Presentation is loading. Please wait.

Presentation is loading. Please wait.

www.renam.md RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Implementation of national IdP Management Systems for Access.

Published byEdmund Gibson Modified over 8 years ago

Similar presentations

Presentation on theme: "www.renam.md RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Implementation of national IdP Management Systems for Access."— Presentation transcript:

1

2 www.renam.md RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Implementation of national IdP Management Systems for Access to Resources of European R&E E- Infrastructures Petru Bogatencov RENAM Association bogatencov@renam.md Valentin Pocotilenco Technical University of Moldova, RENAM Association ca@renam.md RoEduNet 11th International Conference: Networking in Education and Research

3 2 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 eInfrastructures – new way of doing SCIENCE The new research environment in which all researchers - whether working in the context of their home institutions or in national or multinational scientific initiatives - have shared access to unique or distributed scientific facilities (including data, instruments, computing and communications), regardless of their type and location in the world. e-infrastructure provides remote access to scientific data and instruments located in top level laboratories around the world, and enables worldwide collaboration among researchers who work on similar challenges and are willing to share resources. e-infrastructure offers unique research services to users from different countries, including from the peripheral and outermost regions, and attract young people to science through networking of facilities. Thus, e-infrastructure has a key role in structuring the scientific community and in the construction of an efficient research and innovation environment.

4 3 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 The e-Infrastructure layers consist of: Communication Networks (the European Research & Education Network GÉANT, National Research & Education Networks - NRENs), Distributed Computing (GRID, High Performance Computing, Cloud computing, etc.), Middleware (the intermediate software between any local IT resource management system and the applications), Specialized applications and software systems, Scientific data (data management systems, data repositories, eLibraries, etc.). e-Infrastructure layers

5 4 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 e-Infrastructure activities The e-Infrastructure activity at European level will: Extend and reinforce the high capacity communication infrastructure - GÉANT and NRENs Strengthen multidisciplinary grid and supercomputing infrastructures Expand scientific data infrastructure Encourage the adoption of e-Infrastructure by an increasing number of user communities Support the construction of new computation and data treatment facilities (petaflop supercomputing, scientific clouds, …) Exploit the power of e-Infrastructure as a vector of international cooperation.

6 5 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Importance of NREN on National Level Main activities of NREN (taking in account RENAM as an example) consist of:  constant development of communication and informational infrastructure and modern high-capacity communication media;  creation of appropriate conditions for permanent networking infrastructure development for research and education by means of collaborated efforts of scientific and educational institutions;  providing access to the national and foreign scientific databases and organizing access to scientific publications and educational informational content;  permanent participation in extension of resources of the national e- Infrastructure;  coordination and support of National Grid Initiative and Grid infrastructure development;  providing access to the national, regional and European HPC resources.  National R&E network now is capable to interconnect all research, educational, medical and cultural institutions and to provide them with Internet access, e-learning, e-science, Grid, high performance computing and other services

7 6 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Organizational structure of access to eInfrastructure resources  Virtual research communities (VRCs): VRCs are groups of like-minded individuals organised by discipline or computational model. VRCs typically have an established presence in their field and represent a well-defined scientific or research community. VRCs are self-organised research communities which give individuals within their community a clear mandate to represent the interests of their research field within the computing ecosystems. They can include one or more virtual organisations and act as the main communication channel between the researchers they represent computing resources providers (EGI, PRICE, etc.).  Virtual organisations (VOs) Virtual organisations (VOs) are groups of researchers with similar scientific interests and requirements, who are able to work collaboratively with other members and/or share resources (e.g. data, software, expertise, CPU, storage space), regardless of geographical location. Researchers must join a VO in order to use European grid computing resources. Each virtual organisation manages its own membership list, according to the VO’s requirements and goals.

