides for comanage as a lightweight collab platform linked to the waffles of federation… - Surfnet Graphics/slides for comanage refactored for enterprise or federation level deployment Video of the four types of users using comanage/apps – Ala management/federation/animation.aspx

Next Steps - Process Figure out groups – dev, -community, -?? Add Leif, Ian, Thomas to right groups Figure out communication modes and times for each group

Next Steps- Framework Understand scope of framework – what concepts included/excluded Understand, for concepts within scope, the specifications linked to the concept – Specific instance – domestication? Is the externalization LDAP or SAML or… Application service registry issues (coordination of domestication)

More steps- framework Identify good candidates/work-arounds for the missing elements of the model, e.g. STS, provisioning Open up an account linking discussion

Current Comanage Materials

Positioning COmanage Comanage is not intended as an enterprise-class approach, though many enterprises and federations may well deploy large numbers of instances or a “refactored for industrial use” implementation Comanage is intended as a collaboration-class approach that works well and sustainably with enterprise, federated and interfederated infrastructure Collaboration-class means lightweight in scope of services commonly managed (just IdM), minimal application requirements, easy implementation options (for example as a collaboration support appliance offered in a cloud), lack of enterprise oriented features (such as a full ESB), etc. Works well and sustainably with enterprise, federated and interfederated infrastructure means that Comanage can easily and gracefully link Comanage and federated accounts, work with data feeds from enterprise services, be refactored to leverage different types of infrastructure, etc. A lightweight collaboration support approach that integrates with deeper infrastructure

Four Types of Folks Sysadmin – installs apps and comanage Collabmin – the primary collaboration flywheel; a “steveo” Power User – e.g. a PI who wants to be able to do some basic commands (e.g. add users to groups) themselves End-user/collaborator – goes directly to domesticated apps or maybe a VO dashboard

STS services {K, SAML} in, GridShib cert out Pubcookie in, SAML out Authn in, dedicated user/pwd out SAML token in, webcookie out

Binding the framework to app development environments: – At what level does stuff need to be specified – Which development environments.NET, php, Apache – Who will write the services

Framework -1 Several different but consistent perspectives, for different audiences – – CIO (block functionality flows) – Apps developer – (API’s, services, etc) – User (user workflows, for different types of users) – Others? Framework also has layers – Language and tech specs – Data and metadata specs (to follow later) – Others?

Block flow framework parts A local datastore STS (security token service, aka credential convertor) Provisioning/deprovisioning into local store service An account linking mechanism Group and privilege manager (represent as unified for now) SP stub Local IdP Invitation engine Plug and play service for apps that want it Attribute services (?) Policy engine System monitoring and diagnostics User dashboard that includes a user collaboration data feed service

Org IdP integrated domesticated authN/link attrs/authZ legacy provision confluence drupal sympa apache/IIS bedework SAKAI3 TeraGriduPortal webFiles Google Groups legacy OSG persona SP Local store local store user attrs user accounts groups & privs platform use provisioner policy engine monitoring diagnostics user invitation account linking service manager register provisioning user dashboard service status notifications access manager groups privilege s IdPSTSLDAPID services

Org IdP collabmi n SP Local store local store user attrs user accounts groups & privs platform use provisioner policy engine monitoring diagnostics user invitation account linking service manager register provisioning user dashboard service status notifications access manager groups privilege s IdPSTSLDAPID services confluence drupal sympa apache/IIS bedework SAKAI3 TeraGriduPortal webFiles Google Groups legacy OSG Collabmin adds a new CO to the platform Create group, assign Admin to power user 2.Allocate service resources 1 2

Org IdP power user SP Local store local store user attrs user accounts groups & privs platform use provisioner policy engine monitoring diagnostics user invitation account linking service manager register provisioning user dashboard service status notifications access manager groups privilege s IdPSTSLDAPID services confluence drupal sympa apache/IIS bedework SAKAI3 TeraGriduPortal webFiles Google Groups legacy OSG Power user invites a collaborator and gives them privileges 1.Invite user 2.Add user to CO group 3.User receives invitation token, presents it to invitation service to register with the platform end user

Org IdP end user SP Local store local store user attrs user accounts groups & privs platform use provisioner policy engine monitoring diagnostics user invitation account linking service manager register provisioning user dashboard service status notifications access manager groups privilege s IdPSTSLDAPID services confluence drupal sympa apache/IIS bedework SAKAI3 TeraGriduPortal webFiles Google Groups legacy OSG End user accesses a service 1.User goes to service 2.Redirected to platform IdP, then back to user’s home 3.Platform attributes, groups, and privs added

Org IdP end user SP Local store local store user attrs user accounts groups & privs platform use provisioner policy engine monitoring diagnostics user invitation account linking service manager register provisioning user dashboard service status notifications access manager groups privilege s IdPSTSLDAPID services confluence drupal sympa apache/IIS bedework SAKAI3 TeraGriduPortal webFiles Google Groups legacy OSG End user accesses a service 1.User goes to service 2.Redirected to platform IdP, then back to user’s home 3.Platform attributes, groups, and privs added

App developer framework Two types – Stand-alone app – Apps written in an application development environment, e.g..NET or Spring or… Make clear that app data stays in app, not in comanage Presents a set of services – which ones

App developer framework Services provided are: – Authn – Authz (Y/N/?) – Attributes for app needs – Provisioning (?) – Some kind of monitoring Services explicitly not provided are:

How do apps get info Push into legacy apps Domesticated apps ask for it Domesticated apps need to speak LDAP or SAML or generic STS

Flows

Refactoring COmanage Right word for the concept? – Unbundling, debinding, distributing What are likely refactorings? What connections need to be in place among refactored pieces

Parked issues Discussion of how to share the work of domesticating apps Cutover issues for existing VO's, and type of collabs to target for appliance, etc Domesticated Zimbra - a lot of us are interested in it and claim to have connections with the company How might the appliance and an RSS feed offer a "collaboration stream” Maintaining a base level appliance Setting a new time for the COmanage dev calls Assess the viability of the existing appliance code base

More parked issues VOMS comparison/integration Licensing issues Application check-in services Developing use cases Is the proper technical phrasing “claims- aware”, “STS aware”, externalized or something else