Presentation is loading. Please wait.

Presentation is loading. Please wait.

TNC2014 Service Delivery NREN style: Using OpenConext to build service delivery platforms Neil Witheridge AARnet Carl Vincent Jisc Netskills 20 May 2014TNC.

Published byMalcolm Willis Modified over 8 years ago

Similar presentations

Presentation on theme: "TNC2014 Service Delivery NREN style: Using OpenConext to build service delivery platforms Neil Witheridge AARnet Carl Vincent Jisc Netskills 20 May 2014TNC."— Presentation transcript:

1 TNC2014 Service Delivery NREN style: Using OpenConext to build service delivery platforms Neil Witheridge AARnet Carl Vincent Jisc Netskills 20 May 2014TNC 21041

2 www.netskills.ac.uk Using OpenConext to build service delivery platforms The JiscConext prototype Carl Vincent, Jisc Netskills

3 Using OpenConext to build service delivery platforms © Netskills 2014 OpenConext OpenConext provides the building blocks to set up a collaboration infrastructure in which: federated authentication is used to gain access to services and applications that are to be linked; identity providers and service providers can exchange standardised attributes; group information can be exchanged; self-service components can be applied. www.openconext.org

4 Using OpenConext to build service delivery platforms © Netskills 2014 Background: The JiscMail service UK National Academic mailing list service Email lists and archives plus simple file sharing associated with lists Group based collaboration and discussion across UK Education Announcements, Private Discussions, Open Forums 1.3 million subscribers, 9500 lists, 46,000 messages per month. Still growing

5 Using OpenConext to build service delivery platforms © Netskills 2014 Background: The JiscMail service Running on the LISTSERV email list management platform Hosted for Jisc by L-Soft under contract Helpdesk, service support and management by Jisc Netskills in Newcastle Small scale investigatory prototype project "It's just email" – can we offer more while taking advantage of our well established context of groups?

6 Using OpenConext to build service delivery platforms © Netskills 2014 Vision: Jisc Conext Extend the service with modern tools such as: –Collaborative documents –Storage –Web content / Wiki / Blog –Calendaring –Research tools Continue 3 rd party tools and hosting model Modular, extensible Focus on existing group-based context

7 Using OpenConext to build service delivery platforms © Netskills 2014 Approach and Architecture

8 Using OpenConext to build service delivery platforms © Netskills 2014 Approach: Using OpenConext Services Group Membership UK Federatio n SAML proxy VOOT API Portal OAUTH2 API Widgets OpenConext

9 Using OpenConext to build service delivery platforms © Netskills 2014 Experience: OpenConext in the UK Federation Differences between the Dutch and UK federation models –Not all UK IdPs were SAML 2 –Support added for different encryption options –Tested OK with some UK IdPs Need support for users without IdP: JiscMail has many such users –Set up our own IdP and management interface UK Federation SAML proxy Standalone IdP

10 Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Group Membership Grouper or VOOT interface available User management tool for IdP also manages groups via Grouper Group management tool also prepares for provisioning of services Worked well from OpenConext Limited support from services for group context

11 Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Group Data Membership is not everything! Which services does a group use? Prototyped a web service "Regroup" to provide a data store to hold this data

12 Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Email Lists Set up a shadow email list service using Sympa –Easier to work with code available –Experimental VOOT interface available SAML and VOOT successful for web interface Unsuitable protocols for asynchronous access –No session when the email is sent! Use LDAP as intermediary to Grouper Sympa Email Service SAML Proxy and VOOT API Sympa Web Interface

13 Using OpenConext to build service delivery platforms © Netskills 2014 Experience: WordPress blogs Multisite WordPress server Provision one blog per group –Group members have Editor role on blog Plugins for WordPress –SAML authentication –"Overseer" provisions and synchronises users and blogs with OpenConext and Regroup Overseer plugin SAML Proxy SAML plugin Wordpre ss Regroup Grouper

14 Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Etherpad Web-based real-time text editor Run as a web service protected by SAML Modified to pull group information from OpenConext Successful collaborative editor with multiple documents per group

15 Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Portal Originally seen as providing the main "Group home page" –Widgets set on a per-group basis by group administrator Based on Apache Rave as used in early OpenConext releases Required heavy modification to introduce group context Allowed users to switch contexts between groups Limited customisation

16 Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Portal Widgets WordPress blog –Shows latest posts and links through to site Etherpad –Shows documents owned by group with links through to edit or create new JiscMail –Shows latest archive messages on the production service in list associated with group Twitter –Shows tweets with hashtag associated with group

17 Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Portal

18 Using OpenConext to build service delivery platforms © Netskills 2014 Experience: Summary SAML and federation interoperability Complexities of deployment and updating Additional group data Availability of applications and services supporting external group context Scalability of hosting all services Complexity of running a custom portal Current tools are web-focussed