8 7 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Classical mode of services access Username password Acces internet Username password Acces resurse calcul Username password Acces e-biblioteca Username password Acces sisteme Username&password 1.Internet 2.Computational resources (HPC, grid) 3.E-Library 4. Research installations (senzor, telescop, etc) 5.Other IT services within institute

9 8 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 IDENTITY MANAGEMENT  Identity management (IdM) refers to the policies, processes, and technologies that establish user identities and enforce rules about access to digital resources.  Identity and access management ensures that the right people can access the right services.  Many information systems and eInfrastructure components - such as e-mail, learning management systems, library databases, grid computing and HPC applications require users to authenticate themselves (typically with a username and password, digital certificate or using both authentication mechanisms).  The optimal solution is to use the same identity information service for all systems and applications.

10 9 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Identity and Access Management Model

11 10 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Instituție 1 Biblioteca electronică Instituție 2 Sisteme calcul distribuit Instituție 3 Acces oficii editoriale Instituție 4 LMS Instituție 5 Sisteme inteligente Instituție N Altele Centralization of identify management

12 11 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 FEDERATED IDENTITY MANAGEMENT  With a common eInfrastructure IdM system a user employing a single digital identity to access all resources to which the user is entitled. Federated identity management permits extending this approach above the single institution/eInfrastructure component level, creating a trusted authority for digital identities across multiple organizations or infrastructures.  In a federated system, participating institutions share identity attributes based on agreed-upon standards, facilitating authentication from other members of the federation and granting appropriate access to online resources.  When a user affiliated with a member of a federation requests a protected resource from another member organization, the user is prompted for identifying information including his “home” organization. This request is passed to the home organization, which verifies the user’s credentials and asserts to the requesting organization that the user has been authenticated.  Federation members determine individually which attributes about users will be shared, such as name, title, or role. Based on this information and their respective policies, member organizations then grant or deny access to particular resources.  Users need only one set of authentication credentials to access resources from other federation members. As a result, federated identity management separates access from the establishment of identity and authorization.

13 12 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Federaie Step 2Step 3 Sistem de management al identității Sistem de management al identității Sistem de management al identității Sistem de management al identității Sistem de management al identității Sistem de management al identității Instituție 1Instituție 2Instituție 3 Instituție 4Instituție 5 Instituție N Step 1 Management centralizat al identității Prestator de serviciu Access to services using federative identity

14 13 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 GEANT Services Portfolio GEANT Connectivity Services: GÉANT IP GÉANT Plus GÉANT Lambda GÉANT Open Bandwidth on Demand Tools for Connectivity Services Network Performance Services: perfSONAR MDM eduPERT GÉANT Security - CERT Portal GÉANT Framework Namespace Registry

15 14 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 GEANT Services – users’ oriented User Access & Applications: eduroam eduGAIN eduPKI eduCONF GIdP Services Registration Authority: SSL Certificates Request a Certificate Training

16 15 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Scientific Computing – important eIfrastructure component  Computing facilities based on Parallel Architectures and used for running complex applications:  HPC - Clusters’ systems;  HPC - Supercomputers;  Distributed computing – Grids;  Scientific Clouds…  Parallel Algorithms Design and Programming  Complex Computing Applications Development  Scientific Computing architecture is a bridge for building modern virtualized computing systems – scientific clouds

17 16 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 European Scientific Computing Eco-System

18 17 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Access to service area in GEANT  To apply User Access and Applications services to end users, network infrastructure should appear to be one seamless resource in which the many interconnected networks are invisible, but where access to confidential user-projected data remains controlled.  In order to make this possible, GÉANT is building a set of interoperable systems that allow roaming access by verifying users’ identities and rights, and granting access to resources as appropriate. The Identity Provider (IdP) systems are implemented at campus level, for use by the institution’s students and researchers. Were identity is verified using login and password combination issued by institution or, in most cases: PKI, developed and managed by NREN.  Current eInfrastructures and GEANT network as integrator of many eInfrastructure services face a number of challenges that threaten their ability to attract and retain users, make efficient use of resources, compete with commercial computing services and adopt sustainable governance models and funding structures.  The whole set of these issues can be generalize into two challenges, that of user satisfaction (including reliability, quality of service guarantees, usability and user retention) and that of sustainability (including understanding impact and costs, integration and standards, extension to new communities and governance models).

