Presentation is loading. Please wait.

Presentation is loading. Please wait.

EFDA-Fed: European federation among fusion energy research laboratories EURATOM/CIEMAT JET CEA R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A.

Published byEthelbert Berry Modified over 8 years ago

Similar presentations

Presentation on theme: "EFDA-Fed: European federation among fusion energy research laboratories EURATOM/CIEMAT JET CEA R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A."— Presentation transcript:

1 EFDA-Fed: European federation among fusion energy research laboratories EURATOM/CIEMAT JET CEA R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A. Duarte, H. Fernandes, J. Kadlecsik, P. Lebourg, A. Neto, F. Oliveira, K. Purahoo, F. Reis, C. Rodriguez, J. Signoret, J. M. Theis, K Thomsen EFDA-Fed

2 Index  Motivation  Federation  PAPI as AAI  New technical solutions Federation logout Integration with JAVA applications  Demo

3 Motivation

4

5  Security framework for services access control  Necessity in organizations of sharing resources Transparency Simple management  Requirements Single Sign On Secure Access Users Mobility Simple Management and Scalability Transparency Common tools compatibility

6 Federation

7 EFDA Federation  Authentication and authorisation infrastructure PAPI  Trust Public Key  Coordination and repository centre http://efdafed.fusion.ciemat.es

8 How does it work? Web browser Authentication Server Federated Serice User Repository Federation GPoA Federated Organization Federated Serice Federation WAYF ? ?

9 PAPI as AAI: Identity management GPoA 1 Point of Access GPoA 2 Authentication Server Send ID ID propagation Point of Access Point of Access Point of Access ID propagation

10 PAPI as AAI: GPoA  One credential -> Many resources GPoA 1 Point of Access Point of Access Point of Access Point of Access GPoA 2 HTTP Client 1 2

11 PAPI as AAI: Infrastructure architecture Organisation AOrganisation BOrganisation C GPoA PoA GPoA PoA GPoAAS Federation GPoA

12 PAPI as AAI: Application level front-end  Easy services integration One XML configuration point PoA GPoA HTTP Server HTTP Service HTTP Server

13 Technical solutions

14 Logout Mechanism  Problem: Service sessions based on encrypted cookies (created first time the user is authorised) Logout => to disable all session cookies  Solution: Only AS registered GPoAs, have not “timeout” cookies Two “timeout” levels:  Lcook: Very short fixed timeout  Hcook: If close time renewed -> to renew hcook Else -> to climb to GPoA

15 Logout Mechanism Web browser Authentication Server Federated Serice User Repository Federation GPoA Federated Organization Federated Serice Federation WAYF ? ? Logout

16 Integration with JAVA applications  Adapted CookieModule class of libraries RT-HTTPClient  [http://www.innovation.ch/java/HTTPClient/] jakarta commons-httpclient  HTTP lib of jakarta projects XML-RPC integration  [http://jakarta.apache.org/commons/httpclient/]  New standard CookieHandler for java > 1.5

17 Integration with JAVA applications JAVA Bercley DB CookiesDB RT-HTTPClient CookieModule Jakarta common-httpclient Java 1.5 or above CookieModuleCookieHandler

18 JAVA PAPI Runner  Compatible with JWS  Transparent for JAVA application  NOT recompilation required PAPI Runner JAVA App Cookies DB HTTP Resource PoA GPoA CookieHandler

19 Demo http://efdafed.fusion.ciemat.es

20 Thank you for your attention R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A. Duarte, H. Fernandes, J. Kadlecsik, P. Lebourg, A. Neto, F. Oliveira, K. Purahoo, F. Reis, C. Rodriguez, J. Signoret, J. M. Theis, K Thomsen EFDA-Fed

Download ppt "EFDA-Fed: European federation among fusion energy research laboratories EURATOM/CIEMAT JET CEA R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A."

Similar presentations

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Testing Web Applications & Services Testing Web Applications & Web Services.

Testing Web Applications & Services Testing Web Applications & Web Services.
CLARIN AAI, Web Services Security Requirements

CLARIN AAI, Web Services Security Requirements
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Architecture & Integration: CP v3.1. 3.x Platforms: Windows NT sp5(6a)/Solaris 2.8 iWS Client(s) Netscape/IE 4.0+ Java Servlet Engine (Java Servlet API)

Architecture & Integration: CP v x Platforms: Windows NT sp5(6a)/Solaris 2.8 iWS Client(s) Netscape/IE 4.0+ Java Servlet Engine (Java Servlet API)
EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,

EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,
PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)

PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
The EC PERMIS Project David Chadwick

The EC PERMIS Project David Chadwick
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
System Architecture.  Windows Phone 7  Mobile Phone Application  User – End Perspective  Google App Engine  Administration Console  Handles authentication,

System Architecture.  Windows Phone 7  Mobile Phone Application  User – End Perspective  Google App Engine  Administration Console  Handles authentication,
Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.

Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Similar presentations

Ads by Google