19 Using OpenConext to build service delivery platforms © Netskills 2014 Learning: User Feedback Test prototype with four existing JiscMail groups for several weeks –Plus some interested individuals from SURF and AARNet Users liked the switching of group contexts cascading through widgets "Locked-down" portal experience confusing Users asked for particular brand apps – but happy once using those provided Group owners found the process of accessing the system complex

20 Using OpenConext to build service delivery platforms © Netskills 2014 References Project web site: http://conext.jiscconext.org.uk Project GitHub: http://github.com/conext

21 About AARNet Is the “eduroam AU” NRO – provides customers with access to global & national eduroam OA&M services Is Not the AU SAML Federation Operator – that’s the Australian Access Federation (AAF) Is delivering “cloud services” – Aims to collaborate in global services delivery Has diverse AAI customers – SAML IdP and AAF participants – SAML IdP but not in AAF – without SAML IdP 20 May 2014TNC 210421

22 22 OpenConext Deployment Scenarios

23 OpenConext Value for AARNet SAML Proxy functionality Broad Customer Access – Conext SP in AAF Enables access via AAF IdPs – Connection of SAML IdPs not in AAF Where no business case to join the AAF – AARNet Virtual Home Organisation For those institutions without a SAML IdP OpenConext “SSO Gateway” – Flexible Service Delivery Platform E.g. PHP-based attribute manipulation on SP and IdP sides – Enables Instrumentation (Usage Metrics, Monitoring) Facilitates support & troubleshooting Access to eduGAIN-enabled Services 23

24 OpenConext value for AARNet Group Proxy – eduroam OA&M Services require group based access (with delegated administration) OpenConext “Teams” for group creation – Integration with external group providers (e.g. AAF group management service) Future benefits? – Access to 3 rd Party Conext’d Services – OpenSocial Gadget deployment (e.g. JISCConext) Lightweight utility services 20 May 2014TNC 210424 Cont’d

25 eduroam Ancillary Services Deployment Automation (DjNRO)DjNRO Operability Testing and Auditing Monitoring (monitor.eduroam.org) Metrics – Aggregate (F-Ticks) – Detailed institutional usage metrics Support – eduroam Configuration Assistant Tool (CAT)CAT Access via eduGAIN – Triggered authentications and log visibility 20 May 2014TNC 210425

26 eduroam OA&M Services 20 May 2014TNC 210426 DjNRO monitor.eduroam.org eduroam CAT F-Ticks

27 New eduroam Services Operability Testing & Auditing, Detailed Institutional Metrics, Institutional Support Tools Requirement for group-based access 20 May 2014TNC 210427 Detailed Institutional Metrics Institutional Support Tools

28 Context’d eduroam Services 20 May 2014TNC 210428

29 Cloud & Global Services Cloud Services – box.net box.net – Zoom Global Services – Global NREN CEO Forum Initiatives Network Architecture eduGAIN for Global Federated Access (GFIM) – GFIDMS (Global Federation Infrastructure Delivery, Management and Services) Real Time Communications – SIP-based communications Global Services Delivery 20 May 2014TNC 210429

30 Cloud Service: Box 20 May 2014TNC 210430

31 OpenConext Deployment Note, using Version 62 from OpenConext VM Configuration & Upgrade – Certificate Management & Roll-over Integration with AAF – Attribute requirements & primary identifier – Importing metadata not comprehensive General – Localisation, GUI Customisation SP Development & Group-based authZ – Java, PHP, Python libraries 20 May 2014TNC 210431

Download ppt "TNC2014 Service Delivery NREN style: Using OpenConext to build service delivery platforms Neil Witheridge AARnet Carl Vincent Jisc Netskills 20 May 2014TNC."

Similar presentations

UTILIZING WITH ITA. offers an entire suite of benefits for you and your students. You can also set up s for the purpose.

UTILIZING WITH ITA. offers an entire suite of benefits for you and your students. You can also set up s for the purpose.
Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
AARNet Copyright 2013 Network Operations OpenConext Workshop Down-Under Enabling Federated Team Management, Group-Aware SPs, and SP Shop-Fronts Neil Witheridge,

AARNet Copyright 2013 Network Operations OpenConext Workshop Down-Under Enabling Federated Team Management, Group-Aware SPs, and SP Shop-Fronts Neil Witheridge,
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
SaaS, PaaS & TaaS By: Raza Usmani

SaaS, PaaS & TaaS By: Raza Usmani
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Midwest Documentum User Group Harley-Davidson Documentum WCM 10/10/2006.

Midwest Documentum User Group Harley-Davidson Documentum WCM 10/10/2006.
#acquia Commons The Open Alternative for Social Business Software Name Title Acquia Month XXth, 2011.

#acquia Commons The Open Alternative for Social Business Software Name Title Acquia Month XXth, 2011.
Campus Management Portal and Online Higher Education Cardean Learning Group.

Campus Management Portal and Online Higher Education Cardean Learning Group.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
Trimble Connected Community

Trimble Connected Community

Similar presentations

Ads by Google