Shibboleth, SRB, PGL & Plone Russell Sim. MyProxy client uses portal with Web SSO protected with an SP transformation of attributes to certs by MyProxy.

Slides:



Advertisements
Similar presentations
MyProxy Jim Basney Senior Research Scientist NCSA
Advertisements

Federated Identity for Grid Architects Tom Scavo NCSA
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.
SearchSearch User Profiles SearchSearchExcelExcelUserProfilesUserProfiles Managed Metadata.
MyProxy: A Multi-Purpose Grid Authentication Service
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
Globus Computing Infrustructure Software Globus Toolkit 11-2.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
Federated A(A(A))I Jens Jensen hepsysman, RAL,
Tools for e-Research Mat Wyatt. 2 e-Research Sensor nets data compute… Models/ software/ workflows colleagues instruments.
SWITCHaai Team Introduction to Shibboleth.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
Shibboleth and Grids Oxford Internet Institute, Oxford e-Science Centre and e-Horizons Institute Mark Norman 10 May 2006.
1.The portal sends, under the user approval, user’s attribute retrieved from IDP to CA bridge 2.CA bridge module requests to a CA-online a certificate.
ANSTO E-Science workshop Romain Quilici University of Sydney CIMA CIMA Instrument Remote Control Instrument Remote Control Integration with GridSphere.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
GEON meeting - May 22, 2006 GAMA 2.0 Features and Status Kurt Mueller SDSC.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Jens G Jensen CCLRC e-Science Single Sign-on at RAL (and DLS too) Authentication and Integrated Identity Management hepsysman Cambridge, 23 Oct 2006.
ASPiS Security Jens Jensen Science and Technology Facilities Council AHM, 8-11 Sep 2008 Edinburgh.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Shibboleth for Local Attribute Delivery 21 June 2007.
1 Grid Portal for VN-Grid Cu Nguyen Phuong Ha. 2 Outline Some words about portals in principle Overview of OGCE GridPortlets.
NGS Portal.
Holding slide prior to starting show. A Portlet Interface for Computational Electromagnetics on the Grid Maria Lin and David Walker Cardiff University.
All Hands Meeting 2005 BIRN Portal Architecture: Security Jana Nguyen
GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.
OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland
VO. VOMS 1. Authentication2. Credentials 3. Authentication Client Resource.
The MyProxy Online Credential Repository Jim Basney NCSA
Gridshib-tech-overview-dec051 GridShib A Technical Overview Tom Scavo NCSA.
Shibboleth 2.0 Update Ken Klingenstein. 2 Topics Shib v1.3 Status SAML new features Shibboleth 2.0 Features Shibboleth 2.x Features We Need Feedback.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2.
Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.
Grid Security and Identity Management Mine Altunay Security Officer, Open Science Grid, Fermilab.
June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.
Gridshib-tech-overview-apr061 GridShib A Technical Overview Tom Scavo NCSA.
1 Egrid portal Stefano Cozzini and Angelo Leto. 2 Egrid portal Based on P-GRADE Portal 2.3 –LCG-2 middleware support: broker, CEs, SEs, BDII –MyProxy.
126/02/2016 META ACCESS MANAGEMENT SYSTEM A Ship on the Grid – Interoperability between Shibboleth and the Grid – Dr. Erik Vullings Programme Manager Macquarie.
Holding slide prior to starting show. Lessons Learned from the GECEM Portal David Walker Cardiff University
Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Web and mobile access to digital repositories Mario Torrisi National Institute of Nuclear Physics – Division of
Using Your Own Authentication System with ArcGIS Online
2NCSA/University of Illinois
Authentication, Authorisation and Security
Federation made simple
Grid accounting system
A Grid Authorization Model for Science Gateways
敦群數位科技有限公司(vanGene Digital Inc.) 游家德(Jade Yu.)
TeraGrid Identity Federation Testbed Update I2MM April 25, 2007
Grid Computing Software Interface
Presentation transcript:

Shibboleth, SRB, PGL & Plone Russell Sim

MyProxy client uses portal with Web SSO protected with an SP transformation of attributes to certs by MyProxy certs stored in portal to access grid services part of ShibGrid (gridshib requires all SPs to be Shibboleth aware)

Using MyProxy 1. Store credentials in MyProxy w/ anonymous access 2. Log in with MyProxy credentials 3. Extract credentials from MyProxy 4. Connect to SRB w/ credentials 5. Locate users based on DN SRBMyProxy Gridsphere/P GL

GSI & Shibgrid in SRB Authenticate with:  SRB Username+domain+password; or  GSI certificate  MyProxy Username+password This only provides authentication, not encryption Using Shibb for auth. would be hard because SRB isn't a web-app  Use GSI_AUTH, and Shibb-MyProxy (Shibgrid) Shibgrid is a modified MyProxy  using dynamic creation of certificates.  encoding of shibboleth attributes in certificate. By encoding SAML groups into Shibb-MyProxy certs. SRB could update groups on login  Possible security concerns with revoking groups in SRB  Administrator defines which groups are acknowledged.

Personal Grid Library PGL is a set of Gridsphere Portlets for SRB  Reusable within other projects Provides:  Object and collection manipulation  User metadata templates  Annotations  Searching including recursive and wildcard  Previews  Simple library view

GSI in PGL Upload a proxy certificate (Messy) Use MyProxy directly (Implemented) Use GridPortlets credential store  MyProxy Gridsphere authentication available (TODO) Shibboleth-MyProxy from MAMS? (TODO)

Logins

PGL Browser

Plone Plone is a Content Management System Very Flexible Shibboleth support  Development is done but refinement/testing is needed. SRB

Plone SRB Provide a view into SRB, exposing it in a different way to PGL  Tree-based view  Full metadata (getting as many attributes form the appropriate tables)  Provide some initial editing for metadata.  Python bindings need extending  Guest account access (December)  Authorisation controlled by plone  User account access including MyProxy (mid January)  Authorisation controlled by SRB  User metadata templates

Questions?

ShibGrid myProxy WAYF IdP Portal 7 6 Grid User

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.