19 18 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Federative access to service area in GEANT

20 19 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 GEANT EDUGAIN - FIdM  The eduGAIN service is intended to enable the trustworthy exchange of information related to identity, authentication and authorisation between the GÉANT Partners' federations.  Federation must ensure that containing only entities that agreed to join eduGAIN and which are in conformance with the eduGAIN Policy Framework.  In order to apply federation to eduGAIN infrastructure, must be performed a few basic steps: First of all, for both types of members of federation (IdP, SP), the letter of intent is written, which must be signed by a legitimate representative of organization and must express the will to enable inter-federation. For IdP must be received user consent. Local IdP must adapt its configuration to meet eduGAIN reqiremens Next is to adapt entries into Resource Registry, where inter- federated flows of metadata appears Last step is inter-federation pass test.

21 20 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 EduGAIN structure

22 21 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 EduGAIN metadata flow Where: 1 - Federations publish upstream inter-federation metadata subsets; 2 - MDS aggregates all upstream metadata and republishes it; 3 - Federations process and republish eduGAIN metadata. Their inter-federation end entities consume it.

23 22 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Implementation of IdP Management System at National Level  In order to provide access to GEANT resources at national level it is important to develop an IdM center operated by NREN, using NREN infrastructure and services.  The goal is to establish a federation at national level, which will provide IdM services and will act as a gate to GEANT resources and services. At the national level, identity federation can act as unified national high-quality data R&E HR registry, where each participant will have personal right and attributes which will grant a specified level of access to national and international resources and services.  Main action in the process of federation developing is the writing process of internal policy, at national level. This policy must comply with national laws, have to offer the highest degree of interoperability and must comply with minimum inter-federation requirements, set by GEANT

24 23 RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 RENAM Association, Chisinau, Moldova www.renam.md Thank you! Questions ? Services of GEANT: www.geant.net

Download ppt "www.renam.md RoEduNet 11th International Conference, Sinaia, Romania, January 17-19 2013 Implementation of national IdP Management Systems for Access."

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
1 Cyberinfrastructure Framework for 21st Century Science & Engineering (CF21) IRNC Kick-Off Workshop July 13, 2010 1.

1 Cyberinfrastructure Framework for 21st Century Science & Engineering (CF21) IRNC Kick-Off Workshop July 13,
AN INTRODUCTION TO SURF WHAT COLLABORATION CAN DO FOR HIGHER EDUCATION AND RESEARCH Walter van Dijk Member Management Team SURFnet.

AN INTRODUCTION TO SURF WHAT COLLABORATION CAN DO FOR HIGHER EDUCATION AND RESEARCH Walter van Dijk Member Management Team SURFnet.
FP6−2004−Infrastructures−6-SSA-026024 [ Empowering e Science across the Mediterranean ] Grids and their role towards development F. Ruggieri – INFN (EUMEDGRID.

FP6−2004−Infrastructures−6-SSA [ Empowering e Science across the Mediterranean ] Grids and their role towards development F. Ruggieri – INFN (EUMEDGRID.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Computing in Atmospheric Sciences Workshop: 2003 Challenges of Cyberinfrastructure Alan Blatecky Executive Director San Diego Supercomputer Center.

Computing in Atmospheric Sciences Workshop: 2003 Challenges of Cyberinfrastructure Alan Blatecky Executive Director San Diego Supercomputer Center.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
Www.egi.eu EGI-Engage www.egi.eu EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.

EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.
1 European policies for e- Infrastructures Belarus-Poland NREN cross-border link inauguration event Minsk, 9 November 2010 Jean-Luc Dorel European Commission.

1 European policies for e- Infrastructures Belarus-Poland NREN cross-border link inauguration event Minsk, 9 November 2010 Jean-Luc Dorel European Commission.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!

1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
From GEANT to Grid empowered Research Infrastructures ANTONELLA KARLSON DG INFSO Research Infrastructures Grids Information Day 25 March 2003 From GEANT.

From GEANT to Grid empowered Research Infrastructures ANTONELLA KARLSON DG INFSO Research Infrastructures Grids Information Day 25 March 2003 From GEANT.
Www.jrc.ec.europa.eu Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.

1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.

Similar presentations

Ads by Google