5th TF-EMC2 Meeeting. Zagreb How AA-RR Says “Hello, SAML” José Manuel Macías Diego R. Lopez.

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

1© Nokia Siemens Networks SAML Name Identifier Request-Response Protocol Contribution to OASIS Security Services TC Christian Günther, Thinh Nguyenphu.

Security Infrastructure and National Patient Summary Mats Hagner. Project Manager Carelink AB

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

NHIN Specifications Richard Kernan, NHIN Specification Lead (Contractor), Office of the National Coordinator for Health IT Karen Witting, Contractor to.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.

E-Quotes A Suite for Dynamic Integration of Stock Exchange Web Services Ajay Mansata Arpan Biswas Gaurav Sharma Sameer Yeolekar.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

December 18, 2007 TPTF How ERCOT Websites and Applications Handle MIS Public, MIS Secure and MIS Certified Information Kate Horne.

Designing System for Internet Commerce 6. Functional Architecture Jinwon Lee.

Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.

PostalOne! / FAST Data Exchange - Vision 02/15/05.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

SIMDAT Authentification and Autorisation Matteo Dell’Acqua ET-CTS meeting, Toulouse, May 2008.

THE STOCK MARKET GAME:. Your goal: Create a portfolio with diversified assets while keeping company profiles in order to make as much money as you can.

ESP-ESB Service Platform ESB-LINK.COM. Summary  General enterprise interface problems  Core function  Effective  Version info.

Network Security. Need for security  Connecting to the Internet is quickly becoming a necessity for companies/ individuals  Understand the security.

An XML based Security Assertion Markup Language

Slide 1 © 2004 Reactivity The Gap Between Reliability and Security Eric Gravengaard Reactivity.

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.

SAML in Authorization Policies draft-guenther-geopriv-saml-policy-00.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

Shibboleth: An Introduction

Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.

Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.

SPML Interoperability Demonstration Gavenraj Sodhi, Business Layers 14 April 2003 RSA Conference 2003.

Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.

Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 

Payment in Identity Federations David J. Lutz Universitaet Stuttgart.

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

Connect. Communicate. Collaborate The MetaData Service Distributing trust in AAI confederations Manuela Stanica, DFN.

PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.

Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.

MEDBIQUITOUS ANNUAL MEETING 5/11/2011 The Data Commons Theresa RoselliKirke Lawton NBMEAAMC

Diego R. Lopez, RedIRIS JRES2005, Marseille On eduGAIN and the Coming GÉANT Middleware Infrastructure.

Diego R. Lopez, RedIRIS TF-EMC2, Umea SIR, FedSSH and more to come…

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Shibboleth A Technical Overview

IETF 64 SIP WG Spam for Internet Telephony Prevention using Security Assertion Markup Language Draft-schwartz-sipping-spit-saml-00.txt.

E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.

EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.

EbXML Registry Technical Committee Defining and managing interoperable registries and repositories Kathryn Breininger (TC Chair)The.

1© Nokia Siemens Networks SAML Attribute Management Request-Response Protocol Contribution to OASIS Security Services TC Thinh Nguyenphu, Christian Günther.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

SAML Interoperability Lab RSA Conference Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML History SAML Interop Lab Q & A Demo.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks OpenSAML extension library and API to support.

AAI Interconnection with an European style Diego R. Lopez RedIRIS.

Connect. Communicate. Collaborate Applying eduGAIN to network operations The perfSONAR case Diego R. Lopez (RedIRIS) Maurizio Molina (DANTE)

The Functions of Operating Systems Network Operating Systems (NOS)

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

The FederID project The First Identity Management and Federation Free Software.

Applying eduGAIN to network operations The perfSONAR case

Proposed SACM Architecture

Géant-TrustBroker Dynamic inter-federation identity management

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

SIROPE OAuth and OAuth2 Living in SIR

OASIS Symposium Lightning Round

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

What’s changed in the Shibboleth 1.2 Origin

The DAMe’s First Steps: eduroam and NAS-SAML

User Profile Management

Claxi – taxi just a click away

Update on a few activities And many things to do

Presentation transcript:

5th TF-EMC2 Meeeting. Zagreb How AA-RR Says “Hello, SAML” José Manuel Macías Diego R. Lopez

5th TF-EMC2 Meeting. Zagreb Index The purpose of HelloSAML Architecture Made using AA-RR PHP+MySQL interface Four different AA-RR profiles How it works Registering an account Sending requests Setting up a responder Having a look into the logs Current HelloSAML figures Future plans

5th TF-EMC2 Meeting. Zagreb The Purpose of HelloSAML The origin is a request from Bob Brandt (3M) in the OASIS SAML-developers list “An open test site on the Internet to which I can test various SAML exchanges” Interoperability testing of AAI components and user applications using SAML as a mean of exchanging security assertions Able to send and respond queries for authentication, authorization or attribute exchange to established services for testing purposes Offering log storage of all the operations performed

5th TF-EMC2 Meeting. Zagreb HelloSAML Architecture + AARR Requester profiles Responder profile  Responder Requesters User requester User responder AARR logs Request templates

5th TF-EMC2 Meeting. Zagreb HelloSAML Profiles Responder Profile {...} {...}

5th TF-EMC2 Meeting. Zagreb HelloSAML Profiles Authentication Requester Profile <Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant=" T21:02:50.685Z" MajorVersion="1" MinorVersion="1" RequestID="cf57854ef20e7ae1f19497e7883c3960"> Hello SAML

5th TF-EMC2 Meeting. Zagreb HelloSAML Interface Creating an Account

5th TF-EMC2 Meeting. Zagreb HelloSAML Interface Responder Control

5th TF-EMC2 Meeting. Zagreb HelloSAML Interface Requester Configuration

5th TF-EMC2 Meeting. Zagreb HelloSAML Interface Accessing Logs

5th TF-EMC2 Meeting. Zagreb HelloSAML figures 40 registered users 9 users from educational orgs (Universities, NRENs,...) 8 public research organizations (not educational) 16 private companies 7 Other / no info provided

5th TF-EMC2 Meeting. Zagreb Future Plans Adding support for different versions of SAML Enhance the possibilities for configuring both the requests and the responder Improve log handling and enriching the information provided Creating special profiles to make HelloSAML work as an eduGAIN component validator Please fill-in the gaps with your wishes and ideas: ____________________